Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant access my files, only left in desktop is recycle bin


  • This topic is locked This topic is locked
17 replies to this topic

#1 jaguar161

jaguar161

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 April 2017 - 07:05 PM

I cant access my files in drive C, although i can access files in the new volume drive G, but i cant copy the files to my external hard drive.

 

 

this is my FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Uer-PC (administrator) on USER (12-04-2017 07:51:33)
Running from G:\
Loaded Profiles: Uer-PC (Available Profiles: Uer-PC)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) G:\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [404376 2015-08-09] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-10] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-04-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd)
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\...\MountPoints2: {0e9a880b-4a3a-11e6-8294-5065f349cd3e} - "F:\Setup.exe" 
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\...\MountPoints2: {3247b931-f49f-11e6-82d4-5065f349cd3e} - "F:\Setup.exe" 
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\...\MountPoints2: {34f2ee47-a863-11e6-82bc-5065f349cd3e} - "F:\Setup.exe" 
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\...\MountPoints2: {79530d95-77ac-11e6-82a3-5065f349cd3e} - "F:\Setup.exe" 
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\...\MountPoints2: {af050bdc-c1d4-11e6-82c7-5065f349cd3e} - "F:\Setup.exe" 
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [217088 2014-11-21] (Microsoft Corporation)
HKLM\...\Providers\3gpj949s: C:\Program Files (x86)\Pepothergrergopy Nodifier\local64spl.dll [307712 2017-04-08] ()
Lsa: [Notification Packages] DPPassFilter scecli
ShellExecuteHooks: No Name - {12C9F498-1484-11E7-A953-64006A5CFC23} -  -> No File
ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll [1062400 2017-04-06] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-04-08] ()
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2849719186-1578162210-3145302438-1002] => hxxp://tech-access.org/wpad.dat?689dda8005e32da75e0f7c835aa4d6b127940561
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F891E48E-5EEA-478D-8746-2863B629A9ED}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://tech-access.org/wpad.dat?689dda8005e32da75e0f7c835aa4d6b127940561
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/129
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/129
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/129
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/129
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/129
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/129
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2849719186-1578162210-3145302438-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-06-27] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Uer-PC\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\94mWtsFs.default\Profiles\94mWtsFs.default [not found]
FF ProfilePath: C:\Users\Uer-PC\AppData\Roaming\Mozilla\Firefox\Profiles\94mWtsFs.default [2017-04-11]
FF NewTab: Mozilla\Firefox\Profiles\94mWtsFs.default -> hxxp://www.initialsite123.com/?z=3e21787cf9dcb79eafcc2cag2z1teg4qdg8t7m1tcz&from=icb&uid=ST1000DM003-1ER162_Z4YAZN8Q&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\94mWtsFs.default -> initialsite123
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\94mWtsFs.default -> initialsite123
FF Homepage: Mozilla\Firefox\Profiles\94mWtsFs.default -> hxxp://www.initialsite123.com/?z=3e21787cf9dcb79eafcc2cag2z1teg4qdg8t7m1tcz&from=icb&uid=ST1000DM003-1ER162_Z4YAZN8Q&type=hp
FF Extension: (Avira Browser Safety) - C:\Users\Uer-PC\AppData\Roaming\Mozilla\Firefox\Profiles\94mWtsFs.default\Extensions\abs@avira.com [2016-07-29]
FF Extension: (Fast search) - C:\Users\Uer-PC\AppData\Roaming\Mozilla\Firefox\Profiles\94mWtsFs.default\Extensions\amcontextmenu@loucypher [2017-04-08]
FF SearchPlugin: C:\Users\Uer-PC\AppData\Roaming\Mozilla\Firefox\Profiles\94mWtsFs.default\searchplugins\3gpj949s.xml [2017-04-08]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-10] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-10]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-12-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-14] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-07-29] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-06-27] (DigitalPersona, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1450734.js [2017-04-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1450734.cfg [2017-04-08] <==== ATTENTION
 
Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://google.com.ph/
CHR StartupUrls: ChromeDefaultData -> "hxxp://google.com.ph/"
CHR Profile: C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-10] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-03]
CHR Extension: (Google Docs) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-03]
CHR Extension: (Google Drive) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (YouTube) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Adblock Plus) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-07]
CHR Extension: (Google Sheets) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (HP Client Security Manager) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-07]
CHR Extension: (Gmail) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]
CHR Extension: (easychrome) - C:\Users\Uer-PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw [2017-04-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-06-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-04-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-04-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-04-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-04-06] (Avira Operations GmbH & Co. KG)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-10] (AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-07-29] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [563000 2014-07-17] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2014-07-17] (Hewlett-Packard Development Company)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219032 2017-04-08] ()
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-10] (AVAST Software s.r.o.)
S3 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-04-10] (AVAST Software s.r.o.)
S3 aswblog; C:\windows\system32\drivers\aswbloga.sys [334088 2017-04-10] (AVAST Software s.r.o.)
S3 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-04-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-04-10] (AVAST Software)
S3 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32600 2017-04-10] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [127112 2017-04-10] (AVAST Software)
S3 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [101152 2017-04-10] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-04-10] (AVAST Software)
S3 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1005048 2017-04-10] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [556784 2017-04-10] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [164064 2017-04-10] (AVAST Software)
S3 aswVmm; C:\windows\system32\drivers\aswVmm.sys [339696 2017-04-10] (AVAST Software)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [161824 2017-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [163976 2017-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-04-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-04-06] (Avira Operations GmbH & Co. KG)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-29] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-28] (Bluestack System Inc. )
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
S3 DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [65752 2013-10-08] (Hewlett-Packard Company)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 flowhlp; C:\windows\System32\drivers\flowhlp.dat [155168 2017-04-08] () [File not signed]
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-08] (REALiX™)
R2 KuaiZipDrive; C:\windows\system32\drivers\KuaiZipDrive.sys [92832 2017-04-08] (WinMount International Inc)
S3 libusb0; C:\windows\system32\DRIVERS\libusb0.sys [52832 2016-10-28] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-08-14] (Intel Corporation)
R0 PinFile; C:\windows\System32\DRIVERS\PinFile.sys [49856 2014-02-04] (WinMagic Inc.)
S3 RtlWlanu; C:\windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-08-01] (Realtek Semiconductor Corporation                           )
R0 SDDisk2K; C:\windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-06-06] (WinMagic Inc.)
R0 SDDToki; C:\windows\System32\DRIVERS\SDDToki.sys [131264 2014-02-04] (WinMagic Inc.)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\Uer-PC\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
S3 xspirit; \??\C:\windows\xspirit.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-12 07:51 - 2017-04-12 07:51 - 00000000 ____D C:\FRST
2017-04-11 13:22 - 2017-04-11 13:22 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-10 20:06 - 2017-04-10 20:06 - 00000000 ___HD C:\$SysReset
2017-04-10 17:35 - 2017-04-10 17:35 - 00032600 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-04-10 17:35 - 2017-04-10 17:35 - 00003884 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1491816943
2017-04-10 17:35 - 2017-04-10 17:35 - 00001066 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-10 17:35 - 2017-04-10 17:35 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-10 17:31 - 2017-04-10 17:31 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\AVAST Software
2017-04-10 17:30 - 2017-04-10 17:30 - 00003914 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-04-10 17:30 - 2017-04-10 17:30 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-10 17:30 - 2017-04-10 17:30 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2017-04-10 17:30 - 2017-04-10 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-10 17:30 - 2017-04-10 17:30 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-10 17:30 - 2017-04-10 17:30 - 00000000 ____D C:\cdn.odc.officeapps.live.com
2017-04-10 17:30 - 2017-04-10 17:29 - 00556784 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-04-10 17:30 - 2017-04-10 17:29 - 00339696 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-04-10 17:30 - 2017-04-10 17:29 - 00164064 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-04-10 17:30 - 2017-04-10 17:29 - 00127112 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-04-10 17:30 - 2017-04-10 17:29 - 00101152 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-04-10 17:30 - 2017-04-10 17:29 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-04-10 17:30 - 2017-04-10 17:29 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-04-10 17:30 - 2017-04-10 17:28 - 01005048 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-04-10 17:30 - 2017-04-10 17:28 - 00334088 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-04-10 17:30 - 2017-04-10 17:28 - 00307736 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-04-10 17:30 - 2017-04-10 17:28 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-04-10 17:30 - 2017-04-10 17:28 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-04-10 17:29 - 2017-04-10 17:29 - 00399944 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-04-10 17:27 - 2017-04-10 17:35 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-10 17:26 - 2017-04-10 17:35 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-10 17:17 - 2017-04-11 10:15 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\KuaiZip
2017-04-10 17:15 - 2017-04-10 17:15 - 00002784 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-04-10 14:54 - 2017-04-12 07:28 - 00000000 ____D C:\officeclient.microsoft.com
2017-04-10 14:54 - 2017-04-10 14:54 - 00000000 ____D C:\clienttemplates.content.office.net
2017-04-10 05:43 - 2017-04-10 05:43 - 00000715 _____ C:\Users\Uer-PC\Desktop\Play MyRO!.lnk
2017-04-09 11:55 - 2017-04-11 13:42 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2849719186-1578162210-3145302438-1002
2017-04-08 16:51 - 2017-04-08 16:53 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\FindIp
2017-04-08 10:56 - 2017-04-08 10:56 - 00000000 __SHD C:\ProgramData\WindowsMsg
2017-04-08 10:55 - 2017-04-08 10:52 - 00516072 _____ (深圳市史宾赛科技有限公司) C:\Users\Uer-PC\AppData\Local\uninst.tmp
2017-04-08 10:55 - 2016-09-19 16:49 - 08955520 ____N (MSFree Inc.) C:\Users\Uer-PC\Desktop\KMSAuto Net.exe
2017-04-08 10:54 - 2016-11-24 08:34 - 05647122 _____ C:\Users\Uer-PC\Desktop\KMSAuto Net 2016 V1.4.7 Portable.zip
2017-04-08 10:52 - 2017-04-08 10:52 - 00155168 _____ C:\windows\system32\Drivers\flowhlp.dat
2017-04-08 10:51 - 2017-04-10 06:04 - 00000000 ____D C:\Program Files (x86)\ttt
2017-04-08 10:51 - 2017-04-08 10:52 - 00000132 _____ C:\ProgramData\log.binb
2017-04-08 10:51 - 2017-04-08 10:52 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\UCChannel
2017-04-08 10:51 - 2017-04-08 10:51 - 00092832 _____ (WinMount International Inc) C:\windows\system32\Drivers\KuaiZipDrive.sys
2017-04-08 10:51 - 2017-04-08 10:51 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\Softlink
2017-04-08 10:51 - 2017-04-08 10:51 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
2017-04-08 10:51 - 2017-04-08 10:51 - 00000000 ____D C:\Program Files\¿ìѹ
2017-04-08 10:51 - 2017-04-06 22:56 - 01062400 ___SH C:\ProgramData\igfxDH.dll
2017-04-08 10:50 - 2017-04-08 16:51 - 00000000 ____D C:\ProgramData\RegisterObject
2017-04-08 10:50 - 2017-04-08 11:01 - 00000000 ____D C:\windows\system32\SSL
2017-04-08 10:50 - 2017-04-08 10:50 - 00027552 _____ (REALiX™) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-04-08 10:50 - 2017-04-08 10:50 - 00002307 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-04-08 10:50 - 2017-04-08 10:50 - 00001092 _____ C:\Users\Uer-PC\Desktop\Play Warframe.lnk
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\windows\IObit
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\IObit
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\Users\Uer-PC\AppData\LocalLow\IObit
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\ProgramData\ProductData
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\ProgramData\IObit
2017-04-08 10:50 - 2017-04-08 10:50 - 00000000 ____D C:\Program Files (x86)\IObit
2017-04-08 10:49 - 2017-04-10 05:45 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\Lhughchihadom
2017-04-08 10:49 - 2017-04-08 10:51 - 00007295 _____ C:\ProgramData\log.ewbt
2017-04-08 10:49 - 2017-04-08 10:51 - 00000128 _____ C:\ProgramData\log.ewbb
2017-04-08 10:49 - 2017-04-08 10:50 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\Inerle
2017-04-08 10:49 - 2017-04-08 10:49 - 00000000 ____D C:\Program Files (x86)\Pepothergrergopy Nodifier
2017-04-08 10:43 - 2017-04-08 10:43 - 00870400 _____ C:\Users\Uer-PC\Desktop\KMSAuto_Net_2016_V1.4.9_Windows_Activator_Portable.iso
