svchost.exe infection URL:Mal - http:/bestdriverstar.net etc.

[REDACTED]

Hi,

I have ran Zoek and attached results, please help with virus removal.

EDIT...Apologies for pasting results..have now attached to post.

[Eddy]

Do not copy/paste the content of log files, but attach them to your post.

Follow the instructions in the sticky in the top of this forum.

[REDACTED]

https://forum.avast.com/index.php?topic=53253.0

Attach the logs

[REDACTED]

Attached logs as requested...

Thanks for the help.

[REDACTED]

Someone please help...

[Pondus]

Someone please help...

Malware removers don't  work for avast, they are volunteers. They are not in this forum 24/7, they also have a life outside of this forum, work, family, sleep ... and they may be in a different timezone then you are in

So be patient, Valinorum will be back   

[REDACTED]

Sure Pondus, just noticed that others who posted issues after me were already responded to, but no worries, will wait...

[Pondus]

Sure Pondus, just noticed that others who posted issues after me were already responded to, but no worries, will wait...

By Valinorum? ...... he is the one working your case

[REDACTED]

Had noticed TwinHeadedEagle was responding to these SVChost malware issues and he had responded to someone else...

[REDACTED]

Still waiting for some help please... 

[REDACTED]

Please someone help, been waiting since yesterday...

[REDACTED]

Pirated softwares have been detected in your system. We do not condone piracy and further help will be declined should you choose to use them.

• Step #1 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
    
  • Copy and Paste the contents inside the code-box to your Notepad --
    

Code: [Select]

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {54EA1CCA-9191-4DA5-B457-DCFD50818FDD} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI)
C:\Program Files\KMSpico\
FirewallRules: [{601F9D79-BADE-4975-A7CB-AECB4AD81EAB}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7169A3BC-EE66-4F61-847C-C2A2C2BB8175}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{55B236F2-713C-4B37-B474-303DCE4F66AF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{DF83866C-1328-4640-957F-4667C2792FAE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CB696600-B0EB-437B-B916-423FA1E1E945}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0A29785F-6D9E-47C3-B005-B78EF7F2EB96}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{81FD2C80-C69E-469A-A531-D78D54DBD666}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0B8537E7-8FAF-44E1-ACED-79F6C0A9D13F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{571211D0-5AB1-4662-9B67-86EA1E74C153}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B593074A-2667-47E3-8FE9-947FE0FADAFA}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
HKU\S-1-5-21-3841118156-2288567474-172903412-1001\...\MountPoints2: {7b03f9f6-ac50-11e4-825f-60571828086a} - "D:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3841118156-2288567474-172903412-1001\...\MountPoints2: {bafe38a6-c777-11e4-8266-60571828086a} - "D:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3841118156-2288567474-172903412-1001\...\MountPoints2: {cd537334-a16f-11e4-8259-60571828086a} - "F:\Autorun.exe"
HKU\S-1-5-18\...\Run: [] => [X]
ShortcutTarget: Aventail VPN Connection.lnk ->  (No File)
HKU\S-1-5-21-3841118156-2288567474-172903412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed]
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-02-18] (Basil Projects)
CMD: bitsadmin /reset /allusers
CMD: type "C:\zoek-results.log"
End

• Click on File > Save as...
  
  • Inside the File Name box type fixlist.txt
    
  • From the Save as type drop down list, choose All Files
• Save the file to your Desktop;
  
• Re-run FRST.exe and click Fix;
  
  • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
• After the completion, a log will be produced;
• Attach the log in your next reply.

• Required Log(s):
  
  • FRST Fix Log

Regards,
Valinorum