fueryin

Ok, So I ran several scans of the following programs. The folder Im gonna attach will be zipped up and contain all the logs from each program. Going to give a quick summary of how each program went in chronological order. You can chose which to look at. So, I first ran a threat scan of malwarebytes. Everything went well and it didn't find anything. no rootkits or nothing. Next, ran adware cleaner, found one pup. you can review in the log file. Successfully removed. Next step I ran Microsoft Malicious Software Removal Tool and did a quick scan. While scanning, it said it found 5 files infected, but when it was finished scanning, it said my computer was clean? Will come back to that. logs are attached EXTRA Scans These are some extra scans I did with some reliable programs just to be safe. Don't have to review, but may find some things interesting. Ran a scan with HitmanPro. It found some malware and successfully removed it. Can review in logs. Ran Bitdefender. Did a complete computer scan and it claimed to have find nothing, but then 5 mins later after I moved on from bitdeffender, it started giving me notifications it removed malware found in my temp files while it ran in the background. I THINK I was able to get the log of this, and you will see it is under logs--->Bitdefender--->not scan. Ok here's the important stuff. Just to be EXTRA safe, I ran malwarebytes again, and did a custom scan. Configured it to scan for rootkits ect. and all my drives. While running the scan I noticed my computer screen went black and odd colors flashed for about 3 seconds before reverting back to normal. I imagine this was due to high cpu usage hopefully? The only thing it found were two malware already quarantined by FRST. I went ahead and let it encrypt the file again. Next up ran Microsoft Malicious Software Removal Tool using a full scan. took the longest of all the scans going up to about 6 hours. It claimed to have found 5,000 infected files, but I'm sure these files weren't actual threats. I went ahead and let it take care of them, but I somehow managed to lose the log file. Still not too troubled by it, it is a Microsoft built program after all And finally, I did one more scan with FRST and Powertools, just to be safe. The logs are attached. I know this a lot to review, but I did notice that paypal button of yours. I appreciate all your efforts kevin, and I will definitely compensate for all your time in the coming week. Just got to wait for my paycheck XD logs.7z

About to head to bed, just giving you a update so your not left in the dark. Still doing some scans, I will put down a full report after work, should be about 3 hours before you head off to bed. Our timezones are so different

Alright ill be running all the scans ect. Probably wont see you until tomorrow before its done, just a quick question. Since malwarebytes didn't pick up anything the first time earlier today, would it be a smart idea to also scan my system with hitmanpro, bitdefender and do a another scan with FRST? As far as my knowledge is these are also very credible antivurses. Just want to make sure we nuked this thing.

Also want to add, malware bytes isnt running at all so its not in the system tray or task manager. Tried searching through the mb install directory and couldn't find mb-clean.exe. Should I just do a normal uninstall of mbmalware bytes

ok working on getting malwarebytes running, attached powertools. What I found interesting is in my download folder, there is a kEvP64.sys that wasn't here before. I attached it here all zipped up if you'd like to take a look at it. notify.7z kEvP64.7z Also want to add, malware bytes isnt running at all so its not in the system tray or task manager. Tried searching through the mb install directory and couldn't find mb-clean.exe. Should I just do a normal uninstall of mb

hmmm.... seems i am unable to run malware bytes. says unable to connect the service.

alright everything went well. I dont see the program in task manager either! Fixlog.txt

Ok got it running in re. What I did was download it on another computer, put it on a USB, boot my infected computer into re, and only plugged in the USB into my infected computer untill I saw the command prompt. Tricky virus auto corrupting files I download? Anyways, powertools attached. notify.7z

malware bytes did not find anything. program still running.

here you go system-log.txt

Was able to delete all 3 using power tool, rootkit remover came up with no results, but still have that pesky .exe running in the background. Attaching mbar log files, and currently running a full malwarebytes scan of my system with rootkit enable. mbar-log-2017-12-04 (13-13-32).txt

I'm at work right now I'll do all that when I get home but I'm accessing recovery environment by restarting my computer and it asked me if I want to boot into Windows or press F8 for more options and then I press F10 and there's an option to boot into recovery environment

gotcha. And fyi tried running DEL /F /S /Q /A "C:\Windows\System32\exrdpkgsvc.exe in RE command prompt. said deleted so booted up and it came right back. notify.7z

Went ahead and went back into os, ran frst and attached the files. Original programs are gone from taskmanger, but got a new one called exrdpkgsvc FRST.txt Addition.txt

Also forgot to mention couldn't find drivers 1943477D

Ok typed out each command. Got most deleted but it was unable to find vdebhlo.sys, lorvyb.sys, vdeybehl.sys and when I did tried local\igfxmtc\*" I hit enter and it didn't say anything. Didn't say it was deleted or if it was not found. Currently still sitting at the command prompt if you can think of any scripts, don't wanna reboot my computer and have them respawn.

Ok got into recovery, but when i try and launch frst64 through the command prompt its says the .exe is not compatible with my version of windows. I know my system is 64bit and frst runs fine when not in recovery environment.

Did not reboot into recovery environment. Run as admin. Tried this before coming to forums, pretty sure the rootkit disabled this part of windows 10

Here you go. I was running it as admin, finally just went out of safe mode and it worked. notify.7z FRST.txt Addition.txt

Tried running powertools, says drivers cannot be loaded, run again as admin, even though i am. Should I try this out of safe mode?

No I dont.

Here we go, sorry about that Fixlog.txt

My bad. did it again and the fixlog.txt opened, i just cant find where it got saved to?

Alright, log is attached. just a fyi, both are still running in task manager. Fixlog.txt

Which FrST file, the one in my OP or my reply? EDIT: oh ok i thought you meant the .txt files XD