Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run malwarebytes / requested resource in use error


  • This topic is locked This topic is locked
23 replies to this topic

#1 xunchen88

xunchen88

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 26 September 2017 - 10:08 PM

https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error

 

Hi,

I am also having SmartService Trojan problem on my Surface pro 3. Probably picked that up a month ago, but did not pay too much attention to the problem until yesterday when I noticed the unwanted services were taking up 30% of the CPU constantly. I tried the above link, and only got to step 13, not able to run "eXplorer.exe".

 

I also followed the advice from another similar thread and ran FRST64 with log files attached.

 

Please help, thanks!

Xun

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 27 September 2017 - 11:53 AM

Hi xunchen88 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 September 2017 - 12:36 PM

Aura,

Thanks for your help. I am at work now and will get back to your with the log file tonight when I get home. I did run MBAR multiple times yesterday. It did pick up over 20 threats each time, but the cleanup was undone after reboot. I tried running MBAR under safe mode with network, but it did not work.

thanks

Xun



#4 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 September 2017 - 08:24 PM

Aura,

I ran MBAR twice. when I only checked the "drivers" under "scan targets", no malwares found.

When I included "sectors" and "system", five items were found.

 

The first log file:

 

Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org

Database version:
  main:    v2017.09.27.07
  rootkit: v2017.09.13.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18793
xun :: DUN9 [administrator]

9/27/2017 9:05:24 PM
mbar-log-2017-09-27 (21-05-24).txt

Scan type:
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 365
Time elapsed: 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

The second log file:

Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org

Database version:
  main:    v2017.09.27.07
  rootkit: v2017.09.13.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18793
xun :: DUN9 [administrator]

9/27/2017 9:06:29 PM
mbar-log-2017-09-27 (21-06-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 256628
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\msidntfs (Trojan.Clicker) -> Delete on reboot. [03609f1aa90052e4f59b81be17e9b947]

Registry Values Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\xun\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [9fc4d4e5961376c01624601d976943bd]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\xun\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [ff6417a22a7f2a0cb99f6ffeb9484ab6]
C:\Users\xun\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [ff6417a22a7f2a0cb99f6ffeb9484ab6]
C:\Users\xun\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [ff6417a22a7f2a0cb99f6ffeb9484ab6]

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 27 September 2017 - 08:30 PM

Now after that, are you able to install and run a scan with Malwarebytes?

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 September 2017 - 08:47 PM

Unfortunately, not able to run/install Malwarebytes or any other antimalware programs. The same message: Requested resource in use". All those came back after reboot.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 27 September 2017 - 08:49 PM

Alright. Do you have a USB Flash Drive?

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 September 2017 - 08:55 PM

Here it is:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by xun (27-09-2017 21:55:42) Run:1
Running from C:\Users\xun\Desktop
Loaded Profiles: xun (Available Profiles: xun)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\
CMD: dir C:\Windows\system32\drivers
*****************

