Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows 7 free space keeps shrinking


  • Please log in to reply

#1
mira19925

mira19925

    Member

  • Member
  • PipPip
  • 20 posts

Hello,

I think I have a malware that keeps shrinking the free space in my computer

I am desperate ; tried everything

"zhp, rouge kill. combofix . unhackme "

Nothing works :(

please help


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,996 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

first let me thank you for taking time to help me :)

 

Now ,

This is the " FRST" log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by NEW LAP (administrator) on NEWLAP-PC (20-03-2018 22:47:00)
Running from C:\Users\NEW LAP\Desktop
Loaded Profiles: NEW LAP (Available Profiles: NEW LAP)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
( ) C:\Windows\System32\lmabcoms.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-06] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2016-01-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [590400 2015-05-16] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-03-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-03-26] ( )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-01-27]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19CB2762-27D3-4551-8997-E7E0190F0B3D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4046C0C9-D98E-480D-9230-5B3B65EFD33F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2018-01-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-06] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-06] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-06] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: c74wnsnc.default
FF ProfilePath: C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default [2018-03-19]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\Extensions\[email protected] [2016-08-20] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\Extensions\[email protected] [2017-09-10]
FF Extension: (Avast Online Security) - C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Video DownloadHelper) - C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-05] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-03] [Legacy]
FF Extension: (Block site) - C:\Users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-04-27] [Legacy]
FF ProfilePath: C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default [2018-03-20] <==== ATTENTION
FF Homepage: Profiles\c74wnsnc.default -> hxxp://google.com/
FF NewTab: Profiles\c74wnsnc.default -> hxxp://www.trotux.com/?z=ff363978be690055b13aeabg0zfmfo0c9tfoccfq5o&from=epf1&uid=HitachiXHTS543232A7A384_E243424329X7VK29X7VKX&type=hp
FF Extension: (Flash Video Downloader) - C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default\Extensions\[email protected] [2018-03-04]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default\Extensions\[email protected] [2017-05-26] [Legacy]
FF Extension: (IDM Integration Module) - C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default\Extensions\[email protected] [2018-03-01]
FF Extension: (Avast Online Security) - C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default\Extensions\[email protected] [2018-01-06]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default\Extensions\[email protected] [2018-02-19]
FF Extension: (Block site) - C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2017-11-23]
FF HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09] [Legacy]
FF HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\NEW LAP\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\NEW LAP\AppData\Roaming\IDM\idmmzcc5 [2018-03-19] [Legacy] [not signed]
FF HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2018-01-06] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2018-01-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.0.112 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.0.112 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-01-27] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: homtherckersopyzaqige
CHR HomePage: homtherckersopyzaqige -> hxxp://www.google.com/
CHR Profile: C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige [2018-03-19] <==== ATTENTION
CHR Extension: (IDM Integration Module) - C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-13]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-06] (AVAST Software)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2016-01-27] (RealNetworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-06] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-06] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-06] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-06] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-06] (AVAST Software)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2018-01-10] (Enigma Software Group USA, LLC.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-28] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKslc77222c9; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0F4465A-9C85-4947-B7DF-7598C707F3E6}\MpKslc77222c9.sys [58120 2018-03-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [520192 2010-12-14] (IDT, Inc.) [File not signed]
S3 catchme; \??\C:\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 22:44 - 2018-03-20 22:46 - 000030818 _____ C:\Users\NEW LAP\Desktop\Addition.txt
2018-03-20 22:43 - 2018-03-20 22:47 - 000018492 _____ C:\Users\NEW LAP\Desktop\FRST.txt
2018-03-20 22:41 - 2018-03-20 22:47 - 000000000 ____D C:\FRST
2018-03-20 22:41 - 2018-03-20 22:41 - 000000182 _____ C:\Users\NEW LAP\Desktop\turkish.txt
2018-03-20 22:09 - 2018-03-20 22:10 - 002403328 _____ (Farbar) C:\Users\NEW LAP\Desktop\FRST64.exe
2018-03-19 03:04 - 2018-03-19 03:04 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-03-19 03:02 - 2018-03-19 03:02 - 000003143 _____ C:\Users\NEW LAP\Desktop\ZHPFixReport.txt
2018-03-19 03:01 - 2018-03-19 03:01 - 000003257 _____ C:\Users\NEW LAP\Desktop\fix 2.txt
2018-03-19 02:20 - 2018-03-19 02:21 - 000090218 _____ C:\Users\NEW LAP\Desktop\ZHPDiag.txt
2018-03-19 01:19 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2018-03-19 01:19 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2018-03-19 01:19 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-03-19 01:19 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-03-19 01:19 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-03-19 01:19 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2018-03-19 01:19 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2018-03-19 01:19 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2018-03-19 01:18 - 2018-03-19 01:42 - 000000000 ____D C:\Qoobox
2018-03-19 01:17 - 2018-03-19 01:38 - 000000000 ____D C:\Windows\erdnt
2018-03-18 13:10 - 2018-03-18 13:10 - 000001002 _____ C:\Users\Public\Desktop\MBRCheck.lnk
2018-03-18 13:10 - 2018-03-18 13:10 - 000000995 _____ C:\Users\Public\Desktop\ZHPDiag.lnk
2018-03-18 13:10 - 2018-03-18 13:10 - 000000990 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2018-03-18 12:56 - 2018-03-18 12:56 - 000346130 _____ C:\Users\NEW LAP\Desktop\zhp
2018-03-18 12:42 - 2018-03-18 12:42 - 000020832 _____ C:\Users\NEW LAP\Desktop\ZHPCleaner.html
2018-03-18 12:42 - 2018-03-18 12:42 - 000003343 _____ C:\Users\NEW LAP\Desktop\ZHPCleaner.txt
2018-03-15 00:41 - 2018-03-19 01:44 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-15 00:40 - 2018-03-18 12:42 - 000000000 ____D C:\Users\NEW LAP\AppData\Roaming\ZHP
2018-03-15 00:40 - 2018-03-15 00:40 - 000000000 ____D C:\Users\NEW LAP\AppData\Local\ZHP
2018-03-15 00:39 - 2018-03-19 03:09 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-15 00:39 - 2018-03-18 12:32 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-04 22:41 - 2018-03-12 00:25 - 000000000 ____D C:\Users\NEW LAP\Desktop\Coloring Materials

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 22:42 - 2018-02-09 20:20 - 000000000 ____D C:\Users\NEW LAP\AppData\LocalLow\Mozilla
2018-03-20 01:10 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-20 01:10 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-03-20 00:39 - 2017-04-05 21:38 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-19 13:13 - 2016-01-27 17:23 - 000000000 ____D C:\Users\NEW LAP\AppData\Roaming\DMCache
2018-03-19 13:03 - 2016-01-27 17:23 - 000000000 ____D C:\Users\NEW LAP\AppData\Roaming\IDM
2018-03-19 12:48 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-19 12:48 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-19 03:09 - 2018-01-06 17:52 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-03-19 03:03 - 2018-01-06 21:46 - 000000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2018-03-19 03:03 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-19 03:02 - 2018-01-10 23:54 - 000000000 ____D C:\ZHP
2018-03-19 02:21 - 2018-01-10 23:54 - 000000000 ____D C:\Program Files (x86)\ZHPDiag
2018-03-19 01:30 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2018-03-18 13:10 - 2018-01-10 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2018-03-18 12:22 - 2016-01-27 17:13 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 12:22 - 2016-01-27 17:13 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-15 00:40 - 2018-01-08 23:41 - 000000530 _____ C:\Users\NEW LAP\Desktop\MOVIES SAVE.txt
2018-03-15 00:14 - 2016-01-27 17:23 - 000000000 ____D C:\Users\NEW LAP\Downloads\Compressed
2018-03-10 01:41 - 2018-01-06 17:53 - 000000000 ____D C:\Users\NEW LAP\Documents\RegRun2
2018-03-09 15:34 - 2016-01-30 08:21 - 000000000 ____D C:\Users\NEW LAP\AppData\Local\CrashDumps
2018-02-28 17:29 - 2017-06-23 01:16 - 000000000 ____D C:\Users\NEW LAP\Desktop\Print
2018-02-28 15:50 - 2016-06-18 00:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-28 15:49 - 2016-06-18 00:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

Some files in TEMP:
====================
2018-03-19 01:43 - 2017-02-09 18:33 - 001732864 _____ (Microsoft Corporation) C:\Users\NEW LAP\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-19 01:03

==================== End of FRST.txt ============================


  • 0

#4
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

And this is "Addition" Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by NEW LAP (20-03-2018 22:47:37)
Running from C:\Users\NEW LAP\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-01-24 19:48:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3427846102-3826013632-1412583081-500 - Administrator - Disabled)
Guest (S-1-5-21-3427846102-3826013632-1412583081-501 - Limited - Disabled)
NEW LAP (S-1-5-21-3427846102-3826013632-1412583081-1000 - Administrator - Enabled) => C:\Users\NEW LAP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.120 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.17 - COWON)
FormatFactory 3.7.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.0.0 - Format Factory)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.6.5260 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3371.0 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HP LaserJet P1000 series (HKLM-x32\...\HP LaserJet P1000 series) (Version:  - )
hppMSRedist (HKLM-x32\...\{58ECE031-9AAD-4011-B34A-BC78E77527E2}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppusgP1000 (HKLM-x32\...\{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}) (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6315.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
K-Lite Mega Codec Pack 11.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.0 - )
Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version:  - Lexmark International, Inc.)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft DirectX SDK (August 2009) (HKLM-x32\...\Microsoft DirectX SDK (August 2009)) (Version: 9.27.1734.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (HKLM-x32\...\{12FA7D28-CF8C-498B-BC4A-E654B44546EF}) (Version: 18.0.0.113 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{e1f55556-ee3b-4059-961f-390ab7191c03}) (Version: 18.0.0.113 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.0 - RealNetworks)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
VEGAS Pro 13.0 (64-bit) (HKLM\...\{01584040-68BC-11E6-A59F-BB95F5A309BD}) (Version: 13.0.543 - VEGAS)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
WinRAR 5.00 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)
ZHPDiag 1.34 (HKLM-x32\...\ZHPDiag_is1) (Version: 1.34 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers1: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2012-01-19] (Atheros Commnucations)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-05-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-05-09] (Alexander Roshal)
ContextMenuHandlers2: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2012-01-19] (Atheros Commnucations)
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2011-06-15] (JetAudio)
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2016-01-27] (RealNetworks, Inc.)
ContextMenuHandlers4: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (August 2009)\Utilities\bin\x64\TxView.dll [2009-09-05] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-12-08] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2011-06-15] (JetAudio)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-05-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-05-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {47BBEB44-4B90-47FB-BC47-7625351B7D4A} - System32\Tasks\SafeZone scheduled Autoupdate 1463152479 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {4C39EC17-183F-44C2-8821-DAA4731E19E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {60739CBC-30E6-41FE-A11B-852B11744E5B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-06] (Adobe Systems Incorporated)
Task: {6A9387AB-1316-4D0A-9CFD-6DA1B41F684A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {77224D93-F7C0-4487-9402-55E540100B54} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-06] (AVAST Software)
Task: {8211591F-4ED4-4219-ABB4-19E2643AAB32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {8929F8DF-38C1-4619-8382-ECE7F9B06531} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-09] (AVAST Software)
Task: {976769BA-BF7C-4BC2-96F6-63633BAD4E42} - \Driver Booster SkipUAC (NEW LAP) -> No File <==== ATTENTION
Task: {97C451C9-48F6-46F0-A64B-CC6E3C3202D5} - System32\Tasks\{89AA9D28-A72E-4D1D-A03B-436CD87CB3ED} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|18.0
Task: {E1ABB20E-3E6F-4F80-B25E-41CB2035BE77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {F13D8C02-13BC-4D94-B20E-87817D1C28FB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-06 22:24 - 2018-01-06 22:24 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2018-01-06 22:23 - 2018-01-06 22:23 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2014-06-06 01:46 - 2010-12-08 20:55 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-16 14:52 - 2015-05-16 14:52 - 000590400 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2018-01-06 22:23 - 2018-01-06 22:23 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-06 22:23 - 2018-01-06 22:23 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-06 22:23 - 2018-01-06 22:23 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-03-18 13:26 - 2018-03-18 13:26 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031800\algo.dll
2018-01-06 22:24 - 2018-01-06 22:24 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-06 22:23 - 2018-01-06 22:23 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-06 22:23 - 2018-01-06 22:23 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-19 12:05 - 2018-03-19 12:05 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031900\algo.dll
2018-03-20 22:05 - 2018-03-20 22:05 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18032002\algo.dll
2015-05-16 14:47 - 2015-05-16 14:47 - 001382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-05-16 14:52 - 2015-05-16 14:52 - 000066112 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2017-07-09 19:57 - 2017-07-09 19:57 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-06 22:23 - 2018-01-06 22:23 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-01-24 21:59 - 2016-01-24 21:59 - 000169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b7e68f030ebaf8e1ace1bed4b7d5dfec\IsdiInterop.ni.dll
2016-01-24 21:59 - 2010-09-14 04:28 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-03-19 03:09 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3427846102-3826013632-1412583081-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NEW LAP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3F604C8E-3239-48C9-8AFE-BF3A2EF0F262}C:\program files (x86)\formatfactory\ffmodules\package\pfinstonline.exe] => (Block) C:\program files (x86)\formatfactory\ffmodules\package\pfinstonline.exe
FirewallRules: [UDP Query User{044BE900-55F6-47FA-B975-4F66463A606E}C:\program files (x86)\formatfactory\ffmodules\package\pfinstonline.exe] => (Block) C:\program files (x86)\formatfactory\ffmodules\package\pfinstonline.exe
FirewallRules: [TCP Query User{535D1762-B121-4513-98DC-108DFBEA919A}C:\program files (x86)\microsoft directx sdk (august 2009)\utilities\bin\x86\audconsole3.exe] => (Block) C:\program files (x86)\microsoft directx sdk (august 2009)\utilities\bin\x86\audconsole3.exe
FirewallRules: [UDP Query User{675A573B-8AA0-4818-B339-4F463EC5AF97}C:\program files (x86)\microsoft directx sdk (august 2009)\utilities\bin\x86\audconsole3.exe] => (Block) C:\program files (x86)\microsoft directx sdk (august 2009)\utilities\bin\x86\audconsole3.exe
FirewallRules: [{BE0C1881-E71B-494C-B71B-B45E623FFEA2}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{8FBC27DC-ECA6-4F88-8AD4-3BBD642CA58D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{63806B1E-53D0-4DA3-900C-FCDBADC30757}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5399F211-2837-43A3-958D-B6D216B6BC32}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{45549BEC-17CE-4FFD-B4D7-57E0D23EF7CC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0874C93C-E32D-46AF-8F9B-C7564ED519EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{94403E39-2B61-4F2E-A7D1-B0CFCE7CC132}] => (Allow) C:\Windows\system32\lmabcoms.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2018 03:04:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/19/2018 03:04:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/19/2018 02:19:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/19/2018 01:05:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\formatfactory\ffmodules\Package\Ask\AskPIP_FF_.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/18/2018 01:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/18/2018 01:25:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/18/2018 01:24:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2018 01:24:36 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/20/2018 10:05:07 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/20/2018 12:38:15 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/19/2018 04:09:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/19/2018 03:09:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/19/2018 01:32:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/19/2018 12:31:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/19/2018 12:04:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/19/2018 03:19:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


CodeIntegrity:
===================================

Date: 2018-03-19 03:02:13.958
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.958
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.895
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.895
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.536
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.536
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.474
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-19 03:02:13.474
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3893.86 MB
Available physical RAM: 2468.96 MB
Total Virtual: 7785.9 MB
Available Virtual: 5985.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.01 GB) (Free:0.54 GB) NTFS
Drive d: () (Fixed) (Total:260.98 GB) (Free:27.34 GB) NTFS

\\?\Volume{6a69713c-c2d2-11e5-8efc-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 61FF3A35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=261 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,996 posts
Hello,

You have 2 anti virus programs installed. Not recommened. Please uninstall one of them.

Please post the combofix log. It will be found here C:/ Combofix/combofix.txt

Next


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default [2018-03-20] <==== ATTENTION
CHR Profile: C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige [2018-03-19] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 catchme; \??\C:\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ContextMenuHandlers1: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers2: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers4: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
Task: {6A9387AB-1316-4D0A-9CFD-6DA1B41F684A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {976769BA-BF7C-4BC2-96F6-63633BAD4E42} - \Driver Booster SkipUAC (NEW LAP) -> No File <==== ATTENTION
Task: {F13D8C02-13BC-4D94-B20E-87817D1C28FB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#6
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Here is Combofix report

 

 

