Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"The Requested Resource is in use" unable to run antivirus


  • This topic is locked This topic is locked
47 replies to this topic

#1 twalls

twalls

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 01:04 PM

I am unable to run most downloadable antivirus programs, the few that run do not correct the issue of receiving "The Requested Resource is in use" when attempting to run the others, I noticed the issues and attempted to run combo fix.

I am unable to restore as there are no longer any restore points saved.

I was able to run FARBAR, but I do not think I am utilizing it properly or even if it can help.

any assistance would be much appreciated.

 

These are the two files it created when i ran it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Koschei (administrator) on APPLE (03-09-2017 12:33:18)
Running from D:\Users\Koschei\Documents\ComboKey\rootkit remover
Loaded Profiles: Koschei (Available Profiles: Koschei)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\msdeavzsrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Symantec Corporation) D:\Users\Koschei\Documents\ComboKey\rootkit remover\NPE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHRA.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Koschei\AppData\Local\unilrck\unilrck.exe
() C:\Users\Koschei\AppData\Local\unilrck\vmafpta.exe
() C:\Users\Koschei\AppData\Local\unilrck\vmafpta.exe
() C:\Users\Koschei\AppData\Local\unilrck\vmafpta.exe
() C:\Users\Koschei\AppData\Local\unilrck\vmafpta.exe
() C:\Users\Koschei\AppData\Local\unilrck\vmafpta.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [289248 2017-09-02] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3674048 2017-08-27] (Simply Super Software)
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\Run: [EPSON WorkForce 435 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\MountPoints2: {3a5070fa-a5d4-11e4-825d-6057181db88d} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\MountPoints2: {661510a3-17be-11e7-82be-6057181db88d} - "E:\AutoPlay.exe" 
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\MountPoints2: {661510d7-17be-11e7-82be-6057181db88d} - "F:\Autoplay.exe" 
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\...\MountPoints2: {661510ef-17be-11e7-82be-6057181db88d} - "G:\setup.exe" 
SSODL: EldosMountNotificator-cbfs4 - {207186A4-274C-41D7-ABFB-0C9120DADFB4} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {207186A4-274C-41D7-ABFB-0C9120DADFB4} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-01-08]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-07-26]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{ECC959DC-57E6-4A63-AB6A-7E6472E378ED}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3701428629-1760067635-734380300-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3701428629-1760067635-734380300-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-26] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-26] (Oracle Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-26] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-26] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-26] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://start.search.us.com?guid={8E01B5DA-ED1E-435B-B062-226D980325EE}","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_hrzon_15_42&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0F0AyD0BtCtDyBtByCyE0A0FyDtAtN0D0Tzu0StCtAzztDtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0AtCzz0EyEtCyDtGtBzztA0FtGtAtAyE0BtGtBzztAtAtGyCzytCyCyEyB0EyE0AyByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDyCyD0D0B0B0AtGyCyDzy0AtGyEyCtA0EtGzzyCyB0AtGyCyB0BtByB0A0A0E0A0FtD0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzytD%26cr%3D1614672578%26a%3Dwncy_hrzon_15_42%26os%3DWindows%2B8.1"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default [2017-09-03]
CHR Extension: (Google Slides) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (AVG Secure Search) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-09-03]
CHR Extension: (Google Search) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tampermonkey) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-21]
CHR Extension: (Google Sheets) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (AdBlock) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-11]
CHR Extension: (BugMeNot Lite Fixed) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiooclbfflbfkpplfmoohkkgpknbpmpg [2017-05-16]
CHR Extension: (AVG SafePrice) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-09-02]
CHR Extension: (Chrono Download Manager) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]
CHR Extension: (Multiple File Download) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\opncjdadngnekakilfcgjlgbmekljdbm [2017-05-12]
CHR Extension: (Gmail) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-11]
CHR Extension: (Page One - Banish Multipage Articles) - C:\Users\Koschei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pojkjlgamiogkhagabbejodnkcnnbfdb [2017-06-24]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3701428629-1760067635-734380300-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3701428629-1760067635-734380300-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3701428629-1760067635-734380300-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [276328 2017-09-02] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7502936 2017-09-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-24] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-01-08] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-01-08] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 NPEService; D:\Users\Koschei\Documents\ComboKey\rootkit remover\NPE.exe [3422944 2017-09-03] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-05-27] (CLEVO CO.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-09-02] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-09-02] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-09-02] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-09-02] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-09-02] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [140192 2017-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-09-02] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008800 2017-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [583288 2017-09-02] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191720 2017-09-02] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-09-02] (AVG Technologies CZ, s.r.o.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2014-01-15] (EldoS Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-04] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-04] (Disc Soft Ltd)
R0 FPWinIo; C:\Windows\System32\drivers\FPWinIo.sys [83688 2013-08-08] (Egis Technology Inc.)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3479528 2014-08-21] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [502488 2014-05-07] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-09] (Synaptics Incorporated)
S4 SMR501; C:\Windows\System32\drivers\SMR501.SYS [111288 2017-09-03] (Symantec Corporation)
R3 ssbthid; C:\Windows\System32\drivers\ssbthid.sys [43880 2017-05-12] (SteelSeries ApS)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46408 2017-06-01] (SteelSeries ApS)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2014-01-15] (EldoS Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-03 12:33 - 2017-09-03 12:33 - 000000000 ____D C:\FRST
2017-09-03 12:25 - 2017-09-03 12:25 - 000113488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumhloru.sys
2017-09-03 12:24 - 2017-09-03 12:27 - 000000000 ____D C:\ProgramData\TEMP
2017-09-03 12:21 - 2017-09-03 12:21 - 000000000 ____D C:\ProgramData\Simply Super Software
2017-09-03 12:21 - 2017-09-03 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2017-09-03 12:21 - 2017-09-03 12:21 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2017-09-03 11:53 - 2017-09-03 11:53 - 000000000 _____ C:\autoexec.bat
2017-09-03 11:44 - 2017-09-03 11:44 - 000394904 _____ C:\Windows\Minidump\090317-6093-01.dmp
2017-09-03 11:37 - 2017-09-03 11:37 - 000111288 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR501.SYS
2017-09-03 11:35 - 2017-09-03 11:37 - 000000552 _____ C:\Windows\ntbtlog.txt
2017-09-03 11:29 - 2017-09-03 11:32 - 000010682 _____ C:\Windows\system32\Drivers\SMR501.dat
2017-09-03 11:27 - 2017-09-03 11:27 - 000396696 _____ C:\Windows\Minidump\090317-5953-01.dmp
2017-09-03 11:26 - 2017-09-03 12:25 - 000000000 ____D C:\NPE
2017-09-03 11:25 - 2017-09-03 11:46 - 000000000 ____D C:\Users\Koschei\AppData\Local\NPE
2017-09-03 11:25 - 2017-09-03 11:25 - 000000000 ____D C:\ProgramData\Norton
2017-09-03 10:53 - 2017-09-03 11:02 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-03 10:53 - 2017-09-03 10:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-03 10:52 - 2017-09-03 11:01 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-09-03 10:35 - 2017-09-03 10:40 - 000000000 ____D C:\Windows\pss
2017-09-03 10:00 - 2017-09-03 10:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-03 09:32 - 2017-09-03 10:36 - 000000000 ____D C:\AdwCleaner
2017-09-03 09:09 - 2017-09-03 09:04 - 005659851 _____ (Swearware) C:\Users\Koschei\Desktop\ComboFix.exe
2017-09-02 15:48 - 2017-09-03 12:30 - 000000000 ____D C:\Users\Koschei\AppData\Local\unilrck
2017-09-02 15:48 - 2017-09-03 12:30 - 000000000 ____D C:\Users\Koschei\AppData\Local\lsaoumk
2017-09-02 15:48 - 2017-09-02 15:48 - 000000000 ____D C:\Users\Koschei\AppData\Local\regtool
2017-09-02 15:43 - 2017-09-03 12:30 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-09-02 15:43 - 2017-09-02 15:43 - 000417696 _____ C:\Windows\Minidump\090217-8875-01.dmp
2017-09-02 15:40 - 2017-09-02 15:40 - 000000000 ____D C:\Windows\SysWOW64\vmtyjyf
2017-09-02 15:40 - 2017-09-02 15:40 - 000000000 ____D C:\Windows\system32\vmtyjyf
2017-09-02 15:40 - 2017-09-02 15:40 - 000000000 ____D C:\Users\Koschei\AppData\Roaming\et
2017-09-02 15:34 - 2017-09-02 15:34 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-09-01 13:52 - 2017-09-01 13:52 - 000012953 _____ C:\Users\Koschei\AppData\Local\recently-used.xbel
2017-08-05 08:57 - 2017-08-05 08:57 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-08-05 08:57 - 2017-07-26 12:09 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-03 14:44 - 2015-01-08 16:26 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2017-09-03 14:43 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-03 14:43 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\registration
2017-09-03 12:33 - 2015-01-08 16:19 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-03 12:31 - 2015-01-15 14:02 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3701428629-1760067635-734380300-1001
2017-09-03 12:31 - 2014-03-18 05:03 - 000866884 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-03 12:31 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2017-09-03 12:25 - 2015-01-15 13:57 - 000000000 __SHD C:\Users\Koschei\IntelGraphicsProfiles
2017-09-03 12:25 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-03 12:25 - 2013-08-22 08:25 - 013369344 _____ C:\Windows\system32\config\HARDWARE
2017-09-03 11:44 - 2017-06-16 07:46 - 573223511 _____ C:\Windows\MEMORY.DMP
2017-09-03 11:44 - 2016-08-29 18:17 - 000000000 ____D C:\Windows\Minidump
2017-09-03 11:44 - 2015-01-15 13:57 - 000000000 ____D C:\Users\Koschei
2017-09-03 11:44 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\Sysprep
2017-09-03 09:44 - 2016-01-26 09:24 - 000000000 ____D C:\Users\Koschei\AppData\Local\CrashDumps
2017-09-03 09:31 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-03 09:28 - 2015-11-09 19:42 - 000000000 ____D C:\Users\Koschei\AppData\Local\AvgSetupLog
2017-09-02 15:43 - 2013-08-22 09:44 - 000419128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-02 15:41 - 2017-03-22 14:17 - 000000000 ____D C:\ProgramData\{98BB5DD8-12F9-D71E-943F-495C0E7DC292}
2017-09-02 15:34 - 2017-05-23 16:32 - 001008800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000583288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-09-02 15:34 - 2017-05-23 16:32 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-09-02 15:26 - 2015-03-16 15:54 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-02 14:10 - 2016-09-23 17:33 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-09-01 14:18 - 2015-12-15 22:25 - 000000000 ____D C:\Users\Koschei\AppData\Local\Warframe
2017-09-01 13:53 - 2016-04-26 17:24 - 000000000 ____D C:\Users\Koschei\.gimp-2.8
2017-08-28 18:28 - 2015-01-15 16:39 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 18:28 - 2015-01-15 16:39 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 09:06 - 2016-04-26 17:33 - 000000000 ____D C:\Users\Koschei\AppData\Local\gtk-2.0
2017-08-05 08:57 - 2017-07-01 23:03 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-12-26 17:31 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-05 08:57 - 2016-09-25 09:34 - 000001435 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-05 08:57 - 2015-01-08 16:19 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-05 08:57 - 2015-01-08 16:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-05 08:57 - 2015-01-08 16:19 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2017-09-01 13:52 - 2017-09-01 13:52 - 000012953 _____ () C:\Users\Koschei\AppData\Local\recently-used.xbel
2016-02-23 16:39 - 2016-02-23 16:39 - 000000016 _____ () C:\ProgramData\mntemp
2016-12-26 17:31 - 2017-01-12 20:28 - 000055439 _____ () C:\ProgramData\NvTelemetryContainer.log
 
