Smartservice virus Nothing worked from forumns

dkrufnkz · September 8, 2017

I have tried everything in the forums and nothing has worked. Malwarebytes chamelon will not run and help menu will not appear using sny method described in the forum. I am thinking I will have to reset the whole computer which I do not want to do. Any help will be appreciated. Thank you.

FRST.txt

Addition.txt

Aura · September 9, 2017

Hi dkrufnkz

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.

dkrufnkz · September 9, 2017

Could not load DDA driver. Tried on reboot and did not run.

Aura · September 9, 2017

Alright. Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Fix button
On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
Copy and paste its content in your next reply

fixlist.txt

dkrufnkz · September 9, 2017

8GB usb. Error No fixlist.txt found even though file is there.

dkrufnkz · September 9, 2017

Got it to work.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Adrianna (08-09-2017 20:45:01) Run:5
Running from E:\
Loaded Profiles: Adrianna (Available Profiles: Adrianna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\
CMD: dir C:\Windows\system32\drivers
*****************

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

========= dir C:\Windows\ =========

Volume in drive C is OS
Volume Serial Number is 1852-E956

Directory of C:\Windows

09/08/2017 06:03 PM <DIR> .
09/08/2017 06:03 PM <DIR> ..
07/16/2016 07:47 AM <DIR> addins
09/21/2016 11:38 AM <DIR> appcompat
06/24/2017 04:08 AM <DIR> AppPatch
09/07/2017 06:54 PM <DIR> AppReadiness
10/25/2014 05:56 PM <DIR> AUInstallAgent
10/06/2016 06:23 PM 53,208 avastSS.scr
08/15/2017 06:14 AM <DIR> bcastdvr
07/16/2016 07:42 AM 61,440 bfsvc.exe
07/16/2016 07:47 AM <DIR> Boot
07/16/2016 07:47 AM <DIR> Branding
09/05/2017 07:57 PM <DIR> CbsTemp
07/16/2016 07:43 AM 33,498 Core.xml
07/25/2012 04:15 PM 31,497 CoreSingleLanguage.xml
02/15/2013 06:53 AM 12 csup.txt
07/16/2016 07:47 AM <DIR> Cursors
09/05/2017 07:32 PM <DIR> debug
09/20/2016 03:28 PM 7,623 diagerr.xml
07/16/2016 07:47 AM <DIR> diagnostics
09/20/2016 03:28 PM 7,623 diagwrn.xml
07/16/2016 10:14 AM <DIR> DigitalLocker
02/15/2013 07:38 AM <DIR> eBayDesktopShortcut
09/20/2016 03:09 PM <DIR> en
07/16/2016 10:14 AM <DIR> en-US
12/09/2015 03:06 PM 2,259 epplauncher.mif
07/12/2017 01:55 AM 4,674,872 explorer.exe
07/16/2016 07:47 AM <DIR> GameBarPresenceWriter
07/16/2016 07:47 AM <DIR> Globalization
07/16/2016 10:14 AM <DIR> Help
06/03/2017 04:52 AM 975,872 HelpPane.exe
07/16/2016 07:42 AM 18,432 hh.exe
07/16/2016 10:14 AM <DIR> IME
08/15/2017 06:14 AM <DIR> ImmersiveControlPanel
09/07/2017 10:02 PM <DIR> INF
07/16/2016 07:47 AM <DIR> InfusedApps
09/20/2016 03:01 PM <DIR> InputMethod
07/16/2016 07:47 AM <DIR> L2Schemas
06/27/2017 02:06 PM <DIR> LiveKernelReports
09/05/2017 10:37 PM <DIR> Logs
04/19/2016 05:38 PM <DIR> MediaViewer
07/16/2016 07:42 AM 43,131 mib.bin
09/08/2017 04:19 PM <DIR> Microsoft.NET
07/16/2016 07:47 AM <DIR> Migration
09/05/2017 07:32 PM <DIR> Minidump
09/20/2016 02:55 PM <DIR> MiracastView
07/16/2016 07:47 AM <DIR> ModemLogs
07/16/2016 07:43 AM 243,200 notepad.exe
07/16/2016 10:15 AM <DIR> OCR
07/16/2016 07:47 AM <DIR> Offline Web Pages
02/15/2013 07:26 AM <DIR> Options
03/01/2017 06:49 PM <DIR> Panther
07/16/2016 07:47 AM <DIR> Performance
07/16/2016 07:47 AM <DIR> PLA
05/11/2017 09:10 PM <DIR> PolicyDefinitions
09/08/2017 08:38 PM <DIR> Prefetch
03/21/2017 10:10 PM <DIR> PrintDialog
08/15/2017 06:14 AM <DIR> Provisioning
09/07/2017 04:04 PM <DIR> pss
03/04/2017 02:18 AM 320,512 regedit.exe
09/20/2016 03:25 PM <DIR> Registration
08/18/2017 05:43 PM <DIR> rescache
07/16/2016 07:47 AM <DIR> Resources
07/16/2016 07:47 AM <DIR> SchCache
07/16/2016 07:47 AM <DIR> schemas
07/16/2016 07:47 AM <DIR> security
09/20/2016 02:51 PM <DIR> ServiceProfiles
12/19/2016 07:07 PM <DIR> servicing
07/16/2016 07:49 AM <DIR> Setup
09/08/2017 08:33 PM 1,588 setupact.log
09/08/2017 05:20 PM 0 setuperr.log
08/15/2017 06:14 AM <DIR> ShellExperiences
07/16/2016 10:14 AM <DIR> SKB
09/06/2017 03:33 PM <DIR> SoftwareDistribution
07/16/2016 07:47 AM <DIR> Speech
07/16/2016 07:47 AM <DIR> Speech_OneCore
10/14/2016 11:59 PM 130,560 splwow64.exe
07/16/2016 07:47 AM <DIR> System
08/22/2013 09:25 AM 219 system.ini
09/07/2017 10:03 PM <DIR> System32
07/16/2016 10:29 AM <DIR> SystemApps
07/16/2016 07:47 AM <DIR> SystemResources
09/07/2017 03:00 PM <DIR> SysWOW64
07/16/2016 07:47 AM <DIR> TAPI
09/08/2017 02:49 PM <DIR> Tasks
09/08/2017 07:45 PM <DIR> Temp
04/19/2016 04:41 PM <DIR> ToastData
07/16/2016 07:47 AM <DIR> tracing
09/07/2017 03:00 PM <DIR> Trend Micro
01/30/2017 08:43 PM <DIR> twain_32
07/16/2016 07:43 AM 66,560 twain_32.dll
08/22/2013 11:36 AM <DIR> vpnplugins
07/16/2016 07:47 AM <DIR> Vss
07/16/2016 07:47 AM <DIR> Web
02/15/2013 07:37 AM 124 win.ini
09/08/2017 07:05 PM 275 WindowsUpdate.log
07/16/2016 07:42 AM 10,240 winhlp32.exe
09/07/2017 03:43 PM <DIR> WinSxS
09/12/2012 07:57 PM 322,048 WLXPGSS.SCR
07/16/2016 07:43 AM 316,640 WMSysPr9.prx
07/16/2016 07:42 AM 11,264 write.exe
09/07/2017 02:51 PM 45,005 ZAM.krnl.trace
09/08/2017 08:45 PM 79,865 ZAM_Guard.krnl.trace
27 File(s) 7,457,567 bytes
76 Dir(s) 358,420,590,592 bytes free

========= End of CMD: =========

========= dir C:\Windows\system32\drivers =========

Volume in drive C is OS
Volume Serial Number is 1852-E956

Directory of C:\Windows\system32\drivers

09/08/2017 05:54 PM <DIR> .
09/08/2017 05:54 PM <DIR> ..
02/15/2013 06:14 AM 3,009 1028_Dell_INS_3521.mrk
07/16/2016 07:41 AM 235,520 1394ohci.sys
07/16/2016 07:41 AM 107,360 3ware.sys
07/16/2016 07:41 AM 705,888 acpi.sys
07/16/2016 07:41 AM 18,432 AcpiDev.sys
07/16/2016 07:42 AM 126,816 acpiex.sys
07/16/2016 07:41 AM 12,288 acpipagr.sys
07/16/2016 07:41 AM 14,336 acpipmi.sys
07/16/2016 07:41 AM 13,312 acpitime.sys
07/16/2016 07:41 AM 1,135,456 adp80xx.sys
10/15/2016 12:21 AM 584,032 afd.sys
07/16/2016 07:42 AM 107,520 agilevpn.sys
10/14/2016 11:31 PM 227,328 ahcache.sys
07/16/2016 07:41 AM 123,392 amdk8.sys
07/16/2016 07:41 AM 120,832 amdppm.sys
07/16/2016 07:41 AM 83,296 amdsata.sys
07/16/2016 07:41 AM 259,424 amdsbs.sys
07/16/2016 07:41 AM 26,976 amdxata.sys
07/16/2016 07:42 AM 172,896 appid.sys
07/16/2016 07:42 AM 15,360 applockerfltr.sys
07/16/2016 07:41 AM 131,936 arcsas.sys
07/21/2017 08:11 AM 320,008 aswbidsdrivera.sys
07/21/2017 08:11 AM 198,976 aswbidsha.sys
07/21/2017 08:11 AM 343,288 aswbloga.sys
07/21/2017 08:11 AM 57,728 aswbuniva.sys
11/27/2016 04:38 PM 82,936 aswHdsKe.sys
06/27/2017 02:01 PM 46,984 aswHwid.sys
06/27/2017 02:01 PM 41,800 aswKbd.sys
08/14/2017 05:23 AM 146,704 aswmonflt.sys
06/27/2017 02:01 PM 146,664 aswmonflt.sys.150063943789003
06/27/2017 02:01 PM 110,352 aswRdr2.sys
06/27/2017 02:01 PM 84,392 aswRvrt.sys
08/14/2017 05:23 AM 1,015,880 aswsnx.sys
10/06/2016 06:22 PM 969,560 aswsnx.sys.147579288534307
06/27/2017 02:01 PM 585,608 aswSP.sys
10/06/2016 06:23 PM 513,496 aswsp.sys.147579289073410
03/22/2017 06:35 PM 547,904 aswsp.sys.149022219425004
03/22/2017 06:36 PM 548,928 aswsp.sys.149022220376509
06/27/2017 02:01 PM 198,768 aswStm.sys
07/01/2017 10:23 AM 361,336 aswVmm.sys
02/11/2017 05:28 AM 337,080 aswvmm.sys.148680547295304
03/22/2017 06:35 PM 337,592 aswvmm.sys.149022219746806
07/16/2016 07:42 AM 28,160 asyncmac.sys
07/16/2016 07:41 AM 28,512 atapi.sys
07/16/2016 07:41 AM 191,840 ataport.sys
05/19/2016 09:33 AM 246,804 AtherosBT.bin
05/19/2016 09:33 AM 44,028 AthrBT_0x01020200.dfu
05/19/2016 09:33 AM 45,868 AthrBT_0x01020201.dfu
05/19/2016 09:33 AM 46,972 AthrBT_0x11020000.dfu
05/19/2016 09:33 AM 46,852 AthrBT_0x11020100.dfu
05/19/2016 09:33 AM 46,908 AthrBT_0x31010000.dfu
05/19/2016 09:33 AM 40,684 AthrBT_0x31010000_ss01.dfu
05/19/2016 09:33 AM 42,908 AthrBT_0x31010100.dfu
07/16/2016 07:41 AM 4,233,728 athw8x.sys
09/07/2017 03:46 PM 166,624 avgbdiska.sys
09/07/2017 03:46 PM 314,128 avgbidsdrivera.sys
09/07/2017 03:46 PM 192,584 avgbidsha.sys
09/07/2017 03:46 PM 336,896 avgbloga.sys
09/07/2017 03:46 PM 51,336 avgbuniva.sys
09/07/2017 03:46 PM 39,424 avgHwid.sys
09/07/2017 03:46 PM 140,192 avgMonFlt.sys
09/07/2017 03:46 PM 102,792 avgRdr2.sys
09/07/2017 03:46 PM 76,832 avgRvrt.sys
09/07/2017 03:46 PM 1,008,800 avgSnx.sys
09/07/2017 03:46 PM 583,288 avgSP.sys
09/07/2017 03:46 PM 191,720 avgStm.sys
09/07/2017 03:46 PM 353,744 avgVmm.sys
03/28/2017 01:36 AM 56,320 BasicDisplay.sys
06/03/2017 05:15 AM 41,472 BasicRender.sys
07/16/2016 07:41 AM 36,192 battc.sys
07/16/2016 07:41 AM 9,728 bcmfn.sys
07/16/2016 07:41 AM 9,728 bcmfn2.sys
07/16/2016 07:42 AM 9,728 beep.sys
11/02/2016 06:23 AM 101,888 bowser.sys
07/07/2017 02:49 AM 115,200 bridge.sys
07/16/2016 07:41 AM 22,016 BtaMPM.sys
09/14/2012 05:49 PM 344,216 btath_a2dp.sys
09/14/2012 05:49 PM 114,840 btath_avdt.sys
09/14/2012 05:49 PM 88,728 btath_flt.sys
09/14/2012 05:49 PM 178,840 btath_hcrp.sys
09/14/2012 05:49 PM 76,952 btath_lwflt.sys
09/14/2012 05:49 PM 135,832 btath_rcp.sys
07/13/2016 05:47 PM 610,336 btfilter.sys
09/15/2016 12:41 PM 168,448 BthA2DP.sys
07/16/2016 07:41 AM 43,008 BthAvrcpTg.sys
09/20/2016 06:42 PM 114,176 bthenum.sys
07/16/2016 07:41 AM 65,536 bthhfenum.sys
07/16/2016 07:41 AM 31,232 BthhfHid.sys
07/12/2017 01:21 AM 250,880 BthLEEnum.sys
07/16/2016 07:41 AM 66,048 bthmodem.sys
07/07/2017 02:47 AM 128,512 bthpan.sys
04/27/2017 07:54 PM 967,680 bthport.sys
09/20/2016 06:42 PM 84,992 BTHUSB.SYS
07/16/2016 07:41 AM 38,912 buttonconverter.sys
07/16/2016 07:41 AM 533,856 bxvbda.sys
09/10/2016 09:21 AM 118,272 capimg.sys
07/16/2016 07:42 AM 92,160 cdfs.sys
07/16/2016 07:41 AM 173,056 cdrom.sys
07/16/2016 07:42 AM 76,640 CEA.sys
07/16/2016 07:41 AM 102,752 cht4dx64.sys
07/16/2016 07:41 AM 346,976 cht4sx64.sys
07/16/2016 07:41 AM 2,104,160 cht4vx64.sys
07/16/2016 07:41 AM 48,640 circlass.sys
03/04/2017 03:20 AM 379,744 Classpnp.sys
08/01/2017 03:29 PM 376,672 clfs.sys
09/20/2016 06:42 PM 681,304 ClipSp.sys
06/25/2012 02:24 PM 92,536 CLVirtualDrive.sys
07/16/2016 07:41 AM 29,696 CmBatt.sys
09/15/2016 01:29 PM 23,392 cmimcext.sys
11/30/2016 06:04 AM 3,792,904 CMUSBDAC.sys
08/01/2017 03:21 PM 624,048 cng.sys
07/16/2016 07:42 AM 38,752 cnghwassist.sys
07/16/2016 07:42 AM 53,088 condrv.sys
10/15/2016 12:29 AM 79,200 crashdmp.sys
03/04/2017 03:15 AM 63,328 dam.sys
04/11/2017 10:01 AM 32,960 DDDriver64Dcsa.sys
04/11/2017 10:01 AM 32,568 DellProf.sys
08/05/2012 02:22 AM 10,752 DellRbtn.sys
07/16/2016 07:41 AM 44,032 devauthe.sys
06/21/2017 02:58 AM 144,896 dfsc.sys
07/16/2016 07:41 AM 101,720 disk.sys
07/16/2016 07:42 AM 38,240 Diskdump.sys
07/16/2016 07:42 AM 14,336 Dmpusbstor.sys
07/16/2016 07:41 AM 35,840 dmvsc.sys
07/16/2016 07:41 AM 97,280 drmk.sys
07/16/2016 07:41 AM 16,168 drmkaud.sys
07/16/2016 07:42 AM 35,680 Dumpata.sys
07/16/2016 07:44 AM 89,560 dumpfve.sys
06/03/2017 05:54 AM 187,232 dumpsd.sys
07/16/2016 07:42 AM 31,744 dumpsdport.sys
07/12/2017 02:02 AM 2,186,592 dxgkrnl.sys
07/12/2017 02:02 AM 402,776 dxgmms1.sys
03/04/2017 03:09 AM 658,784 dxgmms2.sys
07/16/2016 07:42 AM 88,416 EhStorClass.sys
09/20/2016 06:42 PM 118,112 EhStorTcgDrv.sys
08/15/2017 06:14 AM <DIR> en-US
07/16/2016 07:41 AM 13,312 errdev.sys
09/07/2017 08:54 PM <DIR> etc
07/16/2016 07:41 AM 3,418,976 evbda.sys
07/16/2016 07:42 AM 334,848 exfat.sys
11/11/2016 06:13 AM 352,096 fastfat.sys
07/16/2016 07:41 AM 32,256 fdc.sys
07/16/2016 07:42 AM 88,576 filecrypt.sys
07/16/2016 07:42 AM 85,344 fileinfo.sys
07/16/2016 07:42 AM 35,840 filetrace.sys
07/16/2016 07:41 AM 26,112 flpydisk.sys
07/16/2016 07:42 AM 377,696 fltMgr.sys
04/27/2017 08:44 PM 62,816 fsdepends.sys
07/16/2016 07:42 AM 31,584 fs_rec.sys
09/15/2016 01:15 PM 649,568 fvevol.sys
03/04/2017 03:17 AM 409,952 FWPKCLNT.SYS
08/21/2012 02:01 PM 33,240 GEARAspiWDM.sys
07/16/2016 07:41 AM 20,480 genericusbfn.sys
07/16/2016 07:42 AM 3,440,660 gm.dls
07/16/2016 07:42 AM 646 gmreadme.txt
07/16/2016 07:42 AM 8,192 gpuenergydrv.sys
07/16/2016 07:41 AM 83,456 hdaudbus.sys
07/02/2012 07:16 PM 62,784 HECIx64.sys
07/16/2016 07:41 AM 36,704 hidbatt.sys
07/16/2016 07:41 AM 108,032 hidbth.sys
10/14/2016 11:55 PM 156,672 hidclass.sys
07/16/2016 07:41 AM 51,200 hidi2c.sys
07/16/2016 07:41 AM 50,016 hidinterrupt.sys
07/16/2016 07:41 AM 46,592 hidir.sys
09/20/2016 06:42 PM 40,960 hidparse.sys
09/20/2016 06:42 PM 38,400 hidusb.sys
09/07/2017 10:03 PM 55,232 hitmanpro37.sys
07/16/2016 07:41 AM 64,352 HpSAMD.sys
08/01/2017 03:13 PM 1,102,176 http.sys
09/20/2016 06:42 PM 73,568 hvservice.sys
03/04/2017 03:07 AM 110,944 hvsocket.sys
07/16/2016 07:42 AM 29,536 hwpolicy.sys
07/16/2016 07:41 AM 16,384 hyperkbd.sys
07/16/2016 07:41 AM 114,176 i8042prt.sys
07/16/2016 07:41 AM 33,280 iagpio.sys
07/16/2016 07:41 AM 81,408 iai2c.sys
07/16/2016 07:41 AM 64,512 iaLPSS2i_GPIO2.sys
07/16/2016 07:41 AM 176,384 iaLPSS2i_I2C.sys
07/16/2016 07:41 AM 38,128 iaLPSSi_GPIO.sys
07/16/2016 07:41 AM 113,152 iaLPSSi_I2C.sys
10/27/2012 01:02 AM 651,832 iaStorA.sys
07/16/2016 07:41 AM 673,120 iaStorAV.sys
07/16/2016 07:41 AM 412,000 iaStorV.sys
07/16/2016 07:41 AM 526,176 ibbus.sys
05/03/2016 11:30 PM 3,811,288 igdkmd64.sys
07/16/2016 07:42 AM 35,840 IndirectKmd.sys
08/21/2015 11:50 AM 463,112 IntcDAud.sys
07/20/2015 03:45 PM 50,240 intelaud.sys
07/16/2016 07:41 AM 19,296 intelide.sys
06/21/2012 09:13 PM 15,168 IntelMEFWVer.dll
07/16/2016 07:41 AM 48,152 intelpep.sys
07/16/2016 07:41 AM 134,144 intelppm.sys
11/02/2016 06:55 AM 48,992 iorate.sys
07/16/2016 07:42 AM 85,504 ipfltdrv.sys
03/04/2017 03:24 AM 90,976 IPMIDrv.sys
07/16/2016 07:42 AM 212,480 ipnat.sys
05/19/2015 09:26 PM 33,616 iqvw64e.sys
07/16/2016 07:42 AM 120,320 irda.sys
07/16/2016 07:42 AM 19,456 irenum.sys
07/16/2016 07:41 AM 22,880 isapnp.sys
12/01/2015 03:46 PM 38,896 iwdbus.sys
07/16/2016 07:41 AM 62,304 kbdclass.sys
09/15/2016 12:43 PM 39,424 kbdhid.sys
07/16/2016 07:41 AM 25,088 kdnic.sys
03/04/2017 02:28 AM 394,752 ks.sys
08/01/2017 03:32 PM 133,984 ksecdd.sys
08/01/2017 03:25 PM 168,800 ksecpkg.sys
07/16/2016 07:42 AM 26,112 ksthunk.sys
07/16/2016 07:42 AM 66,048 lltdio.sys
07/21/2017 08:17 AM 61,304 lpsport.sys
07/16/2016 07:41 AM 108,896 lsi_sas.sys
07/16/2016 07:41 AM 105,824 lsi_sas2i.sys
07/16/2016 07:41 AM 101,216 lsi_sas3i.sys
07/16/2016 07:41 AM 82,776 lsi_sss.sys
07/16/2016 07:42 AM 125,952 luafv.sys
09/08/2017 08:27 PM 194,776 MBAMSwissArmy.sys
07/16/2016 07:42 AM 22,528 mcd.sys
07/16/2016 07:41 AM 59,744 megasas.sys
10/05/2016 06:09 AM 64,352 MegaSas2i.sys
07/16/2016 07:41 AM 575,840 megasr.sys
07/09/2013 07:31 AM 2,951 mfencbdc.inf
07/16/2016 07:41 AM 842,584 mlx4_bus.sys
07/16/2016 07:42 AM 48,128 mmcss.sys
11/11/2016 05:26 AM 42,496 modem.sys
07/16/2016 07:41 AM 38,400 monitor.sys
07/16/2016 07:41 AM 59,232 mouclass.sys
07/16/2016 07:41 AM 32,256 mouhid.sys
07/16/2016 07:42 AM 104,800 mountmgr.sys
07/16/2016 07:42 AM 75,776 mpsdrv.sys
10/05/2016 05:20 AM 143,872 mrxdav.sys
03/04/2017 03:08 AM 450,400 mrxsmb.sys
07/07/2017 02:39 AM 282,624 mrxsmb10.sys
07/12/2017 02:00 AM 223,072 mrxsmb20.sys
07/16/2016 07:42 AM 31,232 msfs.sys
10/30/2015 03:18 AM 3 MsftWdf_Kernel_01017_Inbox_Critical.Wdf
07/16/2016 07:42 AM 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
07/16/2016 07:42 AM 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
07/16/2016 07:42 AM 168,800 msgpioclx.sys
07/16/2016 07:41 AM 50,528 msgpiowin32.sys
07/16/2016 07:42 AM 8,704 mshidkmdf.sys
07/16/2016 07:42 AM 11,776 mshidumdf.sys
09/08/2017 05:54 PM 81,696 msidntfs.sys
07/16/2016 07:41 AM 18,784 msisadrv.sys
07/12/2017 01:56 AM 277,856 msiscsi.sys
03/04/2017 02:36 AM 27,136 mskssrv.sys
07/16/2016 07:42 AM 78,336 mslldp.sys
07/16/2016 07:42 AM 10,752 mspclock.sys
07/16/2016 07:42 AM 10,752 mspqm.sys
07/16/2016 07:42 AM 361,312 msrpc.sys
07/16/2016 07:41 AM 43,360 mssmbios.sys
07/16/2016 07:42 AM 12,800 mstee.sys
07/16/2016 07:41 AM 15,872 MTConfig.sys
06/21/2017 03:50 AM 126,304 mup.sys
07/16/2016 07:41 AM 63,840 mvumis.sys
07/16/2016 07:41 AM 108,896 ndfltr.sys
07/12/2017 02:09 AM 1,181,024 ndis.sys
07/16/2016 07:42 AM 50,176 ndiscap.sys
07/16/2016 07:42 AM 126,464 NdisImPlatform.sys
07/16/2016 07:42 AM 26,112 ndistapi.sys
07/16/2016 07:42 AM 63,488 ndisuio.sys
07/16/2016 07:42 AM 20,480 NdisVirtualBus.sys
07/16/2016 07:42 AM 189,440 ndiswan.sys
07/16/2016 07:42 AM 60,928 ndproxy.sys
07/16/2016 07:42 AM 125,440 Ndu.sys
07/16/2016 07:42 AM 90,624 NetAdapterCx.sys
07/16/2016 07:42 AM 57,184 netbios.sys
07/16/2016 07:42 AM 279,040 netbt.sys
07/07/2017 03:37 AM 468,320 netio.sys
08/19/2014 11:07 AM 36,600 npf.sys
07/16/2016 07:42 AM 68,608 npfs.sys
07/16/2016 07:41 AM 26,624 npsvctrig.sys
07/16/2016 07:42 AM 41,984 nsiproxy.sys
07/12/2017 02:13 AM 2,253,664 ntfs.sys
07/16/2016 07:43 AM 19,296 ntosext.sys
07/16/2016 07:42 AM 7,168 null.sys
07/16/2016 07:41 AM 150,368 nvraid.sys
07/16/2016 07:41 AM 166,240 nvstor.sys
03/04/2017 02:30 AM 535,552 nwifi.sys
07/12/2017 02:00 AM 160,608 pacer.sys
07/16/2016 07:41 AM 96,768 parport.sys
03/04/2017 03:20 AM 128,352 partmgr.sys
12/14/2016 01:18 AM 335,712 pci.sys
07/16/2016 07:41 AM 16,224 pciide.sys
07/16/2016 07:41 AM 52,576 pciidex.sys
07/16/2016 07:41 AM 118,112 pcmcia.sys
07/16/2016 07:42 AM 51,552 pcw.sys
07/07/2017 03:44 AM 108,896 pdc.sys
07/16/2016 07:42 AM 723,968 PEAuth.sys
07/16/2016 07:41 AM 58,720 percsas2i.sys
07/16/2016 07:41 AM 61,792 percsas3i.sys
07/16/2016 07:41 AM 366,592 portcls.sys
07/16/2016 07:41 AM 119,808 processr.sys
07/16/2016 07:42 AM 48,640 qwavedrv.sys
05/19/2016 09:33 AM 1,198 ramps_0x01020200_26.dfu
05/19/2016 09:33 AM 1,192 ramps_0x01020200_26_0x01.dfu
05/19/2016 09:33 AM 1,204 ramps_0x01020200_40.dfu
05/19/2016 09:33 AM 1,242 ramps_0x01020200_40_0x01.dfu
05/19/2016 09:33 AM 1,204 ramps_0x01020200_40_0x02.dfu
05/19/2016 09:33 AM 1,214 ramps_0x01020200_40_0x03.dfu
05/19/2016 09:33 AM 1,228 ramps_0x01020200_40_0x04.dfu
05/19/2016 09:33 AM 264 ramps_0x01020201_26.dfu
05/19/2016 09:33 AM 264 ramps_0x01020201_26_0x01.dfu
05/19/2016 09:33 AM 264 ramps_0x01020201_40.dfu
05/19/2016 09:33 AM 296 ramps_0x01020201_40_0x01.dfu
05/19/2016 09:33 AM 264 ramps_0x01020201_40_0x02.dfu
05/19/2016 09:33 AM 264 ramps_0x01020201_40_0x03.dfu
05/19/2016 09:33 AM 278 ramps_0x01020201_40_0x04.dfu
05/19/2016 09:33 AM 1,796 ramps_0x11020000_40.dfu
05/19/2016 09:33 AM 1,802 ramps_0x11020100_40.dfu
05/19/2016 09:33 AM 1,802 ramps_0x11020100_40_nf01.dfu
05/19/2016 09:33 AM 1,802 ramps_0x11020100_40_SS01.dfu
05/19/2016 09:33 AM 1,926 ramps_0x31010000_40.dfu
05/19/2016 09:33 AM 1,516 ramps_0x31010000_40_0x01.dfu
05/19/2016 09:33 AM 1,926 ramps_0x31010000_40_0x11.dfu
05/19/2016 09:33 AM 1,516 ramps_0x31010000_40_0x12.dfu
05/19/2016 09:33 AM 1,926 ramps_0x31010000_40_0x21.dfu
05/19/2016 09:33 AM 1,516 ramps_0x31010000_40_0x22.dfu
05/19/2016 09:33 AM 1,926 ramps_0x31010000_40_0xf0.dfu
05/19/2016 09:33 AM 1,516 ramps_0x31010000_40_0xf1.dfu
05/19/2016 09:33 AM 1,516 ramps_0x31010000_40_LV01.dfu
05/19/2016 09:33 AM 1,516 ramps_0x31010000_40_SS01.dfu
05/19/2016 09:33 AM 1,922 ramps_0x31010100_40.dfu
05/19/2016 09:33 AM 1,512 ramps_0x31010100_40_0x01.dfu
07/16/2016 07:42 AM 17,408 rasacd.sys
08/19/2013 11:17 PM 107,296 rasdcfrq.sys
07/16/2016 07:42 AM 104,960 rasl2tp.sys
04/27/2017 08:03 PM 81,408 raspppoe.sys
07/16/2016 07:42 AM 96,256 raspptp.sys
07/16/2016 07:42 AM 77,824 rassstp.sys
04/27/2017 08:38 PM 431,968 rdbss.sys
07/16/2016 10:27 AM 26,112 rdpbus.sys
07/16/2016 10:27 AM 177,152 rdpdr.sys
07/16/2016 10:27 AM 29,536 rdpvideominiport.sys
07/16/2016 07:42 AM 267,104 rdyboost.sys
07/16/2016 07:42 AM 928,608 refsv1.sys
07/16/2016 07:42 AM 70,144 registry.sys
07/16/2016 07:41 AM 183,808 rfcomm.sys
07/16/2016 07:41 AM 39,936 RfxVmt.sys
07/16/2016 07:42 AM 147,968 rmcast.sys
07/16/2016 07:42 AM 34,304 RNDISMP.sys
06/21/2017 03:03 AM 13,312 rootmdm.sys
07/16/2016 07:42 AM 81,408 rspndr.sys
08/14/2015 07:11 PM 896,744 rt640x64.sys
06/26/2015 01:45 AM 2,880,873 RTAIODAT.DAT
08/04/2015 12:21 AM 4,518,136 RTKVHD64.sys
06/15/2012 04:50 AM 315,536 RtsUVStor.sys
06/26/2015 01:45 AM 5,804,772 rtvienna.dat
09/20/2016 02:55 PM 188,557 RTWAVES40.dat
09/20/2016 02:55 PM 31,095 rtwavesEFX.dat
09/20/2016 02:55 PM 10,945 rtwavesMFX.dat
09/20/2016 02:55 PM 849,474 rtwavesskdy.dat
07/16/2016 07:41 AM 110,432 sbp2port.sys
07/16/2016 07:42 AM 43,008 scfilter.sys
06/21/2017 03:52 AM 88,416 scmbus.sys
07/12/2017 01:24 AM 124,928 scmdisk0101.sys
07/16/2016 07:42 AM 173,408 scsiport.sys
06/03/2017 06:16 AM 279,904 sdbus.sys
07/16/2016 07:42 AM 95,584 sdport.sys
07/12/2017 02:00 AM 95,584 sdstor.sys
07/16/2016 07:42 AM 74,592 SerCx.sys
07/16/2016 07:42 AM 151,904 SerCx2.sys
07/16/2016 07:41 AM 25,088 serenum.sys
07/16/2016 07:41 AM 83,968 serial.sys
07/16/2016 07:41 AM 27,648 sermouse.sys
09/20/2012 08:39 PM 43,832 SETFFFD.tmp
07/16/2016 07:41 AM 18,432 sfloppy.sys
07/16/2016 07:41 AM 44,896 sisraid2.sys
07/16/2016 07:41 AM 81,760 sisraid4.sys
09/20/2012 08:39 PM 41,272 Smb_driver_AMDASF.sys
08/19/2016 12:59 AM 50,880 Smb_driver_AMDASF_Aux.sys
08/19/2016 12:59 AM 51,392 Smb_driver_Intel.sys
08/19/2016 12:59 AM 51,392 Smb_driver_Intel_Aux.sys
07/16/2016 07:42 AM 22,016 smclib.sys
08/01/2017 03:20 PM 557,408 spaceport.sys
07/16/2016 07:42 AM 79,200 SpbCx.sys
04/27/2017 07:51 PM 409,600 srv.sys
04/27/2017 07:51 PM 713,216 srv2.sys
09/20/2016 06:42 PM 248,320 srvnet.sys
07/16/2016 07:41 AM 31,072 stexstor.sys
03/04/2017 03:08 AM 130,912 storahci.sys
07/12/2017 02:17 AM 81,760 stornvme.sys
06/03/2017 05:49 AM 509,280 storport.sys
07/16/2016 07:42 AM 78,336 storqosflt.sys
07/16/2016 07:41 AM 32,096 storufs.sys
07/16/2016 07:41 AM 36,192 storvsc.sys
07/16/2016 07:42 AM 74,240 stream.sys
07/16/2016 07:41 AM 17,760 swenum.sys
07/16/2016 07:41 AM 64,000 Synth3dVsc.sys
08/19/2016 12:59 AM 622,272 SynTP.sys
07/31/2017 04:54 PM 36,496 tap0901.sys
07/16/2016 07:42 AM 30,720 tape.sys
07/31/2017 04:54 PM 44,896 tapvyprvpn.sys
07/16/2016 07:42 AM 26,976 tbs.sys
08/01/2017 03:13 PM 2,532,192 tcpip.sys
07/07/2017 02:46 AM 52,224 tcpipreg.sys
07/16/2016 07:42 AM 40,288 tdi.sys
08/01/2017 03:27 PM 118,112 tdx.sys
07/16/2016 10:27 AM 38,752 terminpt.sys
06/03/2017 06:11 AM 128,864 tm.sys
08/22/2016 03:20 PM 332,512 tmcomm.sys
11/11/2016 06:00 AM 219,488 tpm.sys
07/16/2016 07:42 AM 61,440 TsUsbFlt.sys
07/16/2016 07:41 AM 34,304 TsUsbGD.sys
07/16/2016 07:42 AM 158,208 tunnel.sys
07/16/2016 07:41 AM 77,152 uaspstor.sys
07/16/2016 07:42 AM 95,744 UcmCx.sys
07/16/2016 07:42 AM 108,544 UcmTcpciCx.sys
07/16/2016 07:41 AM 50,688 UcmUcsi.sys
07/16/2016 07:42 AM 210,272 Ucx01000.sys
07/16/2016 07:42 AM 45,568 Udecx.sys
07/16/2016 07:42 AM 320,000 udfs.sys
07/16/2016 07:41 AM 28,512 uefi.sys
07/16/2016 07:42 AM 263,008 ufx01000.sys
07/16/2016 07:41 AM 96,608 UfxChipidea.sys
07/16/2016 07:41 AM 137,056 ufxsynopsys.sys
07/16/2016 07:41 AM 56,832 umbus.sys
11/14/2016 10:18 PM <DIR> UMDF
07/16/2016 07:41 AM 13,824 umpass.sys
07/16/2016 07:41 AM 28,512 urschipidea.sys
07/16/2016 07:42 AM 57,696 urscx01000.sys
07/16/2016 07:41 AM 27,488 urssynopsys.sys
07/16/2016 07:42 AM 23,040 usb8023.sys
03/28/2016 01:41 PM 54,784 usbaapl64.sys
07/16/2016 07:41 AM 132,096 USBAUDIO.sys
07/16/2016 07:42 AM 36,864 USBCAMD2.sys
07/16/2016 07:41 AM 169,312 usbccgp.sys
07/16/2016 07:41 AM 102,400 usbcir.sys
07/16/2016 07:41 AM 32,608 usbd.sys
07/16/2016 07:41 AM 96,096 usbehci.sys
07/16/2016 07:41 AM 501,088 usbhub.sys
07/16/2016 07:41 AM 535,904 USBHUB3.SYS
07/16/2016 07:41 AM 30,208 usbohci.sys
07/16/2016 07:41 AM 455,520 usbport.sys
07/16/2016 07:41 AM 27,648 usbprint.sys
07/16/2016 07:43 AM 32,256 usbrpm.sys
07/16/2016 07:41 AM 69,120 usbser.sys
06/21/2017 03:36 AM 129,888 USBSTOR.SYS
07/16/2016 07:41 AM 35,328 usbuhci.sys
09/20/2016 06:42 PM 226,816 usbvideo.sys
06/03/2017 05:50 AM 381,792 USBXHCI.SYS
07/16/2016 07:41 AM 53,088 vdrvroot.sys
07/16/2016 07:42 AM 201,056 VerifierExt.sys
07/12/2017 02:01 AM 715,104 vhdmp.sys
07/16/2016 07:42 AM 32,256 vhf.sys
07/16/2016 07:42 AM 50,176 videoprt.sys
08/01/2017 03:20 PM 79,712 vmbkmcl.sys
08/01/2017 02:52 PM 80,896 vmbkmclr.sys
07/16/2016 07:41 AM 104,288 vmbus.sys
07/16/2016 07:41 AM 25,088 VMBusHID.sys
07/16/2016 07:41 AM 13,312 vmgencounter.sys
07/16/2016 07:41 AM 10,240 vmgid.sys
07/16/2016 07:41 AM 9,216 vms3cap.sys
07/16/2016 07:41 AM 46,944 vmstorfl.sys
07/16/2016 07:41 AM 80,224 volmgr.sys
07/16/2016 07:42 AM 367,456 volmgrx.sys
07/16/2016 07:42 AM 391,520 volsnap.sys
07/16/2016 07:41 AM 16,224 volume.sys
09/15/2016 01:29 PM 74,080 vpci.sys
07/16/2016 07:41 AM 166,752 vsmraid.sys
07/16/2016 07:41 AM 305,504 VSTXRAID.SYS
07/16/2016 07:42 AM 26,624 vwifibus.sys
07/16/2016 07:42 AM 73,216 vwififlt.sys
04/27/2017 08:02 PM 40,448 vwifimp.sys
07/16/2016 07:41 AM 30,208 wacompen.sys
07/16/2016 07:42 AM 79,872 wanarp.sys
07/16/2016 07:42 AM 56,320 watchdog.sys
09/15/2016 01:14 PM 119,648 wcifs.sys
07/12/2017 01:25 AM 66,560 wcnfs.sys
07/16/2016 07:43 AM 44,056 WdBoot.sys
07/16/2016 07:42 AM 861,296 Wdf01000.sys
07/16/2016 07:43 AM 290,144 WdFilter.sys
07/16/2016 07:42 AM 61,040 WdfLdr.sys
06/21/2017 02:56 AM 719,872 WdiWiFi.sys
07/16/2016 07:43 AM 123,232 WdNisDrv.sys
07/16/2016 07:42 AM 39,776 werkernel.sys
07/12/2017 02:01 AM 156,000 wfplwfs.sys
07/16/2016 07:42 AM 35,680 wimmount.sys
07/16/2016 07:42 AM 107,032 WindowsTrustedRT.sys
07/16/2016 07:41 AM 17,944 WindowsTrustedRTProxy.sys
07/16/2016 07:42 AM 31,584 winhv.sys
09/15/2016 12:42 PM 51,712 winhvr.sys
07/16/2016 07:41 AM 32,096 winmad.sys
07/16/2016 07:41 AM 89,088 winusb.sys
07/16/2016 07:41 AM 64,864 winverbs.sys
07/16/2016 07:41 AM 18,432 wmiacpi.sys
07/16/2016 07:42 AM 20,320 wmilib.sys
09/20/2016 06:30 PM 199,008 wof.sys
07/16/2016 07:44 AM 30,560 WpdUpFltr.sys
07/16/2016 07:42 AM 31,584 WppRecorder.sys
07/16/2016 07:42 AM 22,528 ws2ifsl.sys
07/16/2016 07:41 AM 22,528 WSDPrint.sys
07/16/2016 07:41 AM 24,576 WSDScan.sys
07/16/2016 07:42 AM 99,328 WUDFPf.sys
07/16/2016 07:42 AM 216,064 WUDFRd.sys
03/04/2017 02:34 AM 258,560 xboxgip.sys
09/20/2016 06:42 PM 43,520 xinputhid.sys
09/06/2017 07:43 PM 203,680 zamguard64.sys
494 File(s) 112,079,587 bytes
5 Dir(s) 358,420,566,016 bytes free

========= End of CMD: =========

==== End of Fixlog 20:45:01 ====

Aura · September 9, 2017

And now for the fun part.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
- FRST 64-bit
Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
- Restart the computer
- Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
- Use the arrow keys to select Repair your computer, and press on Enter
- Select your keyboard layout (US, French, etc.) and click on Next
- Click on Command Prompt to open the command prompt
  Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

fixlist.txt

dkrufnkz · September 9, 2017

Attached fixlog.txt

Fixlog.txt

Aura · September 9, 2017

Good Now you should be able to install and run a scan with Malwarebytes.

Malwarebytes - Clean Mode

Download and install the free version of Malwarebytes
Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
Let the scan run, the time required to complete the scan depends of your system and computer specs
Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
- If it asks you to restart your computer to complete the removal, do so
Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

dkrufnkz · September 9, 2017

Cannot install malwarebytes. The requested resource is in use.

Aura · September 9, 2017

Just noticed that we forgot to remove one driver, my bad. I did your fixlist quite late yesterday, so I missed it. Here, go back in the Recovery Environment and run this fix instead (download the attached fixlist.txt).

fixlist.txt

dkrufnkz · September 9, 2017

Attached fixlog.txt

Fixlog.txt

Aura · September 9, 2017

Now you should be able to install and run a scan with Malwarebytes.

dkrufnkz · September 9, 2017

Installed and running. will post log when complete.

dkrufnkz · September 9, 2017

Malwarebytes report,

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/9/17
Scan Time: 3:36 PM
Log File: 21410394-9596-11e7-9bc5-b8ca3ae030e9.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.186
Update Package Version: 1.0.2763
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1593)
CPU: x64
File System: NTFS
User: ADRIANNAPC\Adrianna

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380765
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 12 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.FileTour, C:\USERS\ADRIANNA\DOWNLOADS\EASEUS_MOBISAVER_5.ZIP, No Action By User, [165], [427204],1.0.2763

Physical Sector: 0
(No malicious items detected)

(end)

Aura · September 10, 2017

Good Now let's run a sweep with AdwCleaner and RogueKiller.

AdwCleaner - Fix Mode

Download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RogueKiller

Download the right version of RogueKiller for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log

dkrufnkz · September 10, 2017

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 10 18:31:25 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-08-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Yahoo Toolbar and New Tab - Yahoo

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1857 B] - [2017/9/9 22:44:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

RogueKiller V12.11.13.0 (x64) [Sep 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Adrianna [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/10/2017 15:00:50 (Duration : 00:58:54)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abd80b39-f7b3-41f5-b7a2-ded9e165f96c} | DhcpNameServer : 10.3.30.1 ([]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen2][Firefox:Addon] sgtnusgw.default : Yahoo Toolbar and New Tab [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
[PUP.Gen0][Chrome:Addon] Profile 3 : MSN Homepage & Bing Search Engine [fcfenmboojpjinhpgggodefccipikbpd] -> Found
[PUM.HomePage][Firefox:Config] sgtnusgw.default : user_pref("browser.startup.homepage", "bing.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVT-75G33T0 +++++
--- User ---
[MBR] 3d1418dbb7946599a1285f1e81c401f8
[BSP] 04e5c247253bc1282e05553547a2b3a4 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
4 - Basic data partition | Offset (sectors): 2394112 | Size: 466357 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 957493248 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 958414848 | Size: 8963 MB
User = LL1 ... OK
User = LL2 ... OK

Aura · September 10, 2017

Did you delete the threats RogueKiller found?

Aura · September 13, 2017

Hi dkrufnkz,

Are you still with me?

Aura · September 15, 2017

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Smartservice virus Nothing worked from forumns

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information