ComboFix 18-03-14.01 - NEW LAP 03/23/2018   3:51.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.3894.1886 [GMT 2:00]
Running from: d:\programmes\Shortcut\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-23 to 2018-03-23  )))))))))))))))))))))))))))))))
.
.
2018-03-23 02:00 . 2018-03-23 02:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2018-03-23 01:47 . 2018-03-23 01:47    --------    d-----w-    C:\$AV_ASW
2018-03-23 01:35 . 2018-03-23 01:35    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F09347C3-6881-4727-A1C9-D6E757F57DB1}\offreg.404.dll
2018-03-22 19:20 . 2018-03-22 19:20    58120    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F09347C3-6881-4727-A1C9-D6E757F57DB1}\MpKslb4bb97b5.sys
2018-03-22 19:20 . 2018-03-22 19:20    1094320    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17E58344-E590-4350-9C92-45844194C4FE}\gapaengine.dll
2018-03-22 19:19 . 2018-02-09 01:25    14453336    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F09347C3-6881-4727-A1C9-D6E757F57DB1}\mpengine.dll
2018-03-20 20:41 . 2018-03-20 20:47    --------    d-----w-    C:\FRST
2018-03-20 20:14 . 2017-09-30 01:03    1057976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4796F90-5471-4FD2-9E25-64A488781FDF}\gapaengine.dll
2018-03-20 20:14 . 2018-02-09 01:25    14453336    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-03-19 01:04 . 2018-03-19 01:04    --------    d-----w-    c:\programdata\SWCUTemp
2018-03-14 22:41 . 2018-03-18 23:44    28272    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2018-03-14 22:40 . 2018-03-18 10:42    --------    d-----w-    c:\users\NEW LAP\AppData\Roaming\ZHP
2018-03-14 22:40 . 2018-03-14 22:40    --------    d-----w-    c:\users\NEW LAP\AppData\Local\ZHP
2018-03-14 22:39 . 2018-03-18 10:32    --------    d-----w-    c:\programdata\RogueKiller
2018-03-14 22:39 . 2018-03-19 01:09    --------    d-----w-    c:\program files\RogueKiller
2018-03-09 23:48 . 2017-09-30 01:03    1057976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{199C5D8F-9E5A-47E1-B3B1-C80B632C6C1A}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-23 18:58 . 2010-11-21 03:27    548000    ------w-    c:\windows\system32\MpSigStub.exe
2018-01-10 17:59 . 2016-05-13 15:00    457896    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2018-01-10 17:59 . 2016-05-13 15:00    146648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2018-01-06 20:24 . 2016-05-13 15:00    358672    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2018-01-06 20:24 . 2016-05-13 15:00    204456    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2018-01-06 20:24 . 2018-01-06 20:25    185096    ----a-w-    c:\windows\system32\drivers\aswArPot.sys
2018-01-06 20:24 . 2018-01-06 20:24    365680    ----a-w-    c:\windows\system32\aswBoot.exe
2018-01-06 20:24 . 2016-05-13 15:00    84384    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2018-01-06 20:24 . 2016-05-13 15:00    46976    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2018-01-06 20:24 . 2016-05-13 15:00    110336    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2018-01-06 20:23 . 2016-05-13 15:00    1025176    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2018-01-06 20:23 . 2018-01-06 20:25    149344    ----a-w-    c:\windows\system32\drivers\aswHdsKe.sys
2018-01-06 20:23 . 2017-04-05 19:38    57696    ----a-w-    c:\windows\system32\drivers\aswbuniva.sys
2018-01-06 20:23 . 2017-04-05 19:38    343768    ----a-w-    c:\windows\system32\drivers\aswbloga.sys
2018-01-06 20:23 . 2017-04-05 19:38    321512    ----a-w-    c:\windows\system32\drivers\aswbidsdrivera.sys
2018-01-06 20:23 . 2017-04-05 19:38    199448    ----a-w-    c:\windows\system32\drivers\aswbidsha.sys
2018-01-06 15:53 . 2018-01-06 15:53    2    --shatr-    c:\windows\winstart.bat
2018-01-06 15:46 . 2016-01-27 15:10    110144    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2018-01-06 15:45 . 2016-01-27 15:14    803328    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2018-01-06 15:45 . 2016-01-27 15:14    144896    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-01-06 12:25 . 2018-01-06 12:25    152080    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Scans\MpPayloadData\mpengine.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2010-03-26 582312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2016-01-27 286272]
"RealDownloader"="c:\program files (x86)\RealNetworks\RealDownloader\downloader2.exe" [2015-05-16 590400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SBrowserCheck"="c:\programdata\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" [2018-03-01 2482128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealTimes.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2016-1-27 1133144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 MpKslb4bb97b5;MpKslb4bb97b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F09347C3-6881-4727-A1C9-D6E757F57DB1}\MpKslb4bb97b5.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F09347C3-6881-4727-A1C9-D6E757F57DB1}\MpKslb4bb97b5.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RealTimes Desktop Service;RealTimes Desktop Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB4BB97B5
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
kuaizip2updatesvc    REG_MULTI_SZ       Kuaizip Update Checker
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52    25624    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-01-06 20:24    1757400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-01-06 20:24    1757400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-08 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-01-06 246120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4046C0C9-D98E-480D-9230-5B3B65EFD33F}\45162756B60256C6377756563797: NameServer = 188.120.239.115,8.8.8.8
TCP: Interfaces\{4046C0C9-D98E-480D-9230-5B3B65EFD33F}\475646164716: NameServer = 188.120.239.115,8.8.8.8
TCP: Interfaces\{4046C0C9-D98E-480D-9230-5B3B65EFD33F}\A6F656: NameServer = 188.120.239.115,8.8.8.8
FF - ProfilePath - c:\users\NEW LAP\AppData\Roaming\Mozilla\Firefox\Profiles\ylqbpwkw.default\
FF - prefs.js: browser.startup.homepage - about:homeabout:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_126_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2018-03-23  04:13:38
ComboFix-quarantined-files.txt  2018-03-23 02:13
.
Pre-Run: 438,124,544 bytes free
Post-Run: 401,342,464 bytes free
.
- - End Of File - - 00CEE3798694F08556BB14AC3512952B
 


