Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I might have a virus infection -svchost.com-


  • This topic is locked This topic is locked
20 replies to this topic

#1 flostudio

flostudio

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 05:11 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Foto (administrator) on FOTO-PC (23-03-2018 11:56:48)
Running from C:\Users\Foto\Desktop
Loaded Profiles: Foto (Available Profiles: Foto)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ACUW10EN] => "G:\#ACDSEE\ACDSee Ultimate\10.0\acdIDInTouch2.exe"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [549712 2018-03-22] ()
HKLM\...\Run: [ACPW10EN] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe [2157000 2017-04-21] (ACD Systems)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [357352 2018-03-22] ()
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [674688 2018-03-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [416064 2018-03-23] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3733824 2018-03-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] => C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe [251392 2018-03-23] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [558568 2018-03-23] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1156256 2018-03-23] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [132992 2018-03-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711704 2018-03-23] ()
HKU\S-1-5-21-197386999-2515335400-4224867627-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-197386999-2515335400-4224867627-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-197386999-2515335400-4224867627-1000\...\Run: [ACDSeeCommanderPro10] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3415496 2017-04-25] ()
HKU\S-1-5-21-197386999-2515335400-4224867627-1000\...\Run: [World of Tanks (1)] => D:\WoT\WargamingGameUpdater.exe [3181344 2018-03-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk [2017-05-30]
ShortcutTarget: i1Profiler Tray.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk [2017-05-30]
ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe ()
Startup: C:\Users\Foto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-02-14]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Foto\AppData\Local\Facebook\Games\FacebookGameroom.exe ()
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A6B8C54B-049B-44FB-B85D-76CC0B55491E}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-197386999-2515335400-4224867627-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-05-30] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-24] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-10-23] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]
CHR Extension: (Slides) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-17]
CHR Extension: (YouTube) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-18]
CHR Extension: (Sheets) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Foto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2017-05-17] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2017-05-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2017-05-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [381824 2017-05-17] (ASUSTeK Computer Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [184616 2018-03-22] () [File not signed]
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [184616 2018-03-22] () [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-22] () [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-22] () [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [202240 2018-03-23] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [319296 2018-03-23] () [File not signed]
S2 NAUpdate; C:\Program Files (x86)\Nero\Update\NASvc.exe [810904 2018-03-23] () [File not signed]
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [190824 2018-03-22] () [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2017-10-01] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1686304 2018-03-22] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [558568 2018-03-23] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [406848 2018-03-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-05-11] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-08-11] (X-Rite Inc.)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-05-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-05-18] (Disc Soft Ltd)
R3 GMLXDFltr; C:\Windows\System32\drivers\GMLXDFltr.sys [19488 2016-06-01] (LXD Development, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2018-01-07] (hxxp://libusb-win32.sourceforge.net)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 RTLU3E8023-W7-64; C:\Windows\System32\DRIVERS\rtu30x64w7.sys [83160 2013-10-12] (Realtek )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [27440 2018-01-06] () [File not signed]
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2015-08-26] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2015-08-26] (Nicomsoft Ltd.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-23 11:51 - 2018-03-23 11:56 - 000019842 _____ C:\Users\Foto\Desktop\FRST.txt
2018-03-23 11:51 - 2018-03-23 11:56 - 000000000 ____D C:\FRST
2018-03-23 11:48 - 2018-03-23 11:50 - 002403328 _____ (Farbar) C:\Users\Foto\Desktop\FRST64.exe
2018-03-23 11:11 - 2018-03-23 11:11 - 000000000 ____D C:\Program Files (x86)\ESET
2018-03-23 11:09 - 2018-03-23 11:29 - 002912456 _____ C:\Users\Foto\Desktop\esetsmartinstaller_enu.exe
2018-03-23 10:49 - 2018-03-23 10:49 - 000000442 __RSH C:\ProgramData\ntuser.pol
2018-03-23 10:49 - 2018-03-23 10:49 - 000000000 ____D C:\Windows\ABR
2018-03-23 10:35 - 2018-03-23 10:35 - 000000000 ____D C:\Users\Foto\Desktop\hijackthis-devel
2018-03-23 10:34 - 2018-03-23 11:54 - 000000055 _____ C:\Windows\directx.sys
2018-03-23 10:34 - 2018-03-23 10:34 - 000041472 _____ C:\Windows\svchost.com
2018-03-23 10:32 - 2018-03-23 10:32 - 000028601 _____ C:\ComboFix.txt
2018-03-23 10:22 - 2018-03-23 10:22 - 000000516 _____ C:\Users\Foto\Desktop\ComboFix - Shortcut.lnk
2018-03-23 10:19 - 2018-03-23 10:28 - 016534759 _____ C:\Users\Foto\Desktop\hijackthis-devel.zip
2018-03-23 10:04 - 2018-03-23 10:32 - 000000000 ____D C:\Qoobox
2018-03-23 10:04 - 2018-03-23 10:07 - 000000000 ____D C:\Windows\erdnt
2018-03-23 10:04 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2018-03-23 10:04 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2018-03-23 10:04 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-03-23 10:04 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-03-23 10:04 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-03-23 10:04 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2018-03-23 10:04 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2018-03-23 10:04 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2018-03-22 21:38 - 2018-03-23 08:43 - 000000000 ____D C:\Windows\system32\GPUCache
2018-03-22 21:25 - 2018-03-22 21:25 - 000003238 _____ C:\Windows\System32\Tasks\{13839EE2-47D4-4E40-99FD-B5C71E17BEA7}
2018-03-22 21:08 - 2018-03-23 08:49 - 000000000 ____D C:\ProgramData\Google
2018-03-22 07:39 - 2018-03-22 07:39 - 000000000 ____D C:\Users\Foto\Desktop\catalog 22 martie
2018-03-21 09:32 - 2018-03-21 09:34 - 000000000 ____D C:\Users\Foto\Desktop\final final
2018-03-18 15:37 - 2018-03-18 15:37 - 023179982 _____ C:\Users\Foto\Desktop\Catalog produse green.pdf
2018-03-17 18:15 - 2018-03-17 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-15 22:45 - 2018-03-15 23:28 - 000000000 ____D C:\Users\Foto\Desktop\POACA
2018-03-15 20:01 - 2018-03-15 20:02 - 000000000 ____D C:\Users\Foto\Desktop\ultimul catalog digital art
2018-03-15 18:33 - 2018-03-15 18:33 - 002334122 _____ C:\Users\Foto\Desktop\DOC.PDF
2018-03-15 13:50 - 2018-03-15 13:50 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-03-15 13:50 - 2018-03-15 13:50 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-03-15 13:50 - 2018-03-15 13:50 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-03-15 13:50 - 2018-03-15 13:50 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-03-13 16:37 - 2018-03-13 16:37 - 000000000 ____D C:\Users\Foto\Desktop\canon
2018-03-13 16:36 - 2018-03-13 16:36 - 001550093 _____ C:\Users\Foto\Desktop\CanonEosDigitalInfo_v1.4_SDK_v2.14.zip
2018-03-11 13:15 - 2018-03-11 14:23 - 000000000 ____D C:\Users\Foto\Desktop\casuta lu giani
2018-03-11 09:15 - 2018-03-11 09:15 - 000000000 ____D C:\Users\Foto\Desktop\catalog nou digital art
2018-03-09 14:13 - 2018-03-09 14:14 - 000000000 ____D C:\Users\Foto\Desktop\chingi apicole
2018-03-08 11:37 - 2018-02-13 20:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-08 11:37 - 2018-02-13 20:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-08 11:37 - 2018-02-13 16:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-08 11:37 - 2018-02-13 16:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-08 10:06 - 2018-03-08 10:06 - 000001617 _____ C:\Users\Foto\Desktop\modificari album.txt
2018-03-01 15:43 - 2018-03-01 15:43 - 000000000 ____D C:\Users\Foto\Desktop\simon resize
2018-02-28 16:24 - 2018-02-28 16:24 - 000000000 ____D C:\Users\Foto\Desktop\emma resize
2018-02-28 16:03 - 2018-03-22 10:36 - 000000000 ____D C:\Users\Foto\Desktop\albine
2018-02-21 09:37 - 2018-03-22 20:58 - 000000000 ____D C:\Users\Foto\AppData\Roaming\WhatsApp
2018-02-21 09:37 - 2018-03-15 23:07 - 000000000 ____D C:\Users\Foto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-02-21 09:37 - 2018-03-15 23:07 - 000000000 ____D C:\Users\Foto\AppData\Local\WhatsApp
2018-02-21 09:37 - 2018-03-15 22:52 - 000000000 ____D C:\Users\Foto\AppData\Local\SquirrelTemp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-23 11:45 - 2017-05-18 17:40 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-03-23 11:38 - 2017-05-18 15:32 - 000000000 ____D C:\Users\Foto\AppData\Roaming\MPC-HC
2018-03-23 11:34 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-23 11:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-03-23 11:27 - 2017-05-17 18:38 - 000000000 _____ C:\Windows\Path.idx
2018-03-23 11:00 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-23 11:00 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-23 10:57 - 2017-05-31 19:39 - 000000000 ____D C:\Users\Foto\AppData\Local\CrashDumps
2018-03-23 10:53 - 2017-05-18 17:41 - 000001164 _____ C:\Users\Foto\Desktop\Dropbox.lnk
2018-03-23 10:52 - 2017-05-18 17:40 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-03-23 10:52 - 2017-05-18 11:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-23 10:52 - 2017-05-17 18:32 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-03-23 10:52 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-23 10:31 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2018-03-23 09:54 - 2017-05-17 19:19 - 000000000 ____D C:\Users\Foto\AppData\Roaming\Google
2018-03-23 08:49 - 2017-05-17 19:17 - 000000000 ____D C:\Users\Foto\AppData\Local\Google
2018-03-23 08:43 - 2018-01-03 23:31 - 000000000 ____D C:\Program Files (x86)\SopCast
2018-03-23 08:43 - 2017-10-23 13:12 - 000000000 ____D C:\Program Files (x86)\Photodex Presenter
2018-03-23 08:43 - 2017-07-21 17:54 - 000000000 ____D C:\Program Files (x86)\Nero
2018-03-23 08:43 - 2017-06-28 06:21 - 000000000 ____D C:\Program Files (x86)\PowerDataRecovery
2018-03-23 08:43 - 2017-06-02 18:04 - 000000000 ____D C:\Program Files (x86)\CD-LabelPrint
2018-03-23 08:43 - 2017-05-30 07:20 - 000000000 ____D C:\Program Files (x86)\Sound Volume Hotkeys
2018-03-23 08:43 - 2017-05-30 07:18 - 000000000 ____D C:\Program Files (x86)\Winamp
2018-03-23 08:43 - 2017-05-18 17:41 - 000000000 ___RD C:\Users\Foto\Dropbox
2018-03-23 08:43 - 2017-05-18 11:52 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-23 08:43 - 2017-05-17 19:59 - 000000000 ____D C:\Users\Foto\AppData\Roaming\GHISLER
2018-03-23 08:43 - 2017-05-17 19:59 - 000000000 ____D C:\totalcmd
2018-03-23 08:43 - 2017-05-17 19:43 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-23 08:43 - 2017-05-17 18:25 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-03-23 08:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-03-23 08:30 - 2017-05-18 15:36 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-03-22 21:43 - 2018-01-13 01:15 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-22 21:43 - 2017-10-31 10:33 - 000000000 ____D C:\Windows\Minidump
2018-03-22 21:43 - 2017-05-17 19:43 - 000000000 ____D C:\Users\Foto\AppData\Roaming\TeamViewer
2018-03-22 21:38 - 2017-11-30 10:32 - 000000000 ____D C:\Program Files\Pixellu SmartAlbums 2
2018-03-22 21:08 - 2017-05-18 03:57 - 000000000 ____D C:\Users\Foto\AppData\Roaming\Adobe
2018-03-22 21:04 - 2017-05-18 06:47 - 004784720 _____ C:\Users\Foto\Downloads\WoT_internet_install_eu.exe
2018-03-22 21:04 - 2017-05-17 19:22 - 002281664 _____ C:\Users\Foto\Downloads\uTorrent.exe
2018-03-22 08:00 - 2017-05-30 06:08 - 000000388 _____ C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2018-03-22 07:20 - 2017-05-18 15:33 - 000000000 ____D C:\Users\Foto\AppData\Local\Adobe
2018-03-17 18:15 - 2017-05-18 17:40 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-16 18:10 - 2017-05-17 19:43 - 000000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2018-03-13 15:39 - 2017-05-18 17:58 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 15:39 - 2017-05-18 17:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 15:39 - 2017-05-18 17:58 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-13 15:39 - 2017-05-18 17:58 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 15:39 - 2017-05-18 17:58 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-13 15:39 - 2017-05-17 18:26 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-11 14:40 - 2018-01-03 23:34 - 000000000 ____D C:\Users\Foto\AppData\Roaming\vlc
2018-03-08 14:51 - 2017-05-18 14:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-08 11:38 - 2017-05-11 21:07 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-28 19:31 - 2017-05-17 19:18 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 16:07 - 2017-10-14 18:42 - 000000000 ____D C:\Users\Foto\Desktop\contracte
2018-02-26 21:42 - 2017-05-18 17:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-23 19:55 - 2017-05-18 17:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-23 11:54 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-21 13:05 - 2017-05-17 19:22 - 000000000 ____D C:\Users\Foto\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2017-12-04 15:39 - 2017-12-04 15:39 - 000000132 _____ () C:\Users\Foto\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-09-20 08:32 - 2017-09-20 08:32 - 000007605 _____ () C:\Users\Foto\AppData\Local\Resmon.ResmonCfg
2008-02-05 23:28 - 2008-02-05 23:28 - 000000051 _____ () C:\Users\Foto\AppData\Local\setup.txt
2017-10-04 06:13 - 2017-10-04 06:13 - 000000000 _____ () C:\Users\Foto\AppData\Local\{D93885CD-11A0-4B3C-93EE-41EEFA44B2C6}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-19 08:10
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 23 March 2018 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar program and post fresh logs for my review.
https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=http://i121.photobucket.com/albums/o239/kevinf80/Farbar%20Tools/frst%20b.jpg&key=98f8e4fa906452a8ed54423fd0407a3d120fe6064437244ca29c06ed5f968755