2017-04-06 10:09 - 2017-03-04 16:01 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-04-06 10:09 - 2017-03-04 15:59 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-04-06 10:09 - 2017-03-04 15:48 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-04-06 10:09 - 2017-03-04 15:45 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-04-06 10:09 - 2017-03-04 15:44 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-04-06 10:09 - 2017-03-04 15:31 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-04-06 10:09 - 2017-03-04 15:05 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-04-06 10:09 - 2017-03-04 14:54 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-04-06 10:09 - 2017-03-04 14:26 - 15259648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-04-06 10:09 - 2017-03-04 14:25 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-04-06 10:09 - 2017-03-04 14:12 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-04-06 10:09 - 2017-03-04 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-04-06 10:09 - 2017-03-04 12:18 - 20281856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-04-06 10:09 - 2017-03-03 02:01 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-04-06 10:09 - 2017-03-03 01:55 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-04-06 10:09 - 2017-03-03 01:49 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-04-06 10:09 - 2017-03-03 01:25 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-04-06 10:09 - 2017-03-03 01:22 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-04-06 10:09 - 2017-03-03 01:19 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-04-06 10:09 - 2017-03-03 01:11 - 13654528 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-04-06 10:09 - 2017-03-03 00:53 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-04-06 10:09 - 2017-03-03 00:50 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-04-06 10:09 - 2017-03-03 00:50 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-04-06 10:09 - 2017-02-12 03:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-04-06 10:09 - 2017-02-11 13:12 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-04-06 10:09 - 2017-02-11 13:12 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2017-04-06 10:09 - 2017-02-11 13:00 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-04-06 10:09 - 2017-02-11 12:58 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-04-06 10:09 - 2017-02-11 12:56 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-04-06 10:09 - 2017-02-11 03:09 - 04169728 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-04-06 10:09 - 2017-02-10 13:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-04-06 10:09 - 2017-02-10 13:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-04-06 10:09 - 2017-02-10 13:09 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2017-04-06 10:09 - 2017-02-10 13:08 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-04-06 10:09 - 2017-02-10 13:01 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-04-06 10:09 - 2017-02-10 13:00 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-04-06 10:09 - 2017-02-10 12:59 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-04-06 10:09 - 2017-02-10 09:31 - 01549144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-04-06 10:09 - 2017-02-10 08:12 - 01375960 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-04-06 10:09 - 2017-02-09 23:28 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-04-06 10:09 - 2017-02-09 23:19 - 01377792 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-04-06 10:09 - 2017-02-09 23:16 - 01560064 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-04-06 10:09 - 2017-02-09 23:16 - 01094656 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-04-06 10:09 - 2017-02-09 22:59 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2017-04-06 10:09 - 2017-02-09 22:58 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2017-04-06 10:09 - 2017-02-09 22:58 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2017-04-06 10:09 - 2017-02-05 04:32 - 07444832 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-04-06 10:09 - 2017-02-05 04:30 - 01663184 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-04-06 10:09 - 2017-02-05 04:30 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2017-04-06 10:09 - 2017-02-05 04:30 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-04-06 10:09 - 2017-02-05 04:30 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2017-04-06 10:09 - 2017-02-05 03:32 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2017-04-06 10:09 - 2017-02-05 03:30 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-04-06 10:09 - 2017-02-05 02:14 - 01001472 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-04-06 10:09 - 2017-02-05 01:50 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\icm32.dll
2017-04-06 10:09 - 2017-02-05 01:40 - 01754112 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2017-04-06 10:09 - 2017-02-05 01:32 - 00584704 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2017-04-06 10:09 - 2017-02-05 01:17 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\icm32.dll
2017-04-06 10:09 - 2017-02-05 01:10 - 01491456 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2017-04-06 10:09 - 2017-02-05 01:05 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2017-04-06 10:09 - 2017-01-22 05:37 - 00567152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2017-04-06 10:09 - 2017-01-22 03:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-04-06 10:09 - 2017-01-22 03:27 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\auditpolmsg.dll
2017-04-06 10:09 - 2017-01-22 03:27 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-04-06 10:09 - 2017-01-22 03:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-04-06 10:09 - 2017-01-22 03:20 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-04-06 10:09 - 2017-01-22 02:40 - 00756736 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-04-06 10:09 - 2017-01-22 02:40 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpolmsg.dll
2017-04-06 10:09 - 2017-01-22 02:40 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-04-06 10:09 - 2017-01-22 02:37 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-04-06 10:09 - 2017-01-22 01:58 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-04-06 10:09 - 2017-01-22 01:48 - 01437696 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-04-06 10:09 - 2017-01-15 01:49 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wininit.exe