Some files in TEMP:
====================
2015-11-09 19:42 - 2015-11-09 19:42 - 002892128 _____ (AVG Technologies) C:\Users\Koschei\AppData\Local\Temp\avg-85de4f4a-59bb-413e-b30e-ca6952dcf14a.exe
2016-01-15 22:50 - 2015-12-08 08:23 - 000091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_081142836347.exe
2016-06-23 17:59 - 2016-05-18 13:03 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_082024700733.exe
2016-05-05 21:27 - 2016-02-18 13:09 - 000179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_082138465864.exe
2016-08-26 09:20 - 2016-07-20 14:01 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_08228711441.exe
2016-08-05 16:42 - 2016-06-21 18:49 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_08417757291.exe
2016-05-15 17:35 - 2016-04-14 17:29 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_08509619829.exe
2016-01-05 15:58 - 2015-11-12 17:54 - 000091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_0859081725.exe
2016-02-24 14:59 - 2016-01-12 17:23 - 000179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_08791094185.exe
2016-06-03 22:06 - 2016-04-22 10:01 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Koschei\AppData\Local\Temp\avguirn_08902350703.exe
2017-06-09 13:55 - 2017-06-09 13:55 - 000223744 _____ (Un4seen Developments) C:\Users\Koschei\AppData\Local\Temp\Bass.dll
2017-06-09 13:55 - 2017-06-09 13:55 - 000647168 _____ (radio42) C:\Users\Koschei\AppData\Local\Temp\Bass.Net.dll
2016-05-12 22:08 - 2000-04-06 07:00 - 000263168 ____N () C:\Users\Koschei\AppData\Local\Temp\binkw32.dll
2017-04-10 11:52 - 2017-04-10 11:52 - 000003072 _____ () C:\Users\Koschei\AppData\Local\Temp\CH.dll
2016-05-12 22:26 - 2016-05-16 13:17 - 000040448 _____ () C:\Users\Koschei\AppData\Local\Temp\CmdLineExt03.dll
2015-01-15 13:57 - 2015-01-15 13:57 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Koschei\AppData\Local\Temp\COMAP.EXE
2016-05-12 22:08 - 2001-05-09 19:19 - 000352256 ____N (Blizzard Entertainment) C:\Users\Koschei\AppData\Local\Temp\d2l_Install.exe
2017-09-03 10:48 - 2017-09-03 11:58 - 000037376 _____ () C:\Users\Koschei\AppData\Local\Temp\DCryBruteforcer.exe
2017-04-05 14:23 - 2017-04-05 14:23 - 000046596 _____ (Sony DADC Austria AG) C:\Users\Koschei\AppData\Local\Temp\drm_dialogs.dll
2017-04-10 08:01 - 2017-09-01 09:49 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Koschei\AppData\Local\Temp\drm_dyndata_7370008.dll
2016-07-23 18:43 - 2016-07-23 18:43 - 000741440 _____ (Oracle Corporation) C:\Users\Koschei\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-12-26 17:07 - 2016-12-26 17:07 - 000737856 _____ (Oracle Corporation) C:\Users\Koschei\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-07-26 16:47 - 2017-07-26 16:47 - 000740416 _____ (Oracle Corporation) C:\Users\Koschei\AppData\Local\Temp\jre-8u144-windows-au.exe
2015-08-28 16:35 - 2015-08-28 16:35 - 000585824 _____ (Oracle Corporation) C:\Users\Koschei\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-11-11 18:03 - 2015-11-11 18:03 - 000585824 _____ (Oracle Corporation) C:\Users\Koschei\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-02-09 17:15 - 2016-02-09 17:15 - 000736352 _____ (Oracle Corporation) C:\Users\Koschei\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-09-25 09:34 - 2016-11-17 08:45 - 001135552 _____ (NVIDIA Corporation) C:\Users\Koschei\AppData\Local\Temp\NvTelemetry.dll
2016-09-25 09:34 - 2017-01-05 20:10 - 000255032 _____ (NVIDIA Corporation) C:\Users\Koschei\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-09-25 09:34 - 2017-01-05 20:10 - 000335928 _____ (NVIDIA Corporation) C:\Users\Koschei\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-05-12 22:26 - 2017-04-05 14:05 - 000012305 ____T () C:\Users\Koschei\AppData\Local\Temp\SIntf16.dll
2016-05-12 22:26 - 2017-04-05 14:05 - 000020016 ____T () C:\Users\Koschei\AppData\Local\Temp\SIntf32.dll
2016-05-12 22:26 - 2017-04-05 14:05 - 000024744 ____T () C:\Users\Koschei\AppData\Local\Temp\SIntfNT.dll
2017-09-02 15:42 - 2017-09-02 15:42 - 001199825 _____ () C:\Users\Koschei\AppData\Local\Temp\unins000.exe
2001-12-19 11:45 - 2001-12-19 11:45 - 000023552 _____ () C:\Users\Koschei\AppData\Local\Temp\VCdControlTool.exe
2017-01-18 11:13 - 2017-01-18 11:13 - 014773216 _____ (Microsoft Corporation) C:\Users\Koschei\AppData\Local\Temp\vcredist_x64.exe
2016-01-27 18:05 - 2016-01-27 18:05 - 006503984 _____ (Microsoft Corporation) C:\Users\Koschei\AppData\Local\Temp\vcredist_x86.exe
2017-04-05 13:56 - 2006-09-17 21:11 - 000456280 ____R (Macrovision Corporation) C:\Users\Koschei\AppData\Local\Temp\_isB981.exe
2017-04-05 13:37 - 2006-09-17 21:11 - 000456280 _____ (Macrovision Corporation) C:\Users\Koschei\AppData\Local\Temp\_isBD3D.exe
2017-04-04 13:23 - 2006-09-17 21:11 - 000456280 ____R (Macrovision Corporation) C:\Users\Koschei\AppData\Local\Temp\_isC834.exe
2017-04-04 13:46 - 2006-09-17 21:11 - 000456280 _____ (Macrovision Corporation) C:\Users\Koschei\AppData\Local\Temp\_isF75C.exe
2017-04-04 13:55 - 2006-09-17 21:11 - 000456280 ____R (Macrovision Corporation) C:\Users\Koschei\AppData\Local\Temp\_isF86E.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-02 15:18
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 03 September 2017 - 01:12 PM

Hi twalls :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Do you have a USB Flash Drive? If so, how big is it?

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 01:19 PM

Good mornign Aura,

I appreciate your assistance the issue arose this morning, and has been quite frustrating.

 

I have a 4GB flash drive available immediately

I cannot run Malwarebytes as it gives the error "the system volume is inaccessible or encrypted. Scan can't continue." most download links have version 1.09.3.1001 which I have run, I have also run v1.09.4.1001.

neither version can run the scan. I did receive an error this morning that driver was not installed, and could not scan (I believe it was DDA driver, but I am unsure, I did not capture that error for reference.)

 

 

[edit]

as far as I am aware I don't have any pirated software (if during the course of our interaction you suspect there is any if you could point it out so I can remove it I would appreciate it)


Edited by twalls, 03 September 2017 - 01:26 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 03 September 2017 - 01:34 PM

I was expecting that error with MBAR, so we'll take the usual route. We'll need your USB Flash Drive soon, so you can keep it nearby. In the meantime, let's get your computer ready for the fix.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 01:39 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Koschei (03-09-2017 13:39:11) Run:4
Running from D:\Users\Koschei\Documents\ComboKey\Combofix Support
Loaded Profiles: Koschei &  (Available Profiles: Koschei)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\
CMD: dir C:\Windows\system32\drivers
*****************
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= dir C:\Windows\ =========
 
 Volume in drive C is Windows
 Volume Serial Number is 0CA9-AF53
 
 Directory of C:\Windows
 
09/03/2017  12:33 PM    <DIR>          .
09/03/2017  12:33 PM    <DIR>          ..
08/22/2013  10:36 AM    <DIR>          addins
08/22/2013  10:36 AM    <DIR>          ADFS
04/21/2015  10:40 PM    <DIR>          AppCompat
05/16/2017  07:39 PM    <DIR>          apppatch
01/04/2017  12:40 PM    <DIR>          AppReadiness
08/22/2013  06:21 AM            56,832 bfsvc.exe
08/22/2013  10:36 AM    <DIR>          Boot
08/22/2013  10:36 AM    <DIR>          Branding
04/25/2015  02:26 PM    <DIR>          Camera
07/10/2017  05:49 PM    <DIR>          CbsTemp
08/22/2013  01:51 AM            35,851 Core.xml
08/22/2013  10:36 AM    <DIR>          Cursors
01/17/2015  03:57 AM    <DIR>          debug
08/22/2013  10:36 AM    <DIR>          DesktopTileResources
08/22/2013  10:36 AM    <DIR>          diagnostics
08/22/2013  10:43 AM    <DIR>          DigitalLocker
05/16/2016  03:45 PM            38,374 DIIUnin.dat
05/12/2016  10:06 PM            94,208 DIIUnin.exe
05/12/2016  10:06 PM             2,829 DIIUnin.pif
07/26/2017  05:11 PM           101,826 DirectX.log
12/26/2016  04:36 PM            52,734 DPINST.LOG
04/25/2015  02:28 PM             4,167 DtcInstall.log
03/18/2014  05:32 AM    <DIR>          en-US
08/27/2016  02:44 PM         2,755,504 explorer.exe
04/25/2015  02:26 PM    <DIR>          FileManager
08/22/2013  10:36 AM    <DIR>          Globalization
01/08/2015  04:19 PM    <DIR>          Help
02/04/2017  01:14 PM         1,001,472 HelpPane.exe
10/28/2014  09:43 PM            17,408 hh.exe
04/25/2015  02:26 PM    <DIR>          IME
05/13/2015  03:30 PM    <DIR>          ImmersiveControlPanel
09/03/2017  12:31 PM    <DIR>          Inf
08/22/2013  10:36 AM    <DIR>          InputMethod
08/22/2013  10:36 AM    <DIR>          L2Schemas
08/05/2017  08:57 AM    <DIR>          LastGood.Tmp
01/20/2017  11:24 AM    <DIR>          LiveKernelReports
06/09/2017  09:15 AM    <DIR>          Logs
03/26/2013  01:43 PM             4,862 MBCfg_APOIM.ini
03/26/2013  01:43 PM             1,165 MBCfg_Capture_APOIM.ini
03/26/2013  01:43 PM             4,821 MBCfg_HP_APOIM.ini
03/26/2013  01:43 PM             4,914 MBCfg_SP_APOIM.ini
09/05/2014  07:06 PM            57,613 MBSpkrEQ.cfg
04/25/2015  02:26 PM    <DIR>          MediaViewer
09/03/2017  11:44 AM       573,223,511 MEMORY.DMP
08/22/2013  02:01 AM            43,131 mib.bin
09/02/2017  03:18 PM    <DIR>          Microsoft.NET
05/30/2015  01:12 AM    <DIR>          Migration
09/03/2017  11:44 AM    <DIR>          Minidump
08/22/2013  10:36 AM    <DIR>          ModemLogs
07/09/2015  12:13 PM           221,184 notepad.exe
09/03/2017  11:37 AM               552 ntbtlog.txt
07/26/2017  08:36 AM             1,951 NvContainerRecovery.bat
07/26/2017  08:40 AM             1,951 NvTelemetryContainerRecovery.bat
08/22/2013  10:36 AM    <DIR>          Offline Web Pages
08/03/2015  06:21 PM    <DIR>          Panther
08/22/2013  10:36 AM    <DIR>          Performance
09/03/2017  10:03 AM           116,958 PFRO.log
08/22/2013  10:36 AM    <DIR>          PLA
12/21/2015  06:08 PM    <DIR>          PolicyDefinitions
09/03/2017  01:39 PM    <DIR>          Prefetch
09/03/2017  10:40 AM    <DIR>          pss
10/28/2014  09:12 PM           154,624 regedit.exe
09/03/2017  02:43 PM    <DIR>          registration
07/14/2017  04:24 PM    <DIR>          rescache
08/22/2013  10:36 AM    <DIR>          Resources
05/18/2014  09:47 PM         2,080,472 RtlExUpd.dll
08/22/2013  10:36 AM    <DIR>          SchCache
08/22/2013  10:36 AM    <DIR>          schemas
08/22/2013  10:36 AM    <DIR>          security
08/22/2013  09:45 AM    <DIR>          ServiceProfiles
04/25/2015  02:26 PM    <DIR>          servicing
08/22/2013  09:45 AM    <DIR>          Setup
05/12/2016  10:20 PM           249,856 Setup1.exe
09/03/2017  12:25 PM           208,623 setupact.log
08/22/2013  09:46 AM                 0 setuperr.log
03/18/2014  04:45 AM    <DIR>          ShellNew
03/18/2014  04:45 AM    <DIR>          SKB
07/10/2017  05:44 PM    <DIR>          SoftwareDistribution
08/22/2013  10:36 AM    <DIR>          Speech
10/28/2014  09:19 PM           128,512 splwow64.exe
05/12/2016  10:20 PM            73,216 ST6UNST.EXE
08/22/2013  01:51 AM            35,891 Starter.xml
12/26/2016  04:36 PM             1,392 Synaptics.log
08/22/2013  10:36 AM    <DIR>          System
08/22/2013  08:25 AM               219 system.ini
09/03/2017  12:31 PM    <DIR>          System32
08/22/2013  10:36 AM    <DIR>          SystemResources
09/03/2017  02:44 PM    <DIR>          SysWOW64
08/22/2013  10:36 AM    <DIR>          TAPI
09/03/2017  02:44 PM    <DIR>          Tasks
09/03/2017  01:35 PM    <DIR>          Temp
05/16/2017  07:39 PM    <DIR>          ToastData
08/22/2013  10:36 AM    <DIR>          tracing
04/25/2015  02:26 PM    <DIR>          twain_32
10/28/2014  08:34 PM            54,272 twain_32.dll
05/11/2000  04:00 AM            90,112 Updreg.EXE
03/18/2014  05:36 AM             5,446 vmgcoinstall.log
08/22/2013  10:36 AM    <DIR>          vpnplugins
08/22/2013  10:36 AM    <DIR>          Vss
08/22/2013  10:36 AM    <DIR>          Web
08/22/2013  08:25 AM                92 win.ini
09/03/2017  12:26 PM         1,240,571 WindowsUpdate.log
10/28/2014  08:53 PM             9,728 winhlp32.exe
07/20/2015  01:00 AM    <DIR>          WinStore
07/15/2017  11:11 AM    <DIR>          WinSxS
06/18/2013  09:54 AM           316,640 WMSysPr9.prx
10/28/2014  09:34 PM            11,264 write.exe
              41 File(s)    582,504,748 bytes
              68 Dir(s)  38,580,486,144 bytes free
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C is Windows
 Volume Serial Number is 0CA9-AF53
 
 Directory of C:\Windows\system32\drivers
 
09/03/2017  12:25 PM    <DIR>          .
09/03/2017  12:25 PM    <DIR>          ..
08/22/2013  06:38 AM           231,424 1394ohci.sys
08/22/2013  07:43 AM           108,896 3ware.sys
10/07/2014  01:44 AM           533,824 acpi.sys
08/22/2013  07:49 AM            79,712 acpiex.sys
08/22/2013  06:38 AM            10,240 acpipagr.sys
08/22/2013  06:38 AM            12,288 acpipmi.sys
08/22/2013  06:38 AM            10,752 acpitime.sys
08/22/2013  07:43 AM           782,176 adp80xx.sys
10/13/2015  12:10 PM           559,616 afd.sys
07/07/2016  05:32 PM            95,744 agilevpn.sys
08/22/2013  07:43 AM            62,304 AGP440.sys
03/19/2015  08:56 PM            80,384 ahcache.sys
06/26/2013  02:38 PM            26,888 AirplaneModeHid.sys
08/22/2013  03:46 AM            95,744 amdk8.sys
08/22/2013  03:46 AM            98,816 amdppm.sys
08/22/2013  07:43 AM            79,200 amdsata.sys
08/22/2013  07:43 AM           259,424 amdsbs.sys
08/22/2013  07:43 AM            25,952 amdxata.sys
10/28/2014  09:46 PM            82,944 appid.sys
08/22/2013  07:43 AM           114,016 arcsas.sys
08/22/2013  06:38 AM            26,624 asyncmac.sys
08/22/2013  07:43 AM            26,464 atapi.sys
08/22/2013  07:43 AM           199,520 ataport.sys
09/02/2017  03:34 PM           166,624 avgbdiska.sys
09/02/2017  03:34 PM           314,128 avgbidsdrivera.sys
09/02/2017  03:34 PM           192,584 avgbidsha.sys
09/02/2017  03:34 PM           336,896 avgbloga.sys
09/02/2017  03:34 PM            51,336 avgbuniva.sys
09/02/2017  03:34 PM            39,424 avgHwid.sys
09/02/2017  03:34 PM           140,192 avgMonFlt.sys
07/21/2017  01:13 PM           139,112 avgmonflt.sys.150066080828101
09/02/2017  03:34 PM           102,792 avgRdr2.sys
09/02/2017  03:34 PM            76,832 avgRvrt.sys
09/02/2017  03:34 PM         1,008,800 avgSnx.sys
09/02/2017  03:34 PM           583,288 avgSP.sys
09/02/2017  03:34 PM           191,720 avgStm.sys
09/02/2017  03:34 PM           353,744 avgVmm.sys
07/04/2017  10:59 PM           353,232 avgvmm.sys.149922720667104
08/22/2013  06:39 AM            50,688 BasicDisplay.sys
03/18/2014  05:13 AM            33,280 BasicRender.sys
08/22/2013  07:49 AM            35,168 battc.sys
08/12/2013  06:25 PM            17,624 bcmfn2.sys
08/22/2013  06:40 AM             7,680 beep.sys
10/04/2016  03:39 PM           101,376 bowser.sys
10/28/2014  09:45 PM           115,712 bridge.sys
03/18/2014  05:13 AM            19,456 BtaMPM.sys
08/22/2013  06:38 AM            36,992 BthAvrcpTg.sys
10/28/2014  09:46 PM            53,248 bthenum.sys
03/08/2015  09:02 PM            57,856 bthhfenum.sys
08/22/2013  06:38 AM            30,720 BthhfHid.sys
03/18/2014  05:13 AM           226,304 BthLEEnum.sys
03/18/2014  05:13 AM            64,000 bthmodem.sys
07/24/2014  06:41 AM           118,272 bthpan.sys
05/11/2015  01:17 PM         1,201,664 bthport.sys
10/28/2014  09:46 PM            81,920 BTHUSB.SYS
08/22/2013  07:43 AM           531,296 bxvbda.sys
01/15/2014  01:11 PM           387,776 cbfs4.sys
08/22/2013  06:40 AM            88,576 cdfs.sys
08/22/2013  03:46 AM           164,352 cdrom.sys
08/22/2013  06:38 AM            44,032 circlass.sys
05/06/2016  04:59 PM           331,608 Classpnp.sys
11/16/2016  04:49 PM           377,176 clfs.sys
08/22/2013  06:39 AM            25,472 CmBatt.sys
10/10/2016  01:18 PM            22,360 cmimcext.sys
01/21/2017  04:37 PM           567,152 cng.sys
08/22/2013  06:38 AM            36,352 CompositeBus.sys
08/22/2013  08:25 AM            43,008 condrv.sys
08/22/2013  07:43 AM            68,960 crashdmp.sys
08/22/2013  07:50 AM            57,696 dam.sys
09/08/2016  09:00 AM           138,240 dfsc.sys
08/22/2013  07:39 AM           100,192 disk.sys
08/22/2013  07:43 AM            36,192 Diskdump.sys
08/22/2013  06:40 AM            13,312 Dmpusbstor.sys
08/22/2013  06:37 AM            29,696 dmvsc.sys
10/28/2014  09:47 PM            89,088 drmk.sys
10/28/2014  10:58 PM            14,528 drmkaud.sys
04/04/2017  01:09 PM            30,264 dtlitescsibus.sys
04/04/2017  01:09 PM            47,672 dtliteusbbus.sys
09/03/2017  12:25 PM           113,488 dumhloru.sys
08/22/2013  07:39 AM            33,632 Dumpata.sys
06/18/2016  03:06 PM            72,408 dumpfve.sys
03/12/2015  11:03 PM           154,432 dumpsd.sys
02/09/2017  08:31 PM         1,549,144 dxgkrnl.sys
10/28/2014  10:57 PM           389,952 dxgmms1.sys
08/22/2013  07:43 AM            82,784 EhStorClass.sys
08/22/2013  07:43 AM           114,016 EhStorTcgDrv.sys
05/16/2017  07:39 PM    <DIR>          en-US
08/22/2013  06:38 AM            10,240 errdev.sys
08/22/2013  10:36 AM    <DIR>          etc
08/22/2013  07:43 AM         3,357,024 evbda.sys
08/22/2013  06:40 AM           200,704 exfat.sys
08/22/2013  07:49 AM           217,952 fastfat.sys
08/22/2013  06:40 AM            30,720 fdc.sys
03/18/2014  05:13 AM            79,192 fileinfo.sys
08/22/2013  06:39 AM            34,816 filetrace.sys
08/22/2013  06:40 AM            25,088 flpydisk.sys
08/25/2014  10:30 PM           354,112 fltMgr.sys
08/08/2013  06:45 PM            83,688 FPWinIo.sys
10/15/2014  03:32 AM            61,248 fsdepends.sys
08/22/2013  08:25 AM            30,048 fs_rec.sys
06/18/2016  03:06 PM           590,688 fvevol.sys
06/11/2015  03:12 PM           428,888 FWPKCLNT.SYS
08/22/2013  03:46 AM            27,136 fxppm.sys
08/22/2013  07:43 AM            65,888 GAGP30KX.SYS
06/18/2013  09:41 AM         3,440,660 gm.dls
06/18/2013  09:41 AM               646 gmreadme.txt
07/24/2014  06:45 AM            76,800 hdaudbus.sys
08/22/2013  06:38 AM           395,776 HdAudio.sys
08/22/2013  06:39 AM            26,624 hidbatt.sys
01/29/2015  10:01 PM            97,792 hidbth.sys
05/13/2016  06:08 PM           111,616 hidclass.sys
08/22/2013  06:37 AM            41,472 hidi2c.sys
08/22/2013  06:39 AM            45,568 hidir.sys
05/13/2016  06:08 PM            32,512 hidparse.sys
05/13/2016  06:08 PM            32,768 hidusb.sys
10/29/2014  08:12 PM            41,160 HKKbdFltr.sys
10/29/2014  08:13 PM            40,136 HKMouFltr.sys
08/22/2013  07:43 AM            64,352 HpSAMD.sys
10/10/2016  06:31 PM           990,040 http.sys
08/22/2013  07:39 AM            24,416 hwpolicy.sys
08/22/2013  06:37 AM            13,824 hyperkbd.sys
08/22/2013  06:39 AM            22,016 HyperVideo.sys
11/04/2014  01:54 AM           108,544 i8042prt.sys
07/30/2013  01:47 PM            24,568 iaLPSSi_GPIO.sys
07/25/2013  02:05 PM            99,320 iaLPSSi_I2C.sys
10/09/2014  05:54 PM         1,398,936 iaStorA.sys
08/09/2013  07:39 PM           651,248 iaStorAV.sys
08/22/2013  07:43 AM           412,000 iaStorV.sys
08/13/2014  06:53 PM           219,592 ibtusb.sys
03/19/2015  09:01 PM         4,888,368 igdkmd64.sys
05/20/2014  01:15 PM           450,520 IntcDAud.sys
03/04/2015  04:08 PM            42,288 intelaud.sys
08/22/2013  07:43 AM            18,272 intelide.sys
09/03/2014  02:03 PM            16,344 IntelMEFWVer.dll
10/12/2014  09:43 PM            39,744 intelpep.sys
08/22/2013  03:46 AM            98,816 intelppm.sys
08/22/2013  06:35 AM            84,992 ipfltdrv.sys
07/24/2014  06:46 AM            79,872 IPMIDrv.sys
03/18/2014  05:13 AM           142,848 ipnat.sys
08/22/2013  06:37 AM           118,784 irda.sys
08/22/2013  06:38 AM            17,920 irenum.sys
08/22/2013  07:43 AM            21,856 isapnp.sys
03/04/2015  04:08 PM            30,512 iwdbus.sys
11/04/2014  02:25 PM            59,712 kbdclass.sys
11/04/2014  01:54 AM            32,256 kbdhid.sys
08/22/2013  06:38 AM            19,456 kdnic.sys
07/04/2014  07:59 AM           295,424 ks.sys
08/22/2016  11:06 AM           100,184 ksecdd.sys
05/18/2016  06:16 PM           178,016 ksecpkg.sys
08/22/2013  06:39 AM            21,248 ksthunk.sys
08/22/2013  06:36 AM            59,392 lltdio.sys
08/22/2013  07:43 AM           109,408 lsi_sas.sys
08/22/2013  07:43 AM            93,536 lsi_sas2.sys
08/22/2013  07:43 AM            81,760 lsi_sas3.sys
08/22/2013  07:43 AM            82,784 lsi_sss.sys
03/18/2014  05:13 AM           124,416 luafv.sys
09/03/2017  01:15 PM           109,272 mbamchameleon.sys
09/03/2017  01:16 PM           194,776 MBAMSwissArmy.sys
10/07/2015  01:39 PM            41,096 MBfilt64.sys
08/22/2013  06:39 AM            22,016 mcd.sys
08/22/2013  07:43 AM            56,672 megasas.sys
08/22/2013  07:43 AM           575,840 megasr.sys
08/22/2013  06:40 AM            40,960 modem.sys
08/22/2013  06:36 AM            30,208 monitor.sys
11/04/2014  02:25 PM            51,008 mouclass.sys
11/04/2014  01:54 AM            30,208 mouhid.sys
07/08/2016  05:35 PM           101,208 mountmgr.sys
10/28/2014  09:45 PM            74,240 mpsdrv.sys
09/08/2016  09:00 AM           140,800 mrxdav.sys
01/21/2017  02:20 PM           401,920 mrxsmb.sys
08/20/2016  08:01 PM           284,672 mrxsmb10.sys
01/21/2017  02:22 PM           201,728 mrxsmb20.sys
08/22/2013  08:25 AM            30,208 msfs.sys
06/18/2013  09:52 AM                 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf
06/18/2013  10:20 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
08/14/2014  07:36 PM           146,752 msgpioclx.sys
08/22/2013  07:43 AM            41,824 msgpiowin32.sys
08/22/2013  06:39 AM             8,192 mshidkmdf.sys
08/22/2013  06:39 AM             9,728 mshidumdf.sys
08/22/2013  07:43 AM            17,248 msisadrv.sys
09/09/2016  05:14 PM           275,800 msiscsi.sys
08/22/2013  06:39 AM            10,624 mskssrv.sys
10/28/2014  09:45 PM            66,560 mslldp.sys
08/22/2013  06:39 AM             7,040 mspclock.sys
08/22/2013  06:39 AM             6,784 mspqm.sys
08/22/2013  08:25 AM           366,432 msrpc.sys
08/22/2013  07:49 AM            37,728 mssmbios.sys
08/22/2013  06:38 AM             7,936 mstee.sys
08/22/2013  06:37 AM            13,312 MTConfig.sys
04/06/2016  04:21 PM           114,528 mup.sys
08/22/2013  07:43 AM            63,840 mvumis.sys
07/14/2015  04:59 PM         1,113,944 ndis.sys
10/28/2014  09:46 PM            43,008 ndiscap.sys
10/28/2014  09:45 PM           126,464 NdisImPlatform.sys
10/28/2014  09:47 PM            24,576 ndistapi.sys
08/22/2013  06:37 AM            60,416 ndisuio.sys
08/22/2013  06:36 AM            16,384 NdisVirtualBus.sys
04/05/2016  05:37 PM           205,824 ndiswan.sys
10/28/2014  09:46 PM            72,192 ndproxy.sys
10/28/2014  09:45 PM           103,424 Ndu.sys
10/28/2014  09:47 PM            48,128 netbios.sys
05/13/2016  06:07 PM           281,088 netbt.sys
09/10/2014  01:25 AM           474,432 netio.sys
10/28/2014  09:46 PM            87,040 netvsc63.sys
08/21/2014  12:31 PM         3,479,528 Netwbw02.sys
08/21/2014  12:29 PM         3,518,900 Netwfw02.dat
08/22/2013  08:25 AM            58,880 npfs.sys
08/22/2013  06:38 AM            23,040 npsvctrig.sys
10/28/2014  09:46 PM            39,424 nsiproxy.sys
10/15/2014  03:32 AM         2,025,792 ntfs.sys
08/22/2013  08:25 AM             5,632 null.sys
06/27/2017  05:38 PM        15,437,248 nvlddmkm.sys
08/22/2013  07:43 AM           150,368 nvraid.sys
08/22/2013  07:43 AM           168,288 nvstor.sys
07/26/2017  12:09 PM            48,064 nvvad64v.sys
01/20/2017  01:39 PM            57,792 nvvhci.sys
08/22/2013  07:43 AM           124,768 NV_AGP.SYS
10/28/2014  09:45 PM           445,440 nwifi.sys
10/28/2014  09:45 PM           151,040 pacer.sys
08/11/2016  01:33 PM            96,256 parport.sys
10/15/2014  03:32 AM            88,896 partmgr.sys
07/24/2014  10:28 AM           280,384 pci.sys
08/22/2013  07:43 AM            14,688 pciide.sys
08/22/2013  07:43 AM            48,992 pciidex.sys
08/22/2013  07:49 AM           114,528 pcmcia.sys
08/22/2013  07:39 AM            50,016 pcw.sys
10/12/2014  09:43 PM            86,336 pdc.sys
03/18/2014  05:13 AM           663,040 PEAuth.sys
10/28/2014  09:46 PM           272,384 portcls.sys
08/22/2013  03:46 AM            92,160 processr.sys
10/28/2014  09:47 PM            47,104 qwavedrv.sys
10/28/2014  09:48 PM            17,408 rasacd.sys
08/22/2013  06:35 AM           120,832 rasl2tp.sys
08/22/2013  06:36 AM            84,992 raspppoe.sys
08/22/2013  06:35 AM           107,520 raspptp.sys
10/28/2014  09:45 PM            93,696 rassstp.sys
04/06/2016  01:20 PM           402,432 rdbss.sys
08/22/2013  06:38 AM            22,528 rdpbus.sys
03/18/2014  04:45 AM           195,584 rdpdr.sys
10/28/2014  10:56 PM            27,456 rdpvideominiport.sys
03/18/2014  05:13 AM           249,688 rdyboost.sys
10/12/2016  04:11 PM           922,968 refs.sys
01/29/2015  10:00 PM           167,424 rfcomm.sys
11/05/2015  03:59 AM           145,408 rmcast.sys
08/22/2013  06:38 AM            32,256 RNDISMP.sys
10/28/2014  09:48 PM            11,776 rootmdm.sys
08/22/2013  06:36 AM            80,384 rspndr.sys
05/07/2014  03:26 PM           871,640 Rt630x64.sys
10/07/2015  11:24 AM         3,951,402 RTAIODAT.DAT
10/07/2015  01:41 PM         4,613,888 RTKVHD64.sys
05/07/2014  02:15 PM           502,488 RtsPer.sys
08/22/2013  07:39 AM           107,872 sbp2port.sys
10/28/2014  09:46 PM            40,960 scfilter.sys
08/22/2013  07:43 AM           170,848 scsiport.sys
03/12/2015  11:03 PM           239,424 sdbus.sys
03/18/2014  05:13 AM            79,192 sdstor.sys
08/22/2013  10:35 AM            23,040 secdrv.sys
08/22/2013  07:43 AM            69,472 SerCx.sys
03/18/2014  05:13 AM           146,776 SerCx2.sys
08/11/2016  01:33 PM            23,040 serenum.sys
08/11/2016  01:33 PM            83,456 serial.sys
11/04/2014  01:55 AM            26,112 sermouse.sys
08/22/2013  06:40 AM            17,408 sfloppy.sys
08/22/2013  07:43 AM            44,896 sisraid2.sys
08/22/2013  07:43 AM            81,760 sisraid4.sys
01/09/2014  12:14 PM            31,472 Smb_driver_Intel.sys
08/22/2013  06:40 AM            19,968 smclib.sys
09/03/2017  11:32 AM            10,682 SMR501.dat
09/03/2017  11:37 AM           111,288 SMR501.SYS
11/05/2016  03:46 PM           422,744 spaceport.sys
08/22/2013  07:43 AM            72,032 SpbCx.sys
02/11/2017  02:25 PM           417,792 srv.sys
11/09/2016  02:22 PM           681,472 srv2.sys
08/03/2016  01:05 PM           243,712 srvnet.sys
05/12/2017  01:48 PM            43,880 ssbthid.sys
06/01/2017  09:44 PM            46,408 ssdevfactory.sys
08/22/2013  07:43 AM            31,072 stexstor.sys
08/22/2013  07:43 AM           107,872 storahci.sys
06/11/2016  02:52 PM            57,184 stornvme.sys
10/12/2016  04:49 PM           379,224 storport.sys
08/22/2013  07:36 AM            45,888 storvsc.sys
08/22/2013  06:39 AM            67,584 stream.sys
10/28/2014  10:59 PM            14,144 swenum.sys
01/09/2014  12:14 PM           543,984 SynTP.sys
08/22/2013  06:39 AM            29,696 tape.sys
10/28/2014  11:13 PM            21,824 tbs.sys
09/20/2016  05:30 PM         2,462,040 tcpip.sys
03/06/2014  04:19 AM            49,152 tcpipreg.sys
08/22/2013  08:25 AM            30,208 tdi.sys
10/13/2015  12:10 PM           108,032 tdx.sys
09/03/2014  02:03 PM           126,976 TeeDriverx64.sys
03/18/2014  04:45 AM            37,216 terminpt.sys
09/08/2016  03:41 PM           121,176 tm.sys
08/22/2013  07:49 AM           159,584 tpm.sys
08/22/2013  06:37 AM            56,320 TsUsbFlt.sys
10/28/2014  09:46 PM            29,696 TsUsbGD.sys
08/22/2013  06:35 AM           154,112 tunnel.sys
08/22/2013  07:43 AM            64,864 UAGP35.SYS
08/22/2013  07:43 AM            74,080 uaspstor.sys
10/07/2014  01:54 AM           189,248 UCX01000.SYS
03/12/2015  09:02 PM           316,416 udfs.sys
08/22/2013  07:39 AM            26,976 uefi.sys
08/22/2013  07:43 AM            65,888 ULIAGPKX.SYS
08/22/2013  06:38 AM            46,080 umbus.sys
10/20/2016  02:56 PM    <DIR>          UMDF
08/22/2013  06:38 AM            11,776 umpass.sys
08/16/2016  04:18 AM           159,936 usb2ser.sys
04/24/2015  09:25 PM            20,992 usb8023.sys
08/22/2013  06:39 AM            32,512 USBCAMD2.sys
07/24/2014  10:28 AM           143,680 usbccgp.sys
10/28/2014  09:47 PM            98,304 usbcir.sys
05/31/2014  05:07 AM            27,480 usbd.sys
05/31/2014  05:07 AM            89,944 usbehci.sys
07/24/2014  10:28 AM           419,648 usbhub.sys
03/17/2015  12:26 PM           467,776 USBHUB3.SYS
08/22/2013  06:39 AM            30,208 usbohci.sys
05/31/2014  05:07 AM           440,664 usbport.sys
08/22/2013  06:36 AM            26,112 usbprint.sys
08/22/2013  06:39 AM            30,720 usbrpm.sys
10/28/2014  09:47 PM            44,544 usbscan.sys
01/31/2016  02:16 PM           148,832 USBSTOR.SYS
05/31/2014  01:30 AM            37,376 usbuhci.sys
06/21/2014  02:33 AM           212,736 usbvideo.sys
04/16/2015  01:17 AM           325,464 USBXHCI.SYS
08/22/2013  07:37 AM            37,728 vdrvroot.sys
03/18/2014  05:13 AM           175,960 VerifierExt.sys
10/09/2016  05:59 PM           551,256 vhdmp.sys
08/22/2013  07:43 AM            19,808 viaide.sys
08/22/2013  06:39 AM            49,152 videoprt.sys
10/28/2014  10:56 PM            89,368 vmbkmcl.sys
10/28/2014  10:56 PM            97,048 vmbus.sys
08/22/2013  06:37 AM            21,760 VMBusHID.sys
08/22/2013  06:38 AM            11,264 vmgencounter.sys
08/22/2013  06:38 AM             7,168 vms3cap.sys
10/28/2014  10:56 PM            49,944 vmstorfl.sys
04/11/2016  01:21 AM            74,584 volmgr.sys
08/22/2013  07:39 AM           377,696 volmgrx.sys
02/06/2016  05:41 PM           316,760 volsnap.sys
10/07/2014  01:44 AM            69,952 vpci.sys
01/15/2014  01:12 PM            18,624 vpnpbus.sys
08/22/2013  07:43 AM           168,800 vsmraid.sys
08/22/2013  07:43 AM           305,504 VSTXRAID.SYS
08/12/2016  07:03 PM            24,576 vwifibus.sys
08/12/2016  07:02 PM            71,680 vwififlt.sys
08/12/2016  07:01 PM            38,912 vwifimp.sys
08/22/2013  06:39 AM            26,752 wacompen.sys
10/28/2014  09:45 PM            80,896 wanarp.sys
03/18/2014  05:13 AM            54,272 watchdog.sys
07/07/2015  04:40 AM            44,560 WdBoot.sys
08/22/2013  08:25 AM           839,488 Wdf01000.sys
07/07/2015  04:40 AM           270,168 WdFilter.sys
08/22/2013  08:25 AM            60,224 WdfLdr.sys
07/07/2015  04:40 AM           114,520 WdNisDrv.sys
08/22/2013  07:39 AM            38,240 werkernel.sys
11/10/2014  01:06 PM           136,512 wfplwfs.sys
10/28/2014  11:09 PM            33,600 wimmount.sys
10/28/2014  10:56 PM            61,208 winhv.sys
08/22/2013  06:37 AM            78,848 winusb.sys
08/22/2013  06:40 AM            16,384 wmiacpi.sys
08/22/2013  08:25 AM            18,272 wmilib.sys
03/13/2014  07:35 AM           157,016 wof.sys
10/28/2014  10:57 PM            54,784 wpcfltr.sys
08/22/2013  07:36 AM            26,976 WpdUpFltr.sys
08/22/2013  08:25 AM            23,392 WppRecorder.sys
08/22/2013  06:40 AM            21,504 ws2ifsl.sys
08/22/2013  06:39 AM            20,992 WSDPrint.sys
10/28/2014  09:47 PM            23,040 WSDScan.sys
10/28/2014  09:46 PM           113,664 WUDFPf.sys
10/28/2014  09:46 PM           226,304 WUDFRd.sys
03/18/2014  03:18 AM            87,040 xusb22.sys
             367 File(s)    100,075,008 bytes
               5 Dir(s)  38,580,461,568 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 13:39:12 ====


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 03 September 2017 - 01:50 PM

There's something odd about your SmartService infection. Let's run a FRST scan from the RE, I'll be able to get more information that way.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 02:24 PM

I'm still attempting to get the proper boot setup.

I attempted to use boot to flash drive earlier this morning but was unable to get a boot to device option.

it returns to the login screen, 

I'm going through your instructions now to see if I missed anything.



#8 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 02:48 PM

I am still unable to get the advanced options startup screen.

as before it continues to simply boot to the login screen.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 03 September 2017 - 02:54 PM

In that case you'll need to create a Windows installation media, though I'm not sure a 4GB USB is big enough for it. You can give it a try.

https://www.eightforums.com/tutorials/18309-windows-8-windows-8-1-iso-download-create.html
https://www.eightforums.com/tutorials/2227-create-bootable-usb-dvd-windows-8-iso.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 03:27 PM

I need to get a bigger drive I'm heading to the store now



#11 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 03:58 PM

I receive "access denied" error when creating the disc.

my account is the only account,

I have tried "run as administrator" as well

 

[edit]

I did try both USB and ISO options, but my laptop does not have a built in CD-ROM, I have a USB plugin CD-ROM. 

both options gave the same error.


Edited by twalls, 03 September 2017 - 04:16 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 03 September 2017 - 04:22 PM

Access denied when launching the Media Creation Tool, or Access denied when selecting the USB Flash Drive option?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 04:38 PM

after the "Downloading installation File" screen.

I've attached the PSR if you can view it.

it proceeds normally then when calculating the estimated time, it gives the error screen "download did not complete successfully".

 

[edit]

would a "no GUI boot" from MSconfig allow me to run the tool frst tool?


Edited by twalls, 03 September 2017 - 04:41 PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 03 September 2017 - 05:08 PM

It wouldn't make any difference, no.

Do you have another computer nearby that you could use to create the installation media?

On a side note, if you pick the option to download the .iso and save it directly on your computer, does that works?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 twalls

twalls
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 03 September 2017 - 05:13 PM

the both options to create the USB or to download the ISO give the same result.

I'm working on getting my old PC back to running so I can try it from there.

 

[edit]

Downloading to the other computer will try it out once it's completed eta 20 minutes


Edited by twalls, 03 September 2017 - 05:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users