:step3:
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs for my review.

Let me know what problems persists.
==============================

#3 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 09:41 AM

  Hi nasdaq! now I'm on adwcleaner :)
10x ! be right back with the next log

Attached Files



#4 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 09:45 AM

no infections here :)

Attached Files



#5 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 09:51 AM

And the last 2 files. What should I do next?

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 23 March 2018 - 10:40 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\Foto\Desktop\contract.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Foto\Desktop\florescu foto 2018.pdf:com.dropbox.attributes [168]
HKLM\...\exefile\shell\open\command:  <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#7 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 10:50 AM

done!

Attached Files



#8 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 11:08 AM

nasdaq , the infection is still there. after restarting the system, malwarebytes blocks it and show the message "reboot required"



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 23 March 2018 - 12:50 PM

Hi

Reboot the Computer normally.

If MBAM reports that a reboot is required please post the MBAM log for my review.

#10 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 23 March 2018 - 12:59 PM

like it says in the first loc from mbam: C:\WINDOWS\SVCHOST.COM, REMOVAL FAILED
Mbam is blocking it, requires restart and is still there after restart

Attached Files

  • Attached File  mb.txt   1.25KB   5 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 23 March 2018 - 01:02 PM

Tt's probably a Syncing issue?
Are you Syncing Chrome with other devices.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

#12 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 24 March 2018 - 03:52 AM

Hi nasdaq! Now I’m not able to open any explorer, chrome or iexplore. On system startup mbam popsup blocking C:\windows\svchost.com repeteatly requesting restart. I restart the system and thats a loop. I cannot run chrome to disable syncing

#13 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 24 March 2018 - 03:54 AM

Mbam quarantines that path on and on.

#14 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 28 March 2018 - 05:21 AM

    hi again!

-I did sync off the chrome from the laptop since the pc was not able to open any explorers nor programs. I reinstalled the os on the pc and the first program installed was mabm. After few instals (winamp, acdsee, java, totalcommander) apeared the message that a program want's to make changes to the computerm located in c:\windows\svchost.com
-I've scanned with mabm and quarantined the files

 

 here is the log:

Attached Files


Edited by flostudio, 28 March 2018 - 05:22 AM.


#15 flostudio

flostudio
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 28 March 2018 - 07:07 AM

new!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users