Removal And Cleaning Virus - system32.exe

Hi all,

I need assistant to remove unwanted program in my laptop suspected a malware. I have attached reports from malware and frst as required. FYI, this is second laptop,4th modems since the first incident. The first laptop been hacked by IT expert and there’s another story… I hope the experts here can resolve this for me… This malware override the antivirus and user account. No notification asked from avast. Lots of extension files and unknown program like Hyper V Powershell and consume 99-100% of the disk.

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
CHR NewTab: Default ->  Not-active:"chrome-extension://pepoggcjhfobfcdfmpfokfighfjnfhjk/newtabproduct.html", Not-active:"chrome-extension://maedhjefckjfcmahamefeenlgdcddpcc/productnewtab.html", Not-active:"chrome-extension://bhebhhjlpcpnoaipjkghnkplmekcbeeh/productnewtab.html", Not-active:"chrome-extension://fhphlengpfffhlebfagkmmahimbkfmgg/productnewtab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms}
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Remove these Chrome extensions:

OnlineWorkSuite
FunCustomCreations
FromDocToPDF
Search for Chrome
FromDocToPDF

Hi Sass,

Thank you so much. Attached is the fixlog report for your perusal.

Can you give us more details about “This malware override the antivirus and user account” and “Lots of extension files and unknown program like Hyper V Powershell and consume 99-100% of the disk”. Screenshots would be very useful.