2017-04-06 10:09 - 2017-01-12 03:37 - 02345984 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-04-06 10:09 - 2017-01-11 03:08 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-04-06 10:09 - 2017-01-06 02:20 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-04-06 10:09 - 2017-01-06 02:09 - 07076864 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-04-06 10:09 - 2017-01-06 01:36 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-04-06 10:09 - 2017-01-06 01:29 - 05273600 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-04-06 10:09 - 2017-01-06 01:13 - 07796224 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-04-06 10:09 - 2017-01-06 00:57 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-04-06 10:09 - 2016-11-10 03:22 - 00681472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-04-06 10:08 - 2017-02-23 22:50 - 00093360 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-04-06 10:08 - 2017-02-22 22:35 - 01609216 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 01286144 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 00646656 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 00233984 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-04-06 10:08 - 2017-02-22 22:35 - 00133632 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2017-04-06 10:08 - 2016-06-04 01:11 - 00472576 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-12 07:49 - 2016-07-18 23:10 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-12 07:49 - 2016-03-03 11:31 - 00002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-12 07:49 - 2016-01-19 03:34 - 00001489 _____ C:\Users\Uer-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-12 07:29 - 2016-02-17 10:55 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F7EE8D50-C9E1-452D-A86C-1E6B5ADE6AF8}
2017-04-12 07:28 - 2014-11-21 12:42 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-12 07:28 - 2013-08-22 21:36 - 00000000 ____D C:\windows\Inf
2017-04-11 13:35 - 2016-01-19 03:33 - 00000000 ____D C:\Users\Uer-PC
2017-04-11 13:29 - 2013-08-22 23:36 - 00000000 ____D C:\windows\AppReadiness
2017-04-11 13:18 - 2013-08-22 22:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-04-10 20:09 - 2016-07-18 23:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-10 20:04 - 2016-06-12 18:53 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-10 20:04 - 2016-06-12 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-10 20:04 - 2016-06-12 18:53 - 00000000 ____D C:\Program Files\WinRAR
2017-04-10 17:31 - 2016-02-17 12:22 - 00000000 ____D C:\temp
2017-04-10 17:17 - 2016-03-16 12:46 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\uTorrent
2017-04-10 15:26 - 2013-08-22 23:36 - 00000000 ____D C:\windows\rescache
2017-04-10 06:12 - 2016-01-19 03:34 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\Adobe
2017-04-10 03:48 - 2016-03-03 12:30 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\Zello
2017-04-08 11:23 - 2013-08-22 23:36 - 00000000 ____D C:\windows\system32\FxsTmp
2017-04-08 11:06 - 2016-01-19 03:33 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\Packages
2017-04-08 10:56 - 2016-02-17 12:43 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\MSfree Inc
2017-04-08 10:23 - 2016-02-17 12:18 - 00000000 ____D C:\Program Files (x86)\SMADAV
2017-04-08 10:22 - 2016-01-23 06:07 - 00000000 __SHD C:\Users\Uer-PC\IntelGraphicsProfiles
2017-04-08 10:20 - 2013-08-22 22:44 - 00472712 _____ C:\windows\system32\FNTCACHE.DAT
2017-04-08 10:19 - 2013-08-22 21:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-04-08 10:17 - 2016-01-19 05:57 - 00000000 ____D C:\windows\system32\appraiser
2017-04-08 10:17 - 2013-08-22 23:20 - 00000000 ____D C:\windows\CbsTemp
2017-04-08 10:16 - 2017-01-03 16:10 - 00000000 ____D C:\Users\Uer-PC\AppData\LocalLow\uTorrent
2017-04-07 16:06 - 2017-01-25 20:56 - 00000000 ____D C:\Users\Uer-PC\Downloads\AnJO
2017-04-06 10:40 - 2013-08-22 23:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-06 10:39 - 2015-12-11 09:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-06 10:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-06 10:13 - 2015-02-12 12:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-06 10:11 - 2016-01-19 05:28 - 00000000 ____D C:\windows\system32\MRT
2017-04-06 10:09 - 2016-01-19 05:28 - 138634176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-04-06 09:57 - 2016-03-03 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-06 09:56 - 2016-06-02 08:28 - 00002312 _____ C:\Users\Uer-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-04-06 09:54 - 2016-10-07 12:16 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avusbflt.sys
2017-04-06 09:54 - 2016-03-03 15:23 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2017-04-06 09:54 - 2016-03-03 15:23 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2017-04-06 09:54 - 2016-03-03 15:23 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2017-04-06 09:54 - 2016-03-03 15:23 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2017-04-02 16:08 - 2016-09-12 19:01 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\vlc
2017-03-27 01:37 - 2016-02-17 12:18 - 00000000 __SHD C:\[Smad-Cage]
2017-03-25 14:21 - 2016-08-21 17:52 - 00000000 ____D C:\Users\Uer-PC\AppData\Local\Spotify
2017-03-25 14:12 - 2016-08-21 17:51 - 00000000 ____D C:\Users\Uer-PC\AppData\Roaming\Spotify
 
==================== Files in the root of some directories =======
 
2016-07-31 14:49 - 2016-07-31 14:49 - 0045270 _____ () C:\Users\Uer-PC\AppData\Roaming\room_v3.dat
2017-04-08 10:55 - 2017-04-08 10:52 - 0516072 _____ (深圳市史宾赛科技有限公司) C:\Users\Uer-PC\AppData\Local\uninst.tmp
2015-12-11 09:04 - 2015-12-11 09:06 - 8379534 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-12-11 09:17 - 2015-12-11 09:17 - 1282282 _____ () C:\ProgramData\hpdam_install_log.txt
2015-12-11 09:15 - 2015-12-11 09:15 - 0572924 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2017-04-08 10:51 - 2017-04-06 22:56 - 1062400 ___SH () C:\ProgramData\igfxDH.dll
2017-04-08 10:51 - 2017-04-08 10:52 - 0000132 _____ () C:\ProgramData\log.binb
2017-04-08 10:49 - 2017-04-08 10:51 - 0000128 _____ () C:\ProgramData\log.ewbb
2017-04-08 10:49 - 2017-04-08 10:51 - 0007295 _____ () C:\ProgramData\log.ewbt
 
Files to move or delete:
====================
C:\ProgramData\igfxDH.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-04 05:01
 
==================== End of FRST.txt ============================

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,443 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:30 PM

Posted 11 April 2017 - 07:33 PM

Welcome. :)

 

You are using two antivirus. I would recommend you remove AVIRA and keep AVAST.

Download the attached file [attachment=192958:Fixlist.txt] and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 April 2017 - 10:21 PM

unable to run junkware removal tool, because i cannot save it in my desktop, although i have saved it on drive G: ii tried to run in on drive G: but "location is not available prompt appears,

 

this is the fix log after the first instruction.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Uer-PC (12-04-2017 10:56:30) Run:1
Running from G:\
Loaded Parofiles: Uer-PC (Available Profiles: Uer-PC)
Boot Mode: Normala
==============================================
 
fixlist content:
*****************
GroupPolicy: Restriction <======= ATTENTION 
AutoConfigURL: [S-1-5-21-2849719186-1578162210-3145302438-1002] => hxxp://tech-access.org/wpad.dat?689dda8005e32da75e0f7c835aa4d6b127940561
Hosts:
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
S3 xspirit; \??\C:\windows\xspirit.sys [X]
C:\ProgramData\igfxDH.dll
2016-07-31 14:49 - 2016-07-31 14:49 - 0045270 _____ () C:\Users\Uer-PC\AppData\Roaming\room_v3.dat
2017-04-08 10:55 - 2017-04-08 10:52 - 0516072 _____ (深圳市史宾赛科技有限公司) C:\Users\Uer-PC\AppData\Local\uninst.tmp
2015-12-11 09:04 - 2015-12-11 09:06 - 8379534 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-12-11 09:17 - 2015-12-11 09:17 - 1282282 _____ () C:\ProgramData\hpdam_install_log.txt
2015-12-11 09:15 - 2015-12-11 09:15 - 0572924 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2017-04-08 10:51 - 2017-04-06 22:56 - 1062400 ___SH () C:\ProgramData\igfxDH.dll
2017-04-08 10:51 - 2017-04-08 10:52 - 0000132 _____ () C:\ProgramData\log.binb
2017-04-08 10:49 - 2017-04-08 10:51 - 0000128 _____ () C:\ProgramData\log.ewbb
2017-04-08 10:49 - 2017-04-08 10:51 - 0007295 _____ () C:\ProgramData\log.ewbt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F891E48E-5EEA-478D-8746-2863B629A9ED}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://tech-access.org/wpad.dat?689dda8005e32da75e0f7c835aa4d6b127940561
ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll [1062400 2017-04-06] ()
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-04-08] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1450734.js [2017-04-08] <==== ATTENTION (Points to *.cfg file) 
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1450734.cfg [2017-04-08] <==== ATTENTION 
CHR Profile: C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-10] <==== ATTENTION 
S3 gkernel; \??\C:\Users\Uer-PC\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION 
ShellExecuteHooks: No Name - {12C9F498-1484-11E7-A953-64006A5CFC23} -  -> No File 
S3 gkernel; \??\C:\Users\Uer-PC\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION 
2017-04-11 13:22 - 2017-04-11 13:22 - 00000000 ____D C:\ProgramData\SWCUTemp 
2017-04-08 10:55 - 2017-04-08 10:52 - 00516072 _____ (????????????) C:\Users\Uer-PC\AppData\Local\uninst.tmp 
2017-04-08 10:55 - 2017-04-08 10:52 - 0516072 _____ (????????????) C:\Users\Uer-PC\AppData\Local\uninst.tmp 
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP: 
Reboot:
 
*****************
 
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2849719186-1578162210-3145302438-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\xspirit => key removed successfully
xspirit => service removed successfully
C:\ProgramData\igfxDH.dll => moved successfully
C:\Users\Uer-PC\AppData\Roaming\room_v3.dat => moved successfully
C:\Users\Uer-PC\AppData\Local\uninst.tmp => moved successfully
C:\ProgramData\hpcsmmsilogs.log => moved successfully
C:\ProgramData\hpdam_install_log.txt => moved successfully
C:\ProgramData\HPFileSanitizer_Install_Log.txt => moved successfully
"C:\ProgramData\igfxDH.dll" => not found.
C:\ProgramData\log.binb => moved successfully
C:\ProgramData\log.ewbb => moved successfully
C:\ProgramData\log.ewbt => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F891E48E-5EEA-478D-8746-2863B629A9ED}\\DhcpNameServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => value removed successfully
HKCR\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found. 
HKLM\SOFTWARE\Policies\Google => key removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\1450734.js => moved successfully
C:\Program Files (x86)\mozilla firefox\1450734.cfg => moved successfully
C:\Users\Uer-PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{12C9F498-1484-11E7-A953-64006A5CFC23} => value removed successfully
HKCR\CLSID\{12C9F498-1484-11E7-A953-64006A5CFC23} => key not found. 
gkernel => service not found.
C:\ProgramData\SWCUTemp => moved successfully
"C:\Users\Uer-PC\AppData\Local\uninst.tmp" => not found.
"C:\Users\Uer-PC\AppData\Local\uninst.tmp" => not found.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {0E07CC48-DA60-4A25-8682-28A810F48A54}.
Unable to cancel {50A8FD57-126F-48F9-9378-2522DB1885A6}.
Unable to cancel {5EDC5D44-A6FB-432C-9805-79EE32936A63}.
Unable to cancel {49788023-E3F4-4D01-8B88-6DF0359295BB}.
Unable to cancel {DA56E899-734C-4A68-AEAD-143F0F28F6E1}.
Unable to cancel {6112963B-9349-4E17-9AB3-FE459B2B414D}.
Unable to cancel {C9B07E08-305C-4E33-840C-A74DED92B6FB}.
0 out of 7 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4207904 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 810887959 B
Edge => 0 B
Chrome => 0 B
Firefox => 5828392 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 30492 B
NetworkService => 0 B
Uer-PC => 18671799 B
 
RecycleBin => 207566 B
EmptyTemp: => 808.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:57:22 ====


#4 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 April 2017 - 10:25 PM

oh i did run the JRT this is the log all i have to do is double click it and not run it aas administrator. :)
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 Pro x64 
Ran by Uer-PC (Administrator) on Wed 04/12/2017 at 11:22:42.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\ProgramData\windowsmsg (Folder) 
Successfully deleted: C:\Users\Uer-PC\AppData\Roaming\kuaizip (Folder) 
 
Deleted the following from C:\Users\Uer-PC\AppData\Roaming\Mozilla\Firefox\Profiles\94mWtsFs.default\prefs.js
user_pref(browser.search.searchengine.hp, hxxp://www.initialsite123.com/?z=3e21787cf9dcb79eafcc2cag2z1teg4qdg8t7m1tcz&from=icb&uid=ST1000DM003-1ER162_Z4YAZN8Q&type=hp);
user_pref(browser.search.searchengine.sp, hxxp://www.initialsite123.com/search/?from=icb&q={searchTerms}&type=sp&uid=ST1000DM003-1ER162_Z4YAZN8Q&z=3e21787cf9dcb79eafcc2cag2
user_pref(browser.search.searchengine.uid, ST1000DM003-1ER162_Z4YAZN8Q);
user_pref(browser.search.searchengine.url, hxxp://www.initialsite123.com/search/?from=icb&q={searchTerms}&type=sp&uid=ST1000DM003-1ER162_Z4YAZN8Q&z=3e21787cf9dcb79eafcc2cag
user_pref(browser.urlbar.suggest.searches, true);
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/12/2017 at 11:23:37.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 April 2017 - 11:11 PM

I have successfully scanned and cleaned using adwcleaner but when the computer restarted there was no logfile. and a "hard error prompt" appeared



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,443 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:30 PM

Posted 12 April 2017 - 06:36 AM

Lets check for a rootkit.

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,443 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:30 PM

Posted 12 April 2017 - 07:03 AM

If needed, lets fix the computer permissions.
 
Download Windows Repair version 3.9.27 (All in One) from here
 
Install the program then run it. (Be patient as it should take some time to finish)
 
NOTE 1. In Windows Vista, 7, 8 and 10 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

  • Go to Step 5 and under "System Restore" click on Create button:
  • Go to Repairs tab and click Open Repairs button.
  • Allow the application to perform a backup
  • Follow these steps:
  • No need to go throughout all the tabs, as those tasks were done.
  • Click on all Repairs button twice.
  • From the main window, select the first three and number 12,  Reset (Registry, File and Service) Permissions and Repair Icons

 NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

  •  Click on Start Repairs button and let it run unhindered until finished.

 
Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:

  •  64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
  • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 
Restart and test the computer.


Edited by JSntgRvr, 12 April 2017 - 07:06 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 12 April 2017 - 07:50 AM

I can only download files to my drive G: and not on  desktop because the " location not found" appears, and also if i run a file as an administrator the file crashes, i will try to just double click it and see what happens.



#9 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 12 April 2017 - 08:48 AM

after cleanup and reboot, i cannot acces the desktop all i can see is a balck screen and my mouse pointer, i press ctrl+alt+delete den restart but i still end up with the black screen.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,443 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:30 PM

Posted 12 April 2017 - 11:00 AM

Are you able to boot to the Recovery Environment. What OS is installed in the computer you are using to communicate with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 12 April 2017 - 11:56 AM

windows 8.1 64bit is thw OS of the pc that i am trying to repair. which is also the pc that i used in communicating with you. now im using my smartphone since i cannot access my pc. how to boot to recovery environment.

#12 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 12 April 2017 - 12:09 PM

i turned on my pc to check if i can access the recovery. to my surprise i can now access the pc. but its slow. thanks i think i can recover my files for now. what do i do next?

#13 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 12 April 2017 - 01:04 PM

i did run the windows repair. so far i can access all my files. a little bit slow but i guess problem is solved. thanks for the huge help. ill test and observe it. thanks again! :)

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,443 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:30 PM

Posted 12 April 2017 - 01:18 PM

You still have the two antivirus present? You can only use one antivirus. More than one will make the computer crash.

 

Try going to Start/Search and type diskmgmt.msc Right click the diskmgmt icon in the search results and Run As Administrator. In Disk Management, right click the Partition and choose Properties/Security/Advanced/Owner and add your user account as the Owner of the drive.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 jaguar161

jaguar161
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 13 April 2017 - 11:02 AM

i have already deleted the avira. i only have avast as my antivirus. tommorrow i will post a FRST log. to make sure that i dont have any problem. if thats okay. thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users