  • 0

#7
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

fix log report

====

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by NEW LAP (23-03-2018 04:17:47) Run:1
Running from C:\Users\NEW LAP\Desktop
Loaded Profiles: NEW LAP (Available Profiles: NEW LAP)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default [2018-03-20] <==== ATTENTION
CHR Profile: C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige [2018-03-19] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 catchme; \??\C:\Users\NEWLAP~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ContextMenuHandlers1: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers2: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers4: [KuaiZip2ShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
Task: {6A9387AB-1316-4D0A-9CFD-6DA1B41F684A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {976769BA-BF7C-4BC2-96F6-63633BAD4E42} - \Driver Booster SkipUAC (NEW LAP) -> No File <==== ATTENTION
Task: {F13D8C02-13BC-4D94-B20E-87817D1C28FB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default => moved successfully
C:\Users\NEW LAP\AppData\Roaming\Profiles\c74wnsnc.default => path removed successfully
C:\Users\NEW LAP\AppData\Local\Google\Chrome\User Data\homtherckersopyzaqige => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\EsgScanner" => removed successfully
EsgScanner => service removed successfully
"HKLM\System\CurrentControlSet\Services\Partizan" => removed successfully
Partizan => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\KuaiZip2ShlExt => invalid subkey removed.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP" => removed successfully
"HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\KuaiZip2ShlExt => invalid subkey removed.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\KuaiZip2ShlExt => invalid subkey removed.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP" => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A9387AB-1316-4D0A-9CFD-6DA1B41F684A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9387AB-1316-4D0A-9CFD-6DA1B41F684A}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{976769BA-BF7C-4BC2-96F6-63633BAD4E42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{976769BA-BF7C-4BC2-96F6-63633BAD4E42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (NEW LAP)" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F13D8C02-13BC-4D94-B20E-87817D1C28FB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F13D8C02-13BC-4D94-B20E-87817D1C28FB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9062387 B
Java, Flash, Steam htmlcache => 1035 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 23866560 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35152 B
systemprofile32 => 8213296 B
LocalService => 132244 B
NetworkService => 95002832 B
NEW LAP => 470758 B

RecycleBin => 0 B
EmptyTemp: => 138.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:18:56 ====

 


  • 0

#8
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

BTW

I didn't know I had 2 Antivirus :0

I only know about Avast ... so  do you know what the other one is ??


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,996 posts
Hello,

The other Anti Virus is

Microsoft Security Essentials
  • 0

#10
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hello,

so what should i be doing next ??


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,996 posts
Uninstall Microsoft security essentials ?

Then

Download this program
https://sourceforge....latest/download
Save the file to the desktop
It will show you what's taking up all the space.
  • 1

#12
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Ok,

so, this is the screenshot for the report

but   I don't know what to do with it ?

The problem is that the windows keep shrinking for no reason without really downloading anything to Drive C

 

Attached Thumbnails

  • 1.GIF

Edited by mira19925, 25 March 2018 - 02:15 PM.

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,996 posts
Hello,

I don't know what to do with it

There's nothing to do with it, the program shows you what's taking up the space.

Can you uninstall combofix,

Click on the Start button and then in the Search field enter combofix /uninstall, Please note that there is a space between combofix and /uninstall.

Then

Run disc clean up as outlined below,

http://www1.udel.edu...p-windows7.html
  • 0

#14
mira19925

mira19925

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Alright done with cleaning up the drive & uninstalling combofix


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,996 posts
Hello,

I'm off to work. Can you post a new set of log files from FRST. I'll look at them when I return home.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP