Page 2 of 4 FirstFirst 1234 LastLast
  1.    21 Jan 2017 #11
    Join Date : Aug 2016
    Posts : 553
    Windows 10 Home

    victor122,

    The hosts file is OK.

    Let's do the following:

    Download Zemana AntiMalware:
    Zemana AntiMalware Download
    Save to the Desktop.

    Double-click on the file Zemana.AntiMalware.Setup.exe to install.

    When the program starts you are presented with a Setup screen, click: Next
    Follow the prompts to install.

    Once Zemana AntiMalware starts, click: Scan

    When finished, it displays a list of all the malware found. Click on Next to remove any malicious files from your computer.

    A reboot may be required to remove malware.

    When done, click the Graph icon (far upper right), highlight the applicable log file, and click: Open Report

    Please post the notepad text report for review.
      My ComputerSystem Spec
  2.    22 Jan 2017 #12
    Join Date : Jan 2017
    Posts : 15
    Windows 10
    Thread Starter

    Quote Originally Posted by cottonball View Post
    victor122,

    The hosts file is OK.

    Let's do the following:

    Download Zemana AntiMalware:
    Zemana AntiMalware Download
    Save to the Desktop.

    Double-click on the file Zemana.AntiMalware.Setup.exe to install.

    When the program starts you are presented with a Setup screen, click: Next
    Follow the prompts to install.

    Once Zemana AntiMalware starts, click: Scan

    When finished, it displays a list of all the malware found. Click on Next to remove any malicious files from your computer.

    A reboot may be required to remove malware.

    When done, click the Graph icon (far upper right), highlight the applicable log file, and click: Open Report

    Please post the notepad text report for review.
    That didn't help but thanks. The trojan seems to be operating from a different program/file now called tor. Happened after i blocked its IP.
    Click image for larger version. 

Name:	2017-01-22.png 
Views:	8 
Size:	361.8 KB 
ID:	118082
      My ComputerSystem Spec
  3.    22 Jan 2017 #13
    Join Date : Aug 2016
    Posts : 553
    Windows 10 Home

    victor122,

    Please use the Farbar Recovery Scan Tool Download
    Save FRST to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]


    Double-click FRST to run it.
    When the tool opens click Yes to the disclaimer.

    Next, press the Scan button.


    When done, the tool makes a log (FRST.txt) on the Desktop.
    The first time the tool is run, it makes another log: (Addition.txt).

    Please provide the results of both reports in your reply. (Attach if you can, if not, then post.)
      My ComputerSystem Spec
  4.    23 Jan 2017 #14
    Join Date : Jan 2017
    Posts : 15
    Windows 10
    Thread Starter

    FRST.txtAddition.txt
    Here are both txt files
      My ComputerSystem Spec
  5.    23 Jan 2017 #15
    Join Date : Aug 2016
    Posts : 553
    Windows 10 Home

    victor122,

    Thanks for the reports.


    Please try the following:

    Press the Windows and R keys at the same time. This opens the Run box.
    Type Notepad and click OK.
    Next, please copy the entire contents inside the code box below to Notepad.

    Code:
    Start
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    GroupPolicy: Restriction - Windows Defender <======= ATTENTION
    C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}
    C:\Users\Admin\AppData\Roaming\tor.exe
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
    Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Admin\AppData\Roaming\Browsers\exe.emorhc.bat (No File) 
    Task: {6C4DAD07-8BDC-4C35-A0ED-C91CBAE0BC26} - System32\Tasks\{034BCED7-1B5D-90E9-5A06-A9A295CA4F99} => C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}\aitdgvten.exe [2017-01-03] (TechSmith Corporation) 
    Task: {CD6DF866-8AC9-4D6C-A904-9975E75B6872} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Admin\AppData\Roaming\FreeVPN\FreeVPN.exe
    
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



    Next, run FRST and click Fix only once, and wait.


    The tool creates a log: (Fixlog.txt)

    Please attach it to your reply.
    Last edited by cottonball; 23 Jan 2017 at 18:04.
      My ComputerSystem Spec
  6.    23 Jan 2017 #16
    Join Date : Jan 2015
    UK, Midlands
    Posts : 10,960
    Win 10 Pro (1703)

    FYI: QQ is a Chinese chat program - I've used it myself quite extensively.
      My ComputerSystem Spec
  7.    23 Jan 2017 #17
    Join Date : Aug 2016
    Posts : 553
    Windows 10 Home

    @dalchina,


    When there is an [X] at the end of a listed service, that indicates that FRST could not find the files associated with the particular Service or Driver and has listed the ImagePath as it is in the Registry.
      My ComputerSystem Spec
  8.    23 Jan 2017 #18
    Join Date : Aug 2016
    Posts : 553
    Windows 10 Home

    @victor122,

    Please note, post number 15 was modified.
      My ComputerSystem Spec
  9.    24 Jan 2017 #19
    Join Date : Jan 2017
    Posts : 15
    Windows 10
    Thread Starter

    Quote Originally Posted by cottonball View Post
    victor122,

    Thanks for the reports.


    Please try the following:

    Press the Windows and R keys at the same time. This opens the Run box.
    Type Notepad and click OK.
    Next, please copy the entire contents inside the code box below to Notepad.

    Code:
    Start
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    GroupPolicy: Restriction - Windows Defender <======= ATTENTION
    C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}
    C:\Users\Admin\AppData\Roaming\tor.exe
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
    Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Admin\AppData\Roaming\Browsers\exe.emorhc.bat (No File) 
    Task: {6C4DAD07-8BDC-4C35-A0ED-C91CBAE0BC26} - System32\Tasks\{034BCED7-1B5D-90E9-5A06-A9A295CA4F99} => C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}\aitdgvten.exe [2017-01-03] (TechSmith Corporation) 
    Task: {CD6DF866-8AC9-4D6C-A904-9975E75B6872} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Admin\AppData\Roaming\FreeVPN\FreeVPN.exe
    
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



    Next, run FRST and click Fix only once, and wait.


    The tool creates a log: (Fixlog.txt)

    Please attach it to your reply.
    Here is the logFixlog.txt
      My ComputerSystem Spec
  10.    24 Jan 2017 #20
    Join Date : Aug 2016
    Posts : 553
    Windows 10 Home

    victor122,

    Please update, any progress?
      My ComputerSystem Spec

 
Page 2 of 4 FirstFirst 1234 LastLast


Similar Threads
Thread Forum
Does 'svchost.exe' being in the 'SysWOW64' folder, constitute a Virus?
I have read at multiple places that the file 'svchost.exe' should only be in the 'System32' folder. I searched my PC and this file is also present in the 'SysWOW64' folder. Does this mean that there is a virus/malware? Note:- I have also read at...
AntiVirus, Firewalls and System Security
svchost.exe (RPCSS) freezes Windows
I bought my laptop in January 2015, and got used to Windows 8.1. I have liked Win10 ever since I upgraded late last year. I had some minimal trouble in the "migration", which was related to the substituted touchpad driver, but I digress. I believe...
Performance & Maintenance
Solved Windows 10 possible virus?
Hello about 30 minutes ago I downloaded some software for my wacom tablet but I think it was a virus because it randomly started downloading a bunch of programs like teamviewer, supremo and weather stuff. i think it was part of something called the...
General Support
Solved svchost CPU usage at 55%
not sure since when and how ( must have been recently ), but my windows 10 got probably infected, whenever i start pc, my cpu usage jumps to 55% ±. After I open task manager, i can see this ( attachment ) : the PID of "faulty" service is always...
Performance & Maintenance
Poor Performance from Windows 10 - High CPU usage from SVCHOST
Evening Folks, I just recently installed Windows 10 on my Dell Inspiron Laptop and so far I am not impressed at all - in fact, I am very seriously debating one of two actions - re-install Windows 7 or switching to an entirely different OS. The...
Performance & Maintenance
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:21.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums