Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows infected? I cannot install anti-virus and all browser wont load


  • Please log in to reply
3 replies to this topic

#1 apple_tree

apple_tree

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:26 PM

Posted Yesterday, 06:31 AM

Hi team,

 

Hope someone can help me on this serious issue that i facing almost 6months. I use old machine 

 

windows 7 svc pack 1 , 32-bit

intel core2 4ghz 

installed memory 1gb

 

Problem:-

All browser wont load except choromonium portable (now typing using chorominium)

Pop-up RunDLL stopped

Cannot install all free trial anti-virus due to microsoft framework NET issue

Cannot install microsoft framework NET

Everytime shutdown there is pop-up warning to force close task host

 

Solution i'd try:-

have use malwarebytes to scan and all trojan,malware,spyware,aget etc deleted but still facing above problem.

I also already run scannow on cmd, all is good

I already run RKill

 

 

can someone help me on this? I am clueless with my problem


Edited by apple_tree, Yesterday, 07:47 AM.


BC AdBot (Login to Remove)

 


#2 apple_tree

apple_tree
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:26 PM

Posted Yesterday, 07:48 AM

Is it safe to delete all detected malware from malwarebytes?

 

Report from Malwarebytes:-

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/17/18
Scan Time: 8:04 PM
Log File: b3393d98-a215-11e8-90a4-001d72473944.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.6387
License: Premium
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: My_Laptop-PC\My_Laptop
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 341391
Threats Detected: 12
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 33 min, 50 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 6
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{3B5C091F-4489-6515-680C-9E37EF70F6AF}, No Action By User, [408], [511696],1.0.6387
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4F1516DC-1A54-4FC6-9CA9-9A8F215C5A20}, No Action By User, [408], [511696],1.0.6387
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4F1516DC-1A54-4FC6-9CA9-9A8F215C5A20}, No Action By User, [408], [511696],1.0.6387
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{6DE62B1A-6095-5C2C-F1F3-EA6670FACFA1}, No Action By User, [408], [511696],1.0.6387
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{781F56BC-4705-4382-ADC8-EEB4C78E5588}, No Action By User, [408], [511696],1.0.6387
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{781F56BC-4705-4382-ADC8-EEB4C78E5588}, No Action By User, [408], [511696],1.0.6387
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 6
Adware.FileTour, C:\WINDOWS\SYSTEM32\TASKS\{3B5C091F-4489-6515-680C-9E37EF70F6AF}, No Action By User, [408], [511696],1.0.6387
Adware.FileTour, C:\WINDOWS\SYSTEM32\TASKS\{6DE62B1A-6095-5C2C-F1F3-EA6670FACFA1}, No Action By User, [408], [511696],1.0.6387
Trojan.MalPack, C:\PROGRAM FILES\A.EXE, No Action By User, [4159], [553632],1.0.6387
MachineLearning/Anomalous.100%, C:\PROGRAM FILES\NDG1MZQ0O\ZDNHZGJMZDCZMTY4YW.EXE, No Action By User, [0], [392687],1.0.6387
MachineLearning/Anomalous.97%, C:\USERS\MY_LAPTOP\APPDATA\LOCAL\TEMP\INSTALLATION.EXE, No Action By User, [0], [392687],1.0.6387
Generic.Malware/Suspicious, C:\USERS\MY_LAPTOP\APPDATA\LOCAL\TEMP\INSTALLER_MI.EXE, No Action By User, [0], [392686],1.0.6387
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

 

Report from RKill:-

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/17/2018 05:45:37 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
 
  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!
 
  * HKCU\SOFTWARE\Classes\.bat "@" exists and is set to batfile!
  * HKCU\SOFTWARE\Classes\.bat has been deleted!
  * HKCU\SOFTWARE\Classes\.com "@" exists and is set to !
  * HKCU\SOFTWARE\Classes\.com has been deleted!
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 08/17/2018 05:46:46 PM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted Yesterday, 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please rune Malwarebytes and delete all the items reported.

Restart the computer normally.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Let me know if the problems persists.

Wait for further instructions
==============================

#4 apple_tree

apple_tree
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:26 PM

Posted Today, 05:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

 

 

Hi nasdaq. thanks for the reply. here i provide FRTS log and please find the attached file as per request.

 

Attached File  Addition.txt   52.69KB   0 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by My_Laptop (administrator) on MY_LAPTOP-PC (18-08-2018 16:06:10)
Running from C:\Users\My_Laptop\Downloads\Programs
Loaded Profiles: My_Laptop (Available Profiles: My_Laptop)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\My_Laptop\AppData\Local\Chromium\Application\chrome.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(The Chromium Authors) C:\Users\My_Laptop\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\My_Laptop\AppData\Local\Chromium\Application\chrome.exe
(Nullsoft) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The Chromium Authors) C:\Users\My_Laptop\AppData\Local\Chromium\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\MountPoints2: {18f5ad4e-bfc0-11e2-b4f1-001d72473944} - F:\AutoRun.exe
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\MountPoints2: {8a6874f3-a0f3-11de-a1b3-001d72473944} - I:\LaunchU3.exe -a
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\MountPoints2: {a764af87-b7fb-11e2-9f0e-001d72473944} - G:\AutoRun.exe
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\MountPoints2: {a764afc6-b7fb-11e2-9f0e-001d72473944} - F:\AutoRun.exe
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-353640633-1636957921-1729688807-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85F27021-D123-4561-A5E1-AE6EB006275A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9615EBE1-DEFD-4748-AF49-63AE3BE95AFE}: [NameServer] 156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{9615EBE1-DEFD-4748-AF49-63AE3BE95AFE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-353640633-1636957921-1729688807-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://.msn.com/?rd=1
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-353640633-1636957921-1729688807-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-353640633-1636957921-1729688807-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-353640633-1636957921-1729688807-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: No Name -> {DB7973F6-D2C5-3C1B-DEE6-A8BA50E34DE9} -> No File
BHO: No Name -> {E284A7E0-D7CD-DB05-4DF3-127105DF7DEB} -> No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-353640633-1636957921-1729688807-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: r4krhodf.default
FF ProfilePath: C:\Users\My_Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\r4krhodf.default [2018-08-17]
FF ProfilePath: C:\Users\My_Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l1qdff0b.default-1532235959581 [2018-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-22] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-05] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-04-05] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-353640633-1636957921-1729688807-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\My_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\npsoe.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\My_Laptop\AppData\Local\Google\Chrome\User Data\Default [2018-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\My_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2010-04-03] (Adobe Systems) [File not signed]
S4 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [77904 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [23120 2009-04-22] (AMD)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-17] (DT Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128736 2018-04-26] (Malwarebytes)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 IUFileFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys [20368 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys [24976 2017-06-13] (IObit.com)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165088 2018-08-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [93920 2018-08-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-08-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-18] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-18] (Malwarebytes)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
U3 aswbdisk; no ImagePath
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S4 Mpssgrosawk; no ImagePath
S1 MWVkOG; system32\drivers\MWVkOG.sys [X]
S1 NTk5ZTUxY2; system32\drivers\NTk5ZTUxY2.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-04-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-18 16:07 - 2018-08-18 16:07 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-18 16:07 - 2018-08-18 16:07 - 000165088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-18 16:07 - 2018-08-18 16:07 - 000093920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-18 16:07 - 2018-08-18 16:07 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-18 16:07 - 2018-08-18 16:07 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-17 20:02 - 2018-08-17 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-17 20:01 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-17 17:00 - 2018-08-17 17:01 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\My_Laptop\Downloads\iExplore.exe
2018-08-16 18:05 - 2018-08-16 18:05 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-08-16 17:52 - 2018-08-16 17:52 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-16 17:48 - 2018-08-16 18:17 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-16 17:07 - 2018-08-16 17:07 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-16 17:07 - 2018-08-16 17:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-16 14:51 - 2018-08-18 16:06 - 000000000 ____D C:\FRST
2018-08-16 14:42 - 2018-08-17 20:41 - 000000000 ____D C:\Program Files\NDg1MzQ0O
2018-08-15 20:24 - 2018-08-17 19:59 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2018-08-15 16:34 - 2018-08-17 19:36 - 000000000 ____D C:\Windows\{5D923F0B-611A-4D16-AA73-1140E7E993B4}
2018-08-15 16:16 - 2018-08-16 16:41 - 000000000 ____D C:\Users\My_Laptop\AppData\Local\XService
2018-08-15 16:16 - 2018-08-15 16:16 - 000000003 _____ C:\Users\My_Laptop\AppData\Local\wbem.ini
2018-08-15 15:21 - 2018-08-17 20:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-15 15:21 - 2018-08-15 15:21 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2018-08-15 05:54 - 2018-08-15 05:54 - 000096387 _____ C:\Windows\uninstaller.dat
2018-08-12 23:12 - 2018-08-17 19:53 - 000000000 ____D C:\Users\My_Laptop\Desktop\SS only
2018-07-25 14:11 - 2018-07-25 14:11 - 000000129 _____ C:\Users\My_Laptop\Downloads\thingtodo.txt
2018-07-22 23:00 - 2018-07-22 23:01 - 000145232 _____ C:\Windows\Minidump\072218-26301-01.dmp
2018-07-22 23:00 - 2018-07-22 23:00 - 177835307 _____ C:\Windows\MEMORY.DMP
2018-07-21 15:28 - 2018-07-21 16:39 - 000000000 ____D C:\Users\My_Laptop\AppData\Roaming\Opera Software
2018-07-21 13:24 - 2018-08-17 20:58 - 000000000 ____D C:\Users\My_Laptop\AppData\LocalLow\Mozilla
2018-07-21 13:23 - 2018-07-21 13:24 - 000000000 ____D C:\Users\My_Laptop\AppData\Roaming\Mozilla
2018-07-21 13:23 - 2018-07-21 13:23 - 000000000 ____D C:\Users\My_Laptop\AppData\Local\Mozilla
2018-07-19 19:20 - 2018-08-18 10:30 - 000000000 ____D C:\Program Files\FxPro - MetaTrader 4
2018-07-19 19:20 - 2018-07-19 19:20 - 000001899 _____ C:\Users\Public\Desktop\FxPro - MetaTrader 4.lnk
2018-07-19 19:20 - 2018-07-19 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxPro - MetaTrader 4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-18 16:01 - 2018-07-17 10:38 - 000000000 ____D C:\Users\My_Laptop\AppData\Roaming\Telegram Desktop 0
2018-08-18 15:56 - 2018-07-17 10:48 - 000000000 ____D C:\Users\My_Laptop\AppData\Roaming\Telegram Desktop 1
2018-08-18 15:56 - 2018-04-13 12:06 - 000000000 ____D C:\Users\My_Laptop\AppData\Roaming\Telegram Desktop
2018-08-18 15:44 - 2009-04-22 16:08 - 000006048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-18 15:44 - 2009-04-22 16:08 - 000006048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-18 14:23 - 2009-09-08 16:49 - 000000155 _____ C:\Windows\winamp.ini
2018-08-18 14:11 - 2009-04-22 16:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-17 20:01 - 2017-01-24 15:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-17 19:53 - 2009-09-08 16:21 - 000000000 ____D C:\Users\My_Laptop
2018-08-16 19:12 - 2009-09-08 16:26 - 000795044 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-16 19:12 - 2009-04-22 14:17 - 000000000 ____D C:\Windows\inf
2018-08-16 18:09 - 2017-11-22 19:13 - 000000000 _____ C:\Windows\system32\last.dump
2018-08-16 16:46 - 2017-01-24 16:16 - 000000258 __RSH C:\Users\My_Laptop\ntuser.pol
2018-08-16 16:46 - 2017-01-24 16:16 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-08-16 16:45 - 2009-04-22 14:17 - 000000000 ____D C:\Windows\LiveKernelReports
2018-08-15 21:41 - 2013-05-26 19:52 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-08-15 20:23 - 2013-12-23 14:21 - 000000000 ____D C:\Users\My_Laptop\Downloads\Compressed
2018-08-13 15:35 - 2018-04-13 16:10 - 000000000 ____D C:\Users\My_Laptop\Downloads\Telegram Desktop
2018-08-12 14:16 - 2017-11-14 17:12 - 000000000 ____D C:\SierraChart
2018-08-10 15:30 - 2015-03-25 20:48 - 000000000 ____D C:\Users\My_Laptop\AppData\Roaming\MetaQuotes
2018-08-04 23:10 - 2009-04-22 16:27 - 000032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-07-22 23:17 - 2018-07-14 20:30 - 000000000 ____D C:\ProgramData\Apple
2018-07-22 23:17 - 2015-12-14 21:54 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-22 23:10 - 2010-10-13 12:49 - 000000000 ____D C:\Program Files\Google
2018-07-22 23:00 - 2009-12-03 22:18 - 000000000 ____D C:\Windows\Minidump
2018-07-22 13:57 - 2010-06-01 05:26 - 000627206 _____ C:\Windows\ntbtlog.txt
2018-07-22 13:16 - 2011-08-05 23:14 - 000000000 ____D C:\Users\My_Laptop\AppData\Local\ElevatedDiagnostics
2018-07-21 23:50 - 2009-04-22 18:25 - 000000000 ____D C:\Windows\RemotePackages
2018-07-21 16:39 - 2016-01-02 14:22 - 000000000 ____D C:\Users\My_Laptop\AppData\Local\Opera Software
2018-07-21 15:37 - 2009-09-08 16:41 - 000000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2015-12-06 00:10 - 2015-12-06 00:10 - 006420480 _____ () C:\Program Files\GUT7456.tmp
2014-11-18 17:14 - 2014-11-18 17:14 - 006000640 _____ () C:\Program Files\GUT8F83.tmp
1601-01-03 21:33 - 1601-01-03 21:33 - 000072704 ____N (Microsoft Corporation) C:\Program Files\mMtugoenkIh.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000185856 ____N (Microsoft Corporation) C:\Program Files\Common Files\hBdmET.exe
2015-09-09 13:32 - 2015-09-09 13:32 - 000044968 _____ () C:\Users\My_Laptop\AppData\Roaming\17E8.exe
2015-09-14 23:41 - 2015-09-14 23:41 - 000001245 _____ () C:\Users\My_Laptop\AppData\Roaming\2A3E.exe
2015-12-17 20:10 - 2015-12-17 20:10 - 000065408 _____ () C:\Users\My_Laptop\AppData\Roaming\45CB.exe
2015-09-09 13:17 - 2015-09-09 13:17 - 000040880 _____ () C:\Users\My_Laptop\AppData\Roaming\4FA7.exe
2015-08-09 15:18 - 2015-08-09 15:18 - 000001245 _____ () C:\Users\My_Laptop\AppData\Roaming\6D0B.exe
2015-12-17 20:00 - 2015-12-17 20:00 - 000036792 _____ () C:\Users\My_Laptop\AppData\Roaming\844B.exe
2015-09-09 13:35 - 2015-09-09 13:35 - 000032704 _____ () C:\Users\My_Laptop\AppData\Roaming\8EA8.exe
2015-10-11 17:41 - 2015-10-11 17:41 - 000000286 _____ () C:\Users\My_Laptop\AppData\Roaming\B5C.exe
2015-09-09 15:49 - 2015-09-09 15:49 - 000000391 _____ () C:\Users\My_Laptop\AppData\Roaming\FEDB.exe
2013-05-31 14:10 - 2013-06-01 16:12 - 000138056 _____ () C:\Users\My_Laptop\AppData\Roaming\PnkBstrK.sys
2016-08-04 10:46 - 2016-08-04 10:49 - 000341504 _____ () C:\Users\My_Laptop\AppData\Roaming\wsrv_28dc374d.dat
2015-12-06 21:01 - 2015-10-27 01:04 - 000003802 ___SH () C:\Users\My_Laptop\AppData\Roaming\Microsoft\auto.bat
2015-12-06 21:01 - 2010-03-05 07:21 - 000000109 ___SH () C:\Users\My_Laptop\AppData\Roaming\Microsoft\changelog
2015-12-06 21:01 - 2010-03-09 04:15 - 000048222 ___SH () C:\Users\My_Laptop\AppData\Roaming\Microsoft\hidcon.map
2015-12-06 21:01 - 2015-10-27 00:58 - 000000017 ___SH () C:\Users\My_Laptop\AppData\Roaming\Microsoft\st.bat
2011-05-26 00:57 - 2011-05-27 18:34 - 000010372 ___SH () C:\Users\My_Laptop\AppData\Local\08ws5b4sdx30
2011-06-24 20:34 - 2011-06-24 20:34 - 000003584 _____ () C:\Users\My_Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-08 18:13 - 2018-07-14 23:18 - 000007599 _____ () C:\Users\My_Laptop\AppData\Local\resmon.resmoncfg
2018-08-15 16:16 - 2018-08-15 16:16 - 000000003 _____ () C:\Users\My_Laptop\AppData\Local\wbem.ini
2011-06-26 23:36 - 2011-06-26 23:36 - 000000000 _____ () C:\Users\My_Laptop\AppData\Local\{0907FA78-DF0B-4579-8E3E-4A97365E8E0B}
2011-10-05 00:52 - 2011-10-05 00:52 - 000000000 _____ () C:\Users\My_Laptop\AppData\Local\{6B3884FF-F5A8-42D7-A253-109DCBA9F81B}
2011-06-26 22:15 - 2011-06-26 22:15 - 000000000 _____ () C:\Users\My_Laptop\AppData\Local\{F59554BF-3432-476A-AF8A-DA021390F648}
 
Some files in TEMP:
====================
2018-08-15 16:16 - 2018-08-15 16:20 - 015440200 _____ (ChemTable Software                                          ) C:\Users\My_Laptop\AppData\Local\Temp\ratup.exe
2018-08-15 16:15 - 2018-08-15 16:15 - 000349696 _____ () C:\Users\My_Laptop\AppData\Local\Temp\RegOrganizer.exe
2018-08-15 16:15 - 2018-08-15 16:15 - 000340992 _____ () C:\Users\My_Laptop\AppData\Local\Temp\TigerTrade.exe
2018-08-15 16:16 - 2018-08-15 16:16 - 001129939 _____ (Your.Software                                               ) C:\Users\My_Laptop\AppData\Local\Temp\whiteclick.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\uat.vpx.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-03 00:38
 
==================== End of FRST.txt ============================

Edited by apple_tree, Today, 05:57 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users