~ Unable to detect HIGH RISK & Turn on Web Protection ~

[Virus_Victim]

1. Did not detect. 

C:\Users\J\AppData\Local\ctfardb\ctfardb.exe     detected: Gen:Variant.Zusy.255923 (B) [krnl.xmd]
C:\Users\J\AppData\Local\ctfardb\winvfdq.exe     detected: Gen:Variant.Mikey.69550 (B) [krnl.xmd]

2. Unable to turn on Web Protection 

FRST.txt

Addition.txt

Edited September 11, 2017 by Virus_Victim

[Aura]

Hi Virus_Victim

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

[Virus_Victim]

Was still finishing post with files. Did not except such quick reply. Attached files in reply as instructed.

Please inform how to delete files that system does NOT allow ( access denied ) and how to start WEB PROTECTION.

Thank U.

FRST.txt

Addition.txt

[Aura]

You are infected with SmartService, so in order to remove the infection, we'll need to do so from the Recovery Environment. Do you have a USB Flash Drive? If so, how big is it? 

Also, follow the instructions below.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Fix button
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
• Copy and paste its content in your next reply
  

fixlist.txt

[Virus_Victim]

1. Recovery Environment ? Is there a way to avoid that procedure without USB Flash Drive ?

2. Fixlog.txt below

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by JK (11-09-2017 07:29:31) Run:1
Running from V:\
Loaded Profiles: JK (Available Profiles: JK & Jack__000 & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

========= dir C:\Windows =========

 Volume in drive C is Windows
 Volume Serial Number is 2AE1-EB40

 Directory of C:\Windows

09/11/2017  06:57 AM    <DIR>          .
09/11/2017  06:57 AM    <DIR>          ..
07/16/2016  06:47 AM    <DIR>          addins
10/23/2016  11:46 AM    <DIR>          appcompat
06/15/2017  02:05 AM    <DIR>          AppPatch
09/11/2017  05:14 AM    <DIR>          AppReadiness
08/26/2017  06:20 AM    <DIR>          assembly
05/14/2016  10:52 AM    <DIR>          AUInstallAgent
08/29/2016  11:20 AM            53,208 avastSS.scr
08/26/2017  06:06 AM    <DIR>          bcastdvr
07/16/2016  06:42 AM            61,440 bfsvc.exe
07/16/2016  06:47 AM    <DIR>          Boot
07/16/2016  06:47 AM    <DIR>          Branding
09/11/2017  04:02 AM    <DIR>          CbsTemp
07/16/2016  06:43 AM            33,498 Core.xml
09/11/2013  01:32 PM                10 csup.txt
07/16/2016  06:47 AM    <DIR>          Cursors
09/11/2017  05:24 AM    <DIR>          debug
10/22/2016  02:35 PM            15,243 diagerr.xml
07/16/2016  06:47 AM    <DIR>          diagnostics
10/22/2016  02:35 PM            15,243 diagwrn.xml
03/15/2017  07:46 PM    <DIR>          DigitalLocker
07/16/2016  09:14 AM    <DIR>          en-US
10/05/2016  02:35 PM             2,259 epplauncher.mif
07/12/2017  12:55 AM         4,674,872 explorer.exe
07/16/2016  06:47 AM    <DIR>          GameBarPresenceWriter
07/16/2016  06:47 AM    <DIR>          Globalization
09/28/2005  12:29 PM           585,728 Halloween.scr
10/22/2016  02:10 PM    <DIR>          Help
06/03/2017  03:52 AM           975,872 HelpPane.exe
06/17/2017  06:54 AM    <DIR>          Hewlett-Packard
07/16/2016  06:42 AM            18,432 hh.exe
07/16/2016  09:14 AM    <DIR>          IME
08/26/2017  06:06 AM    <DIR>          ImmersiveControlPanel
09/05/2017  11:53 PM    <DIR>          INF
07/16/2016  06:47 AM    <DIR>          InfusedApps
10/22/2016  02:10 PM    <DIR>          InputMethod
04/25/2017  06:16 PM    <DIR>          IObit
07/16/2016  06:47 AM    <DIR>          L2Schemas
07/10/2017  05:33 AM    <DIR>          LiveKernelReports
09/10/2017  04:08 AM    <DIR>          Logs
01/19/2017  02:54 PM    <DIR>          MediaViewer
07/16/2016  06:42 AM            43,131 mib.bin
09/10/2017  10:39 PM    <DIR>          Microsoft.NET
07/16/2016  06:47 AM    <DIR>          Migration
10/22/2016  02:03 PM    <DIR>          MiracastView
04/20/2017  05:49 PM    <DIR>          ModemLogs
11/03/2005  02:20 PM           647,168 Night Before Christmas.scr
07/16/2016  06:43 AM           243,200 notepad.exe
07/18/2017  05:54 PM             1,951 NvContainerRecovery.bat
06/20/2017  03:58 PM             1,951 NvTelemetryContainerRecovery.bat
07/16/2016  09:15 AM    <DIR>          OCR
07/16/2016  06:47 AM    <DIR>          Offline Web Pages
11/19/2016  07:27 AM    <DIR>          Panther
07/16/2016  06:47 AM    <DIR>          Performance
09/11/2017  05:34 AM               512 PFRO.log
07/16/2016  06:47 AM    <DIR>          PLA
05/14/2017  06:39 PM    <DIR>          PolicyDefinitions
09/11/2017  07:17 AM    <DIR>          Prefetch
03/18/2017  08:16 PM    <DIR>          PrintDialog
08/26/2017  06:06 AM    <DIR>          Provisioning
03/04/2017  01:18 AM           320,512 regedit.exe
11/03/2016  05:39 PM    <DIR>          registration
11/13/2016  12:21 AM    <DIR>          rescache
07/16/2016  06:47 AM    <DIR>          Resources
07/16/2016  06:47 AM    <DIR>          SchCache
07/16/2016  06:47 AM    <DIR>          schemas
07/16/2016  06:47 AM    <DIR>          security
10/22/2016  01:59 PM    <DIR>          ServiceProfiles
12/11/2016  06:01 AM    <DIR>          servicing
07/16/2016  06:49 AM    <DIR>          Setup
08/26/2017  06:06 AM    <DIR>          ShellExperiences
07/16/2016  09:14 AM    <DIR>          SKB
09/10/2017  05:55 AM    <DIR>          SoftwareDistribution
07/16/2016  06:47 AM    <DIR>          Speech
07/16/2016  06:47 AM    <DIR>          Speech_OneCore
10/14/2016  10:59 PM           130,560 splwow64.exe
07/16/2016  06:47 AM    <DIR>          System
08/22/2013  08:25 AM               219 system.ini
09/11/2017  06:40 AM    <DIR>          System32
07/16/2016  09:29 AM    <DIR>          SystemApps
07/16/2016  06:47 AM    <DIR>          SystemResources
09/07/2017  08:46 AM    <DIR>          SysWOW64
07/16/2016  06:47 AM    <DIR>          TAPI
09/10/2017  03:27 AM    <DIR>          Tasks
09/11/2017  07:17 AM    <DIR>          Temp
05/14/2016  02:38 PM    <DIR>          ToastData
07/16/2016  06:47 AM    <DIR>          tracing
07/16/2016  06:47 AM    <DIR>          twain_32
07/16/2016  06:43 AM            66,560 twain_32.dll
09/11/2017  04:43 AM                 0 unlocker.log
08/22/2013  10:36 AM    <DIR>          vpnplugins
07/16/2016  06:47 AM    <DIR>          Vss
12/09/2016  12:27 PM    <DIR>          Web
08/04/2017  11:18 PM               197 win.ini
09/11/2017  06:34 AM               275 WindowsUpdate.log
07/16/2016  06:42 AM            10,240 winhlp32.exe
09/11/2017  02:37 AM                85 wininit.ini
08/31/2017  06:06 AM    <DIR>          WinSxS
07/16/2016  06:43 AM           316,640 WMSysPr9.prx
07/16/2016  06:42 AM            11,264 write.exe
              28 File(s)      8,230,270 bytes
              73 Dir(s)   6,651,662,336 bytes free

========= End of CMD: =========

========= dir C:\Windows\system32\drivers =========

 Volume in drive C is Windows
 Volume Serial Number is 2AE1-EB40

 Directory of C:\Windows\system32\drivers

09/11/2017  07:16 AM    <DIR>          .
09/11/2017  07:16 AM    <DIR>          ..
09/11/2017  02:26 AM           253,888 031A0A42.sys
09/11/2017  05:49 AM           253,888 0388262A.sys
09/11/2017  07:14 AM           253,888 044766EA.sys
09/11/2017  05:49 AM           253,888 0BB42602.sys
07/16/2016  06:41 AM           235,520 1394ohci.sys
09/11/2017  07:09 AM           253,888 162B6361.sys
09/11/2017  06:36 AM           253,888 165449CA.sys
09/11/2017  01:39 AM           253,888 184066AE.sys
09/05/2017  10:53 PM           253,888 2EB96091.sys
09/11/2017  03:02 AM           253,888 32662628.sys
09/11/2017  05:36 AM           253,888 37281B9A.sys
09/05/2017  07:14 AM           253,888 3D26124B.sys
09/11/2017  06:35 AM           253,888 3F2B4906.sys
07/16/2016  06:41 AM           107,360 3ware.sys
09/10/2017  05:26 AM           253,888 4BF94639.sys
09/09/2017  03:56 AM           253,888 4D0432D9.sys
09/11/2017  02:26 AM           253,888 50F20A66.sys
09/11/2017  01:22 AM           253,888 5CDD5967.sys
09/05/2017  10:49 PM           253,888 5D725E18.sys
09/11/2017  06:35 AM           253,888 5EF2493B.sys
09/11/2017  01:22 AM           253,888 60F35953.sys
09/05/2017  07:14 AM           253,888 6102126C.sys
09/11/2017  03:02 AM           253,888 648E2604.sys
09/11/2017  05:45 AM           253,888 6D7A2294.sys
09/11/2017  06:46 AM           253,888 7DE75172.sys
09/09/2017  03:55 AM           253,888 7F2B32B5.sys
07/16/2016  06:41 AM           705,888 acpi.sys
07/16/2016  06:41 AM            18,432 AcpiDev.sys
07/16/2016  06:42 AM           126,816 acpiex.sys
07/16/2016  06:41 AM            12,288 acpipagr.sys
07/16/2016  06:41 AM            14,336 acpipmi.sys
07/16/2016  06:41 AM            13,312 acpitime.sys
07/16/2016  06:41 AM         1,135,456 adp80xx.sys
10/14/2016  11:21 PM           584,032 afd.sys
07/16/2016  06:42 AM           107,520 agilevpn.sys
10/14/2016  10:31 PM           227,328 ahcache.sys
07/16/2016  06:41 AM           123,392 amdk8.sys
07/16/2016  06:41 AM           120,832 amdppm.sys
07/16/2016  06:41 AM            83,296 amdsata.sys
07/16/2016  06:41 AM           259,424 amdsbs.sys
07/16/2016  06:41 AM            26,976 amdxata.sys
07/16/2016  06:42 AM           172,896 appid.sys
07/16/2016  06:42 AM            15,360 applockerfltr.sys
07/16/2016  06:41 AM           131,936 arcsas.sys
08/31/2017  11:08 PM           320,528 aswbidsdrivera.sys
08/31/2017  11:08 PM           198,976 aswbidsha.sys
08/31/2017  11:08 PM           343,296 aswbloga.sys
08/31/2017  11:08 PM            57,736 aswbuniva.sys
08/31/2017  11:09 PM            47,016 aswHwid.sys
08/31/2017  11:08 PM            41,832 aswKbd.sys
08/31/2017  11:09 PM           147,784 aswMonFlt.sys
07/01/2017  04:23 AM           146,664 aswmonflt.sys.150043549378103
08/31/2017  11:09 PM           110,376 aswRdr2.sys
08/31/2017  11:09 PM            84,416 aswRvrt.sys
08/31/2017  11:08 PM         1,016,384 aswSnx.sys
08/31/2017  11:09 PM           590,880 aswSP.sys
07/10/2016  05:41 PM           473,592 aswsp.sys.146819051778102
08/31/2017  11:09 PM           199,312 aswStm.sys
05/15/2017  01:50 PM           158,368 aswstm.sys.149487423759302
08/31/2017  11:09 PM           361,336 aswVmm.sys
02/10/2017  09:52 AM           337,080 aswvmm.sys.148673840507804
07/01/2017  04:23 AM           360,792 aswvmm.sys.149890102287506
07/16/2016  06:42 AM            28,160 asyncmac.sys
07/16/2016  06:41 AM            28,512 atapi.sys
07/16/2016  06:41 AM           191,840 ataport.sys
12/14/2015  06:20 PM            21,048 awealloc.sys
03/28/2017  12:36 AM            56,320 BasicDisplay.sys
06/03/2017  04:15 AM            41,472 BasicRender.sys
07/16/2016  06:41 AM            36,192 battc.sys
07/16/2016  06:41 AM             9,728 bcmfn.sys
07/16/2016  06:41 AM             9,728 bcmfn2.sys
07/16/2016  06:42 AM             9,728 beep.sys
03/30/2015  01:01 AM            17,600 BootDefragDriver.sys
11/08/2016  01:40 PM           101,888 bowser.sys
07/07/2017  01:49 AM           115,200 bridge.sys
07/16/2016  06:41 AM            22,016 BtaMPM.sys
07/16/2016  06:41 AM            43,008 BthAvrcpTg.sys
07/16/2016  06:41 AM            65,536 bthhfenum.sys
07/16/2016  06:41 AM            31,232 BthhfHid.sys
07/16/2016  06:41 AM            66,048 bthmodem.sys
07/16/2016  06:41 AM            38,912 buttonconverter.sys
07/16/2016  06:41 AM           533,856 bxvbda.sys
09/10/2016  08:21 AM           118,272 capimg.sys
07/16/2016  06:42 AM            92,160 cdfs.sys
07/16/2016  06:41 AM           173,056 cdrom.sys
07/16/2016  06:42 AM            76,640 CEA.sys
07/16/2016  06:41 AM           102,752 cht4dx64.sys
07/16/2016  06:41 AM           346,976 cht4sx64.sys
07/16/2016  06:41 AM         2,104,160 cht4vx64.sys
07/16/2016  06:41 AM            48,640 circlass.sys
03/04/2017  02:20 AM           379,744 Classpnp.sys
08/01/2017  02:29 PM           376,672 clfs.sys
09/07/2016  12:33 AM           681,304 ClipSp.sys
06/25/2012  12:24 PM            92,536 CLVirtualDrive.sys
07/16/2016  06:41 AM            29,696 CmBatt.sys
09/15/2016  12:29 PM            23,392 cmimcext.sys
08/01/2017  02:21 PM           624,048 cng.sys
07/16/2016  06:42 AM            38,752 cnghwassist.sys
07/16/2016  06:42 AM            53,088 condrv.sys
05/29/2012  05:53 PM            27,456 cpqdfw.sys
10/14/2016  11:29 PM            79,200 crashdmp.sys
03/04/2017  02:15 AM            63,328 dam.sys
07/16/2016  06:41 AM            44,032 devauthe.sys
06/21/2017  01:58 AM           144,896 dfsc.sys
07/16/2016  06:41 AM           101,720 disk.sys
07/16/2016  06:42 AM            38,240 Diskdump.sys
07/16/2016  06:42 AM            14,336 Dmpusbstor.sys
07/16/2016  06:41 AM            35,840 dmvsc.sys
07/16/2016  06:41 AM            97,280 drmk.sys
07/16/2016  06:41 AM            16,168 drmkaud.sys
07/16/2016  06:42 AM            35,680 Dumpata.sys
07/16/2016  06:44 AM            89,560 dumpfve.sys
06/03/2017  04:54 AM           187,232 dumpsd.sys
07/16/2016  06:42 AM            31,744 dumpsdport.sys
07/12/2017  01:02 AM         2,186,592 dxgkrnl.sys
07/12/2017  01:02 AM           402,776 dxgmms1.sys
03/04/2017  02:09 AM           658,784 dxgmms2.sys
07/16/2016  06:42 AM            88,416 EhStorClass.sys
09/07/2016  12:29 AM           118,112 EhStorTcgDrv.sys
08/26/2017  06:06 AM    <DIR>          en-US
07/16/2016  06:41 AM            13,312 errdev.sys
12/23/2016  02:33 AM    <DIR>          etc
07/16/2016  06:41 AM         3,418,976 evbda.sys
07/16/2016  06:42 AM           334,848 exfat.sys
11/11/2016  05:13 AM           352,096 fastfat.sys
07/16/2016  06:41 AM            32,256 fdc.sys
07/16/2016  06:42 AM            88,576 filecrypt.sys
07/16/2016  06:42 AM            85,344 fileinfo.sys
07/16/2016  06:42 AM            35,840 filetrace.sys
07/16/2016  06:41 AM            26,112 flpydisk.sys
07/16/2016  06:42 AM           377,696 fltMgr.sys
04/27/2017  07:44 PM            62,816 fsdepends.sys
07/16/2016  06:42 AM            31,584 fs_rec.sys
09/15/2016  12:15 PM           649,568 fvevol.sys
03/04/2017  02:17 AM           409,952 FWPKCLNT.SYS
07/16/2016  06:41 AM            20,480 genericusbfn.sys
07/16/2016  06:42 AM         3,440,660 gm.dls
07/16/2016  06:42 AM               646 gmreadme.txt
07/16/2016  06:42 AM             8,192 gpuenergydrv.sys
12/16/2015  09:17 PM            20,160 GUBootStartup.sys
07/16/2016  06:41 AM            83,456 hdaudbus.sys
07/18/2012  03:46 AM            62,784 HECIx64.sys
07/16/2016  06:41 AM            36,704 hidbatt.sys
07/16/2016  06:41 AM           108,032 hidbth.sys
10/14/2016  10:55 PM           156,672 hidclass.sys
07/16/2016  06:41 AM            51,200 hidi2c.sys
07/16/2016  06:41 AM            50,016 hidinterrupt.sys
07/16/2016  06:41 AM            46,592 hidir.sys
08/05/2016  10:46 PM            40,960 hidparse.sys
08/05/2016  10:47 PM            38,400 hidusb.sys
07/16/2016  06:41 AM            64,352 HpSAMD.sys
08/01/2017  02:13 PM         1,102,176 http.sys
08/05/2016  11:16 PM            73,568 hvservice.sys
03/04/2017  02:07 AM           110,944 hvsocket.sys
07/16/2016  06:42 AM            29,536 hwpolicy.sys
07/16/2016  06:41 AM            16,384 hyperkbd.sys
07/16/2016  06:41 AM           114,176 i8042prt.sys
07/16/2016  06:41 AM            33,280 iagpio.sys
07/16/2016  06:41 AM            81,408 iai2c.sys
07/16/2016  06:41 AM            64,512 iaLPSS2i_GPIO2.sys
07/16/2016  06:41 AM           176,384 iaLPSS2i_I2C.sys
07/16/2016  06:41 AM            38,128 iaLPSSi_GPIO.sys
07/16/2016  06:41 AM           113,152 iaLPSSi_I2C.sys
07/31/2015  11:58 PM           680,832 iaStorA.sys
07/16/2016  06:41 AM           673,120 iaStorAV.sys
07/16/2016  06:41 AM           412,000 iaStorV.sys
07/16/2016  06:41 AM           526,176 ibbus.sys
12/14/2015  06:20 PM            48,704 imdisk.sys
03/17/2017  12:57 AM            44,096 IMFCameraProtect.sys
07/16/2016  06:42 AM            35,840 IndirectKmd.sys
07/16/2016  06:41 AM            19,296 intelide.sys
07/18/2012  03:47 AM            15,168 IntelMEFWVer.dll
07/16/2016  06:41 AM            48,152 intelpep.sys
07/16/2016  06:41 AM           134,144 intelppm.sys
11/08/2016  01:40 PM            48,992 iorate.sys
07/16/2016  06:42 AM            85,504 ipfltdrv.sys
03/04/2017  02:24 AM            90,976 IPMIDrv.sys
07/16/2016  06:42 AM           212,480 ipnat.sys
07/16/2016  06:42 AM           120,320 irda.sys
07/16/2016  06:42 AM            19,456 irenum.sys
07/16/2016  06:41 AM            22,880 isapnp.sys
07/16/2016  06:41 AM            62,304 kbdclass.sys
09/15/2016  11:43 AM            39,424 kbdhid.sys
07/16/2016  06:41 AM            25,088 kdnic.sys
03/04/2017  01:28 AM           394,752 ks.sys
08/01/2017  02:32 PM           133,984 ksecdd.sys
08/01/2017  02:25 PM           168,800 ksecpkg.sys
07/16/2016  06:42 AM            26,112 ksthunk.sys
06/16/2016  10:59 PM           161,864 L1C63x64.sys
07/16/2016  06:42 AM            66,048 lltdio.sys
08/31/2017  11:09 PM            61,304 lpsport.sys
07/16/2016  06:41 AM           108,896 lsi_sas.sys
07/16/2016  06:41 AM           105,824 lsi_sas2i.sys
07/16/2016  06:41 AM           101,216 lsi_sas3i.sys
07/16/2016  06:41 AM            82,776 lsi_sss.sys
07/16/2016  06:42 AM           125,952 luafv.sys
09/11/2017  06:45 AM            77,440 mbae64.sys
09/11/2017  06:46 AM            45,472 mbam.sys
09/11/2017  06:46 AM           192,960 MBAMChameleon.sys
09/11/2017  05:38 AM           253,888 MBAMSwissArmy.sys
07/16/2016  06:42 AM            22,528 mcd.sys
07/16/2016  06:41 AM            59,744 megasas.sys
10/05/2016  05:09 AM            64,352 MegaSas2i.sys
07/16/2016  06:41 AM           575,840 megasr.sys
07/16/2016  06:41 AM           842,584 mlx4_bus.sys
07/16/2016  06:42 AM            48,128 mmcss.sys
11/11/2016  04:26 AM            42,496 modem.sys
07/16/2016  06:41 AM            38,400 monitor.sys
07/16/2016  06:41 AM            59,232 mouclass.sys
07/16/2016  06:41 AM            32,256 mouhid.sys
07/16/2016  06:42 AM           104,800 mountmgr.sys
07/16/2016  06:42 AM            75,776 mpsdrv.sys
10/05/2016  04:20 AM           143,872 mrxdav.sys
03/04/2017  02:08 AM           450,400 mrxsmb.sys
07/07/2017  01:39 AM           282,624 mrxsmb10.sys
07/12/2017  01:00 AM           223,072 mrxsmb20.sys
07/16/2016  06:42 AM            31,232 msfs.sys
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
07/16/2016  06:42 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
07/16/2016  06:42 AM           168,800 msgpioclx.sys
07/16/2016  06:41 AM            50,528 msgpiowin32.sys
07/16/2016  06:42 AM             8,704 mshidkmdf.sys
07/16/2016  06:42 AM            11,776 mshidumdf.sys
09/11/2017  06:33 AM            81,696 msidntfs.sys
07/16/2016  06:41 AM            18,784 msisadrv.sys
07/12/2017  12:56 AM           277,856 msiscsi.sys
03/04/2017  01:36 AM            27,136 mskssrv.sys
07/16/2016  06:42 AM            78,336 mslldp.sys
07/16/2016  06:42 AM            10,752 mspclock.sys
07/16/2016  06:42 AM            10,752 mspqm.sys
07/16/2016  06:42 AM           361,312 msrpc.sys
07/16/2016  06:41 AM            43,360 mssmbios.sys
07/16/2016  06:42 AM            12,800 mstee.sys
07/16/2016  06:41 AM            15,872 MTConfig.sys
06/21/2017  02:50 AM           126,304 mup.sys
07/16/2016  06:41 AM            63,840 mvumis.sys
09/11/2017  06:39 AM            94,144 mwac.sys
07/16/2016  06:41 AM           108,896 ndfltr.sys
07/12/2017  01:09 AM         1,181,024 ndis.sys
07/16/2016  06:42 AM            50,176 ndiscap.sys
07/16/2016  06:42 AM           126,464 NdisImPlatform.sys
07/16/2016  06:42 AM            26,112 ndistapi.sys
07/16/2016  06:42 AM            63,488 ndisuio.sys
07/16/2016  06:42 AM            20,480 NdisVirtualBus.sys
07/16/2016  06:42 AM           189,440 ndiswan.sys
07/16/2016  06:42 AM            60,928 ndproxy.sys
07/16/2016  06:42 AM           125,440 Ndu.sys
07/16/2016  06:42 AM            90,624 NetAdapterCx.sys
07/16/2016  06:42 AM            57,184 netbios.sys
07/16/2016  06:42 AM           279,040 netbt.sys
07/07/2017  02:37 AM           468,320 netio.sys
06/12/2015  04:59 AM         2,554,528 netr28x.sys
02/11/2011  04:23 PM            35,344 npf.sys
07/16/2016  06:42 AM            68,608 npfs.sys
07/16/2016  06:41 AM            26,624 npsvctrig.sys
07/16/2016  06:42 AM            41,984 nsiproxy.sys
07/12/2017  01:13 AM         2,253,664 ntfs.sys
07/16/2016  06:43 AM            19,296 ntosext.sys
07/16/2016  06:42 AM             7,168 null.sys
07/08/2017  08:49 PM           218,712 nvhda64v.sys
07/19/2017  03:13 PM        15,668,664 nvlddmkm.sys
07/16/2016  06:41 AM           150,368 nvraid.sys
07/16/2016  06:41 AM           166,240 nvstor.sys
06/21/2017  02:07 AM            48,248 nvvad64v.sys
07/18/2017  07:40 PM            57,792 nvvhci.sys
03/04/2017  01:30 AM           535,552 nwifi.sys
07/12/2017  01:00 AM           160,608 pacer.sys
07/16/2016  06:41 AM            96,768 parport.sys
03/04/2017  02:20 AM           128,352 partmgr.sys
12/14/2016  12:18 AM           335,712 pci.sys
07/16/2016  06:41 AM            16,224 pciide.sys
07/16/2016  06:41 AM            52,576 pciidex.sys
07/16/2016  06:41 AM           118,112 pcmcia.sys
07/16/2016  06:42 AM            51,552 pcw.sys
07/07/2017  02:44 AM           108,896 pdc.sys
07/16/2016  06:42 AM           723,968 PEAuth.sys
07/16/2016  06:41 AM            58,720 percsas2i.sys
07/16/2016  06:41 AM            61,792 percsas3i.sys
07/16/2016  06:41 AM           366,592 portcls.sys
07/16/2016  06:41 AM           119,808 processr.sys
07/16/2016  06:42 AM            48,640 qwavedrv.sys
07/16/2016  06:42 AM            17,408 rasacd.sys
07/16/2016  06:42 AM           104,960 rasl2tp.sys
04/27/2017  07:03 PM            81,408 raspppoe.sys
07/16/2016  06:42 AM            96,256 raspptp.sys
07/16/2016  06:42 AM            77,824 rassstp.sys
02/24/2016  02:08 PM            41,576 rawdsk3.sys
04/27/2017  07:38 PM           431,968 rdbss.sys
07/16/2016  09:27 AM            26,112 rdpbus.sys
07/16/2016  09:27 AM           177,152 rdpdr.sys
07/16/2016  09:27 AM            29,536 rdpvideominiport.sys
07/16/2016  06:42 AM           267,104 rdyboost.sys
07/16/2016  06:42 AM           928,608 refsv1.sys
07/16/2016  06:42 AM            70,144 registry.sys
07/16/2016  06:41 AM            39,936 RfxVmt.sys
07/16/2016  06:42 AM           147,968 rmcast.sys
07/16/2016  06:42 AM            34,304 RNDISMP.sys
06/21/2017  02:03 AM            13,312 rootmdm.sys
07/16/2016  06:42 AM            81,408 rspndr.sys
05/13/2016  10:54 AM           407,768 RtsUer.sys
07/16/2016  06:41 AM           110,432 sbp2port.sys
07/16/2016  06:42 AM            43,008 scfilter.sys
06/21/2017  02:52 AM            88,416 scmbus.sys
07/12/2017  12:24 AM           124,928 scmdisk0101.sys
07/16/2016  06:42 AM           173,408 scsiport.sys
06/03/2017  05:16 AM           279,904 sdbus.sys
07/16/2016  06:42 AM            95,584 sdport.sys
07/12/2017  01:00 AM            95,584 sdstor.sys
07/16/2016  06:42 AM            74,592 SerCx.sys
07/16/2016  06:42 AM           151,904 SerCx2.sys
07/16/2016  06:41 AM            25,088 serenum.sys
07/16/2016  06:41 AM            83,968 serial.sys
07/16/2016  06:41 AM            27,648 sermouse.sys
07/16/2016  06:41 AM            18,432 sfloppy.sys
07/16/2016  06:41 AM            44,896 sisraid2.sys
07/16/2016  06:41 AM            81,760 sisraid4.sys
07/16/2016  06:42 AM            22,016 smclib.sys
08/01/2017  02:20 PM           557,408 spaceport.sys
07/16/2016  06:42 AM            79,200 SpbCx.sys
04/27/2017  06:51 PM           409,600 srv.sys
04/27/2017  06:51 PM           713,216 srv2.sys
09/11/2017  05:43 AM           113,488 srvilpsv.sys
09/06/2016  11:45 PM           248,320 srvnet.sys
07/16/2016  06:41 AM            31,072 stexstor.sys
03/04/2017  02:08 AM           130,912 storahci.sys
07/12/2017  01:17 AM            81,760 stornvme.sys
06/03/2017  04:49 AM           509,280 storport.sys
07/16/2016  06:42 AM            78,336 storqosflt.sys
07/16/2016  06:41 AM            32,096 storufs.sys
07/16/2016  06:41 AM            36,192 storvsc.sys
07/16/2016  06:42 AM            74,240 stream.sys
06/16/2016  10:58 PM           561,672 stwrt64.sys
07/16/2016  06:41 AM            17,760 swenum.sys
07/16/2016  06:41 AM            64,000 Synth3dVsc.sys
07/16/2016  06:42 AM            30,720 tape.sys
07/16/2016  06:42 AM            26,976 tbs.sys
08/01/2017  02:13 PM         2,532,192 tcpip.sys
07/07/2017  01:46 AM            52,224 tcpipreg.sys
07/16/2016  06:42 AM            40,288 tdi.sys
08/01/2017  02:27 PM           118,112 tdx.sys
10/10/2016  03:28 AM           186,424 TeeDriverW8x64.sys
07/16/2016  09:27 AM            38,752 terminpt.sys
06/03/2017  05:11 AM           128,864 tm.sys
11/11/2016  05:00 AM           219,488 tpm.sys
12/05/2016  03:32 PM           520,032 trufos.sys
07/16/2016  06:42 AM            61,440 TsUsbFlt.sys
07/16/2016  06:41 AM            34,304 TsUsbGD.sys
07/16/2016  06:42 AM           158,208 tunnel.sys
07/16/2016  06:41 AM            77,152 uaspstor.sys
07/16/2016  06:42 AM            95,744 UcmCx.sys
07/16/2016  06:42 AM           108,544 UcmTcpciCx.sys
07/16/2016  06:41 AM            50,688 UcmUcsi.sys
07/16/2016  06:42 AM           210,272 Ucx01000.sys
07/16/2016  06:42 AM            45,568 Udecx.sys
07/16/2016  06:42 AM           320,000 udfs.sys
07/16/2016  06:41 AM            28,512 uefi.sys
07/16/2016  06:42 AM           263,008 ufx01000.sys
07/16/2016  06:41 AM            96,608 UfxChipidea.sys
07/16/2016  06:41 AM           137,056 ufxsynopsys.sys
07/16/2016  06:41 AM            56,832 umbus.sys
07/16/2016  09:14 AM    <DIR>          UMDF
07/16/2016  06:41 AM            13,824 umpass.sys
07/16/2016  06:41 AM            28,512 urschipidea.sys
07/16/2016  06:42 AM            57,696 urscx01000.sys
07/16/2016  06:41 AM            27,488 urssynopsys.sys
07/16/2016  06:42 AM            23,040 usb8023.sys
07/16/2016  06:42 AM            36,864 USBCAMD2.sys
07/16/2016  06:41 AM           169,312 usbccgp.sys
07/16/2016  06:41 AM           102,400 usbcir.sys
07/16/2016  06:41 AM            32,608 usbd.sys
07/16/2016  06:41 AM            96,096 usbehci.sys
07/16/2016  06:41 AM           501,088 usbhub.sys
07/16/2016  06:41 AM           535,904 USBHUB3.SYS
07/16/2016  06:41 AM            30,208 usbohci.sys
07/16/2016  06:41 AM           455,520 usbport.sys
07/16/2016  06:41 AM            27,648 usbprint.sys
07/16/2016  06:43 AM            32,256 usbrpm.sys
07/16/2016  06:41 AM            69,120 usbser.sys
06/21/2017  02:36 AM           129,888 USBSTOR.SYS
07/16/2016  06:41 AM            35,328 usbuhci.sys
06/03/2017  04:50 AM           381,792 USBXHCI.SYS
07/16/2016  06:41 AM            53,088 vdrvroot.sys
07/16/2016  06:42 AM           201,056 VerifierExt.sys
07/12/2017  01:01 AM           715,104 vhdmp.sys
07/16/2016  06:42 AM            32,256 vhf.sys
07/16/2016  06:42 AM            50,176 videoprt.sys
08/01/2017  02:20 PM            79,712 vmbkmcl.sys
08/01/2017  01:52 PM            80,896 vmbkmclr.sys
07/16/2016  06:41 AM           104,288 vmbus.sys
07/16/2016  06:41 AM            25,088 VMBusHID.sys
07/16/2016  06:41 AM            13,312 vmgencounter.sys
07/16/2016  06:41 AM            10,240 vmgid.sys
07/16/2016  06:41 AM             9,216 vms3cap.sys
07/16/2016  06:41 AM            46,944 vmstorfl.sys
07/16/2016  06:41 AM            80,224 volmgr.sys
07/16/2016  06:42 AM           367,456 volmgrx.sys
07/16/2016  06:42 AM           391,520 volsnap.sys
07/16/2016  06:41 AM            16,224 volume.sys
09/15/2016  12:29 PM            74,080 vpci.sys
07/16/2016  06:41 AM           166,752 vsmraid.sys
07/16/2016  06:41 AM           305,504 VSTXRAID.SYS
07/16/2016  06:42 AM            26,624 vwifibus.sys
07/16/2016  06:42 AM            73,216 vwififlt.sys
04/27/2017  07:02 PM            40,448 vwifimp.sys
07/16/2016  06:41 AM            30,208 wacompen.sys
07/16/2016  06:42 AM            79,872 wanarp.sys
07/16/2016  06:42 AM            56,320 watchdog.sys
09/15/2016  12:14 PM           119,648 wcifs.sys
07/12/2017  12:25 AM            66,560 wcnfs.sys
07/16/2016  06:43 AM            44,056 WdBoot.sys
07/16/2016  06:42 AM           861,296 Wdf01000.sys
07/16/2016  06:43 AM           290,144 WdFilter.sys
07/16/2016  06:42 AM            61,040 WdfLdr.sys
06/21/2017  01:56 AM           719,872 WdiWiFi.sys
07/16/2016  06:43 AM           123,232 WdNisDrv.sys
07/16/2016  06:42 AM            39,776 werkernel.sys
07/12/2017  01:01 AM           156,000 wfplwfs.sys
07/16/2016  06:42 AM            35,680 wimmount.sys
07/16/2016  06:42 AM           107,032 WindowsTrustedRT.sys
07/16/2016  06:41 AM            17,944 WindowsTrustedRTProxy.sys
07/16/2016  06:42 AM            31,584 winhv.sys
09/15/2016  11:42 AM            51,712 winhvr.sys
07/16/2016  06:41 AM            32,096 winmad.sys
12/21/2016  05:59 AM            14,544 WinRing0.sys
07/16/2016  06:41 AM            89,088 winusb.sys
07/16/2016  06:41 AM            64,864 winverbs.sys
07/16/2016  06:41 AM            18,432 wmiacpi.sys
07/16/2016  06:42 AM            20,320 wmilib.sys
10/22/2016  04:52 PM           199,008 wof.sys
07/16/2016  06:44 AM            30,560 WpdUpFltr.sys
07/16/2016  06:42 AM            31,584 WppRecorder.sys
07/16/2016  06:42 AM            22,528 ws2ifsl.sys
07/16/2016  06:42 AM            99,328 WUDFPf.sys
07/16/2016  06:42 AM           216,064 WUDFRd.sys
03/04/2017  01:34 AM           258,560 xboxgip.sys
08/20/2016  12:20 AM            43,520 xinputhid.sys
06/06/2015  05:16 AM            63,840 XtuAcpiDriver.sys
             434 File(s)     99,725,584 bytes
               5 Dir(s)   6,651,637,760 bytes free

========= End of CMD: =========

==== End of Fixlog 07:29:32 ====

Edited September 11, 2017 by Virus_Victim

[Aura]

And now for the fun part.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

• USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
• CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
• Another computer (optional: only needed if you cannot work from the infected computer directly)
  

Preparing the USB Flash Drive

• Download the right version of FRST for your system:
  
  • FRST 64-bit
    
• Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
• Download the attached fixlist.txt, and move it on your USB Flash Drive as well
  

Boot in the Recovery Environment

• Plug your USB Flash Drive in the infected computer
• To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
    
• To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
  Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
• To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
  Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  

Once in the command prompt

• In the command prompt, type notepad and press on Enter
• Notepad will open. Click on the File menu and select Open
• Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
• In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
• Note: Replace the letter e with the drive letter of your USB Flash Drive
• FRST will open
• Click on Yes to accept the disclaimer
• Click on the Fix button and wait for the scan to complete
• A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply
  

fixlist.txt

[Virus_Victim]

What if I do NOT have a flash drive ?

[Aura]

Then you'll need to get one. Or you'll need to unplug the infected computer's hard drive, connect it as a secondary hard drive on another computer and clean it from there.

Sadly, this is the only way to deal with SmartService at the moment.

[Virus_Victim]

Thank U for all the help. This seems so complicated

Please answer the folo questions.

Preparing the USB Flash Drive

1. Can I use a NON empty USB Flash Drive ? Will the progress delete data already on the USB Flash Drive ?

Boot in the Recovery Environment

2. Can I use shutdown /r /o /f /t 00 ? or <Shift> Restart ? Confirm please.

Reinstalling Windows 10

3. Would Reinstalling Windows 10 fix the issue ? Does reinstalling Windows 10 remove ALL inflects & malware ?

I appreciate all the help but I need time to comprehend the instructions.

Thank U.

[Aura]

Quote

1. Can I use a NON empty USB Flash Drive ? Will the progress delete data already on the USB Flash Drive ?

You can. All you need to do is copy/paste the FRST executable and attached fixlist.txt on the USB Flash Drive after, no need to delete anything on it.

Quote

2. Can I use shutdown /r /o /f /t 00 ? or <Shift> Restart ? Confirm please.

You'll need to use the Shift Restart method to get in the Recovery Environment. The shutdown command you posted won't work (also, the /o switch doesn't exist for it).

Quote

3. Would Reinstalling Windows 10 fix the issue ? Does reinstalling Windows 10 remove ALL inflects & malware ?

It would, and it does, yes.

[Virus_Victim]

Do U favor Flash Drive approach or Windows 10 reinstall ?"

Major Concerns: 

1. Windows10Upgrade9252.exe will not run.

2. Windows update will NOT run. 2017-09 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4038782) FAIL.

Any services to check if running ? Which services would be a good idea to restart ?

Please suggest Microsoft site OEM reinstall method.

Thank U.

Edited September 13, 2017 by Virus_Victim

[Aura]

Quote

Do U favor Flash Drive approach or Windows 10 reinstall ?"

You'll need a USB Flash Drive for both methods. I favor the clean-up method. You're infected with SmartService, it's quite easy to remove with a USB Flash Drive and access to the Recovery Environment.

And most of your issues are probably related to the active infection (SmartService) on your system. Right now we should focus on removing it before troubleshooting anything else.

You can use the Windows 10 Media Creation Tool to create an installation media for Windows 10.

http://www.thewindowsclub.com/windows-10-media-creation-tool-create-installation-media-upgrade

[Virus_Victim]

In the process of instructions Posted Monday at 07:39 AM

Please await fixlog.txt saved on USB Flash Drive attached in next reply. ( approx.: under 30 minutes )

[Virus_Victim]

Requested fixlog.txt from USB FLASH DRIVE in SAFE MODE posted & attached.

Please instruct further.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2017
Ran by JK (12-09-2017 21:52:53) Run:2
Running from e:\
Loaded Profiles: JK (Available Profiles: JK & Jack__000 & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
S4 xqmlt; System32\drivers\tyugu.sys [X]

C:\Program Files (x86)\jf9z5vq2eu.dat
C:\Users\J\AppData\Local\{B5EA83B6-9142-EF0E-FCDA-CAE6D8B2367E}
C:\Users\J\AppData\Local\{5F9469C8-7B3C-0570-16A4-209832CCDC00}
C:\Users\J\AppData\Local\ctfardb
C:\Users\J\AppData\Local\utceazy
C:\Users\J\AppData\Roaming\et
C:\WINDOWS\system32\vmaxzpm
C:\WINDOWS\SysWOW64\vmaxzpm
C:\Windows\Temp\msciugdsrv.exe
C:\WINDOWS\system32\Drivers\srvilpsv.sys
C:\Windows\System32\drivers\msidntfs.sys
2017-09-11 06:46 - 2017-09-11 06:46 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7DE75172.sys
2017-09-11 06:46 - 2017-09-11 06:46 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-11 06:36 - 2017-09-11 06:36 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\165449CA.sys
2017-09-11 06:35 - 2017-09-11 06:35 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5EF2493B.sys
2017-09-11 06:35 - 2017-09-11 06:35 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3F2B4906.sys
2017-09-11 05:49 - 2017-09-11 05:49 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0BB42602.sys
2017-09-11 05:49 - 2017-09-11 05:49 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0388262A.sys
2017-09-11 05:36 - 2017-09-11 05:36 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\37281B9A.sys
2017-09-11 03:02 - 2017-09-11 03:02 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\648E2604.sys
2017-09-11 03:02 - 2017-09-11 03:02 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32662628.sys
2017-09-11 02:26 - 2017-09-11 02:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\50F20A66.sys
2017-09-11 02:26 - 2017-09-11 02:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\031A0A42.sys
2017-09-11 01:39 - 2017-09-11 01:39 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\184066AE.sys
2017-09-11 01:22 - 2017-09-11 01:22 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\60F35953.sys
2017-09-11 01:22 - 2017-09-11 01:22 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5CDD5967.sys
2017-09-10 05:26 - 2017-09-10 05:26 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4BF94639.sys
2017-09-05 07:14 - 2017-09-05 07:14 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6102126C.sys
2017-09-05 07:14 - 2017-09-05 07:14 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3D26124B.sys
*****************

HKLM\System\CurrentControlSet\Services\xqmlt => key removed successfully
xqmlt => service removed successfully
C:\Program Files (x86)\jf9z5vq2eu.dat => moved successfully
C:\Users\J\AppData\Local\{B5EA83B6-9142-EF0E-FCDA-CAE6D8B2367E} => moved successfully
C:\Users\J\AppData\Local\{5F9469C8-7B3C-0570-16A4-209832CCDC00} => moved successfully

"C:\Users\J\AppData\Local\ctfardb" folder move:

Could not move "C:\Users\J\AppData\Local\ctfardb" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 12-09-2017 21:54:07)

"C:\Users\J\AppData\Local\ctfardb" => Could not move

==== End of Fixlog 21:54:10 ====

 

Fixlog.txt

[Aura]

You ran that fix in Safe Mode.

Boot Mode: Safe Mode (with Networking)

It didn't work, you really need to be in the Recovery Environment to run this fix.

[Virus_Victim]

Please instruct step by step to REACH  Recovery Environment. I do NOT see the option/choice at 1-9 in Startup Setting.

Shift Restart method was used that created the 

Boot Mode: Safe Mode (with Networking)

Edited September 14, 2017 by Virus_Victim

[Aura]

Any of the methods listed there should work.

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

If one doesn't work, try the other, and so on.

[Virus_Victim]

Boot to Advanced Startup Options from Settings in Windows 10

Please post Boot to Advanced Startup Options from Command if shutdown /r /o /f /t 00 does NOT work.

Edited September 14, 2017 by Virus_Victim

[Virus_Victim]

I am unable to enter REACH  Recovery Environment.

Please post Boot to Advanced Startup Options from Command and I will run the fix again.

Edited September 14, 2017 by Virus_Victim

[Aura]

I'm not able to access the fixlog.txt you attached in your previous post, can you reattach it?

[Virus_Victim]

I am unable to enter REACH  Recovery Environment.

Please post Boot to Advanced Startup Options from Command and I will run the fix again if shutdown /r /o /f /t 00  is wrong.

Which if the 1-9 Options do I choose once in Recovery Environment.

Edited September 14, 2017 by Virus_Victim

[Aura]

Like I said, if one isn't working, try the other one.

However, there's something I would like you to try before we boot in the Recovery Environment. Follow the instructions in the tutorial below. Make SURE to download the linked version of MBAR in it.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

[Virus_Victim]

1. Scan activated.

2. Problems were cleaned - system rebooted

3. Re scanning to conform corrections.

Please await results.

Edited September 14, 2017 by Virus_Victim

[Virus_Victim]

1. Scan activated.

2. Problems were cleaned - system rebooted

3. Re scanning to conform corrections.

4. Confirmed NO problems detected by 2nd scan.

Awaiting further instructions.

Confirming with WINDOWS UPDATE.  2017-09 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4038782).

Thank U.

Edited September 14, 2017 by Virus_Victim

[Virus_Victim]

I would like to thank U for all the HELP !!! 

Link worked !!! 

Please advise if Avast is competent Virus Protection. 

Suggestion for BEST FREE Virus Protection.

Thank U again !!! Best Wishes.