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

========= dir C:\Windows\ =========

 Volume in drive C is Windows
 Volume Serial Number is E4AD-7FC4

 Directory of C:\Windows

09/26/2017  10:22 PM    <DIR>          .
09/26/2017  10:22 PM    <DIR>          ..
08/22/2013  11:36 AM    <DIR>          addins
08/22/2013  11:36 AM    <DIR>          ADFS
04/18/2015  10:45 PM    <DIR>          AppCompat
03/19/2017  11:07 PM    <DIR>          apppatch
09/22/2017  11:03 PM    <DIR>          AppReadiness
10/27/2014  10:02 PM    <DIR>          assembly
08/22/2013  07:21 AM            56,832 bfsvc.exe
08/22/2013  11:36 AM    <DIR>          Boot
08/22/2013  11:36 AM    <DIR>          Branding
03/25/2015  09:39 PM    <DIR>          Camera
09/15/2017  01:42 AM    <DIR>          CbsTemp
03/10/2016  12:23 AM             6,553 comsetup.log
10/25/2014  07:24 PM    <DIR>          CSC
08/22/2013  11:36 AM    <DIR>          Cursors
10/28/2014  10:12 PM    <DIR>          debug
08/22/2013  11:36 AM    <DIR>          DesktopTileResources
03/10/2016  12:23 AM             9,528 diagerr.xml
08/22/2013  11:36 AM    <DIR>          diagnostics
03/10/2016  12:23 AM             9,528 diagwrn.xml
08/22/2013  11:43 AM    <DIR>          DigitalLocker
03/10/2016  12:05 AM             3,935 DtcInstall.log
11/01/2014  03:25 PM    <DIR>          en-US
08/27/2016  03:44 PM         2,755,504 explorer.exe
03/25/2015  09:39 PM    <DIR>          FileManager
06/07/2017  05:10 PM    <DIR>          Firmware
09/07/2001  03:48 PM            26,624 GetIe.dll
08/22/2013  11:36 AM    <DIR>          Globalization
10/30/2014  10:00 AM    <DIR>          Help
06/02/2017  08:06 AM         1,001,984 HelpPane.exe
10/28/2014  10:43 PM            17,408 hh.exe
10/25/2014  08:49 PM                44 ib.ini
03/25/2015  09:39 PM    <DIR>          IME
05/14/2015  10:26 PM    <DIR>          ImmersiveControlPanel
09/27/2017  09:34 PM    <DIR>          Inf
08/22/2013  11:36 AM    <DIR>          InputMethod
08/22/2013  11:36 AM    <DIR>          L2Schemas
12/10/2016  10:48 AM    <DIR>          LiveKernelReports
10/14/2016  02:34 AM    <DIR>          Logs
05/05/2015  09:28 PM    <DIR>          Macro Scheduler Pro
05/05/2015  09:28 PM            16,167 Macro Scheduler Pro Setup Log.txt
09/04/2017  02:49 PM            23,696 Macro Scheduler Trial Setup Log.txt
03/10/2016  11:07 AM    <DIR>          MediaViewer
08/22/2013  03:01 AM            43,131 mib.bin
09/16/2017  12:27 AM    <DIR>          Microsoft.NET
06/14/2015  10:16 PM    <DIR>          Migration
01/04/2015  08:23 AM    <DIR>          Minidump
08/22/2013  11:36 AM    <DIR>          ModemLogs
07/09/2015  01:13 PM           221,184 notepad.exe
08/22/2013  11:36 AM    <DIR>          Offline Web Pages
03/11/2016  07:07 AM    <DIR>          Panther
10/27/2014  10:01 PM    <DIR>          PCHEALTH
05/07/2014  12:33 PM    <DIR>          Performance
09/27/2017  09:29 PM            72,750 PFRO.log
08/22/2013  11:36 AM    <DIR>          PLA
05/11/2017  10:11 PM    <DIR>          PolicyDefinitions
09/27/2017  09:38 PM    <DIR>          Prefetch
08/22/2013  02:51 AM            36,235 Professional.xml
09/26/2017  09:12 PM    <DIR>          pss
10/28/2014  10:12 PM           154,624 regedit.exe
03/10/2016  12:23 AM    <DIR>          Registration
02/18/2016  01:10 AM    <DIR>          rescache
08/22/2013  11:36 AM    <DIR>          Resources
08/22/2013  11:36 AM    <DIR>          SchCache
08/22/2013  11:36 AM    <DIR>          schemas
08/22/2013  03:11 PM    <DIR>          security
08/22/2013  10:45 AM    <DIR>          ServiceProfiles
03/25/2015  09:39 PM    <DIR>          servicing
08/22/2013  10:45 AM    <DIR>          Setup
09/27/2017  09:30 PM            11,252 setupact.log
08/05/2017  01:07 PM                 0 setuperr.log
09/19/2016  03:06 AM    <DIR>          ShellNew
08/22/2013  03:11 PM    <DIR>          SKB
07/03/2017  08:02 PM    <DIR>          SoftwareDistribution
08/22/2013  11:36 AM    <DIR>          Speech
10/28/2014  10:19 PM           128,512 splwow64.exe
08/22/2013  02:51 AM            35,891 Starter.xml
08/22/2013  11:36 AM    <DIR>          System
08/22/2013  09:25 AM               219 system.ini
09/27/2017  09:34 PM    <DIR>          System32
08/22/2013  11:36 AM    <DIR>          SystemResources
09/15/2017  06:25 AM    <DIR>          SysWOW64
08/22/2013  11:36 AM    <DIR>          TAPI
08/05/2017  02:36 PM    <DIR>          Tasks
09/27/2017  09:32 PM    <DIR>          Temp
09/15/2017  06:25 AM    <DIR>          ToastData
08/22/2013  11:36 AM    <DIR>          tracing
03/25/2015  09:39 PM    <DIR>          twain_32
10/28/2014  09:34 PM            54,272 twain_32.dll
08/03/2017  11:37 AM            51,623 uninstaller.dat
08/22/2013  10:47 AM             2,723 vmgcoinstall.log
08/22/2013  11:36 AM    <DIR>          vpnplugins
08/22/2013  11:36 AM    <DIR>          Vss
05/07/2014  12:33 PM    <DIR>          Web
10/27/2014  10:00 PM               167 win.ini
09/27/2017  09:48 PM         1,935,325 WindowsUpdate.log
10/28/2014  09:53 PM             9,728 winhlp32.exe
07/20/2015  09:02 PM    <DIR>          WinStore
09/15/2017  11:19 PM    <DIR>          WinSxS
06/18/2013  10:54 AM           316,640 WMSysPr9.prx
10/28/2014  10:34 PM            11,264 write.exe
              30 File(s)      7,013,343 bytes
              72 Dir(s)  67,845,971,968 bytes free

========= End of CMD: =========

========= dir C:\Windows\system32\drivers =========

 Volume in drive C is Windows
 Volume Serial Number is E4AD-7FC4

 Directory of C:\Windows\system32\drivers

09/26/2017  06:57 AM    <DIR>          .
09/26/2017  06:57 AM    <DIR>          ..
08/22/2013  07:38 AM           231,424 1394ohci.sys
08/13/2014  09:38 PM                 0 1414_Microsoft_Surface_Surface Pro 3_image10.mrk
08/22/2013  08:43 AM           108,896 3ware.sys
09/27/2017  09:06 PM           253,888 54626337.sys
10/07/2014  02:44 AM           533,824 acpi.sys
08/22/2013  08:49 AM            79,712 acpiex.sys
08/22/2013  07:38 AM            10,240 acpipagr.sys
08/22/2013  07:38 AM            12,288 acpipmi.sys
08/22/2013  07:38 AM            10,752 acpitime.sys
08/22/2013  08:43 AM           782,176 adp80xx.sys
10/13/2015  01:10 PM           559,616 afd.sys
07/07/2016  06:32 PM            95,744 agilevpn.sys
08/22/2013  08:43 AM            62,304 AGP440.sys
03/19/2015  09:56 PM            80,384 ahcache.sys
08/22/2013  04:46 AM            95,744 amdk8.sys
08/22/2013  04:46 AM            98,816 amdppm.sys
08/22/2013  08:43 AM            79,200 amdsata.sys
08/22/2013  08:43 AM           259,424 amdsbs.sys
08/22/2013  08:43 AM            25,952 amdxata.sys
10/28/2014  10:46 PM            82,944 appid.sys
08/22/2013  08:43 AM           114,016 arcsas.sys
08/22/2013  07:38 AM            26,624 asyncmac.sys
08/22/2013  08:43 AM            26,464 atapi.sys
08/22/2013  08:43 AM           199,520 ataport.sys
07/18/2013  11:53 AM           113,864 ax88772.sys
08/22/2013  07:39 AM            50,688 BasicDisplay.sys
03/12/2017  11:04 AM            33,792 BasicRender.sys
08/22/2013  08:49 AM            35,168 battc.sys
08/12/2013  07:25 PM            17,624 bcmfn2.sys
08/22/2013  07:40 AM             7,680 beep.sys
10/04/2016  04:39 PM           101,376 bowser.sys
10/28/2014  10:45 PM           115,712 bridge.sys
08/13/2014  08:43 PM            19,456 BtaMPM.sys
08/22/2013  07:38 AM            36,992 BthAvrcpTg.sys
10/28/2014  10:46 PM            53,248 bthenum.sys
03/08/2015  10:02 PM            57,856 bthhfenum.sys
08/22/2013  07:38 AM            30,720 BthhfHid.sys
08/13/2014  08:43 PM           226,304 BthLEEnum.sys
08/13/2014  08:43 PM            64,000 bthmodem.sys
07/06/2017  04:52 AM           119,296 bthpan.sys
05/11/2015  02:17 PM         1,201,664 bthport.sys
10/28/2014  10:46 PM            81,920 BTHUSB.SYS
08/22/2013  08:43 AM           531,296 bxvbda.sys
08/22/2013  07:40 AM            88,576 cdfs.sys
08/22/2013  04:46 AM           164,352 cdrom.sys
08/22/2013  07:38 AM            44,032 circlass.sys
05/06/2016  05:59 PM           331,608 Classpnp.sys
07/08/2017  04:14 PM           376,672 clfs.sys
08/22/2013  07:39 AM            25,472 CmBatt.sys
10/10/2016  02:18 PM            22,360 cmimcext.sys
01/21/2017  05:37 PM           567,152 cng.sys
08/22/2013  07:38 AM            36,352 CompositeBus.sys
08/22/2013  09:25 AM            43,008 condrv.sys
08/22/2013  08:43 AM            68,960 crashdmp.sys
01/21/2017  03:22 PM           559,104 csc.sys
08/22/2013  08:50 AM            57,696 dam.sys
01/10/2017  06:37 PM           138,752 dfsc.sys
07/07/2017  11:14 PM           100,184 disk.sys
08/22/2013  08:43 AM            36,192 Diskdump.sys
08/22/2013  07:40 AM            13,312 Dmpusbstor.sys
08/22/2013  07:37 AM            29,696 dmvsc.sys
10/28/2014  10:47 PM            89,088 drmk.sys
10/28/2014  11:58 PM            14,528 drmkaud.sys
08/22/2013  08:39 AM            33,632 Dumpata.sys
06/18/2016  04:06 PM            72,408 dumpfve.sys
03/13/2015  12:03 AM           154,432 dumpsd.sys
04/09/2017  06:00 PM         1,548,640 dxgkrnl.sys
04/09/2017  06:00 PM           388,448 dxgmms1.sys
08/22/2013  08:43 AM            82,784 EhStorClass.sys
08/22/2013  08:43 AM           114,016 EhStorTcgDrv.sys
07/18/2017  09:27 PM    <DIR>          en-US
08/22/2013  07:38 AM            10,240 errdev.sys
03/10/2016  11:07 AM    <DIR>          etc
08/22/2013  08:43 AM         3,357,024 evbda.sys
08/22/2013  07:40 AM           200,704 exfat.sys
08/22/2013  08:49 AM           217,952 fastfat.sys
08/22/2013  07:40 AM            30,720 fdc.sys
08/13/2014  08:43 PM            79,192 fileinfo.sys
08/22/2013  07:39 AM            34,816 filetrace.sys
08/22/2013  07:40 AM            25,088 flpydisk.sys
08/25/2014  11:30 PM           354,112 fltMgr.sys
10/15/2014  04:32 AM            61,248 fsdepends.sys
08/22/2013  09:25 AM            30,048 fs_rec.sys
06/18/2016  04:06 PM           590,688 fvevol.sys
06/07/2017  12:25 AM           428,888 FWPKCLNT.SYS
08/22/2013  04:46 AM            27,136 fxppm.sys
08/22/2013  08:43 AM            65,888 GAGP30KX.SYS
06/18/2013  10:41 AM         3,440,660 gm.dls
06/18/2013  10:41 AM               646 gmreadme.txt
08/25/2016  02:04 PM            72,264 hcmon.sys
07/24/2014  07:45 AM            76,800 hdaudbus.sys
08/22/2013  07:39 AM            26,624 hidbatt.sys
01/29/2015  11:01 PM            97,792 hidbth.sys
05/13/2016  07:08 PM           111,616 hidclass.sys
08/22/2013  07:37 AM            41,472 hidi2c.sys
08/22/2013  07:39 AM            45,568 hidir.sys
05/13/2016  07:08 PM            32,512 hidparse.sys
05/13/2016  07:08 PM            32,768 hidusb.sys
08/22/2013  08:43 AM            64,352 HpSAMD.sys
06/15/2017  06:02 PM           990,040 http.sys
08/22/2013  08:39 AM            24,416 hwpolicy.sys
08/22/2013  07:37 AM            13,824 hyperkbd.sys
08/22/2013  07:39 AM            22,016 HyperVideo.sys
11/04/2014  02:54 AM           108,544 i8042prt.sys
07/30/2013  02:47 PM            24,568 iaLPSSi_GPIO.sys
07/25/2013  03:05 PM            99,320 iaLPSSi_I2C.sys
07/16/2014  10:57 AM            24,568 iaLPSS_GPIO.sys
07/16/2014  10:57 AM            99,320 iaLPSS_I2C.sys
08/09/2013  08:39 PM           651,248 iaStorAV.sys
08/22/2013  08:43 AM           412,000 iaStorV.sys
03/31/2015  08:27 PM         4,888,368 igdkmd64.sys
03/04/2015  11:16 PM           460,048 IntcDAud.sys
03/04/2015  05:08 PM            42,288 intelaud.sys
08/22/2013  08:43 AM            18,272 intelide.sys
10/12/2014  10:43 PM            39,744 intelpep.sys
08/22/2013  04:46 AM            98,816 intelppm.sys
08/22/2013  07:35 AM            84,992 ipfltdrv.sys
02/03/2016  11:14 AM            80,896 IPMIDrv.sys
08/13/2014  08:43 PM           142,848 ipnat.sys
08/22/2013  07:37 AM           118,784 irda.sys
08/22/2013  07:38 AM            17,920 irenum.sys
08/22/2013  08:43 AM            21,856 isapnp.sys
03/04/2015  05:08 PM            30,512 iwdbus.sys
11/04/2014  03:25 PM            59,712 kbdclass.sys
11/04/2014  02:54 AM            32,256 kbdhid.sys
08/22/2013  03:11 PM            22,272 kbldfltr.sys
08/22/2013  07:38 AM            19,456 kdnic.sys
07/04/2014  08:59 AM           295,424 ks.sys
08/22/2016  12:06 PM           100,184 ksecdd.sys
05/18/2016  07:16 PM           178,016 ksecpkg.sys
08/22/2013  07:39 AM            21,248 ksthunk.sys
08/22/2013  07:36 AM            59,392 lltdio.sys
08/22/2013  08:43 AM           109,408 lsi_sas.sys
08/22/2013  08:43 AM            93,536 lsi_sas2.sys
08/22/2013  08:43 AM            81,760 lsi_sas3.sys
08/22/2013  08:43 AM            82,784 lsi_sss.sys
08/13/2014  08:43 PM           124,416 luafv.sys
08/22/2013  07:39 AM            22,016 mcd.sys
08/22/2013  08:43 AM            56,672 megasas.sys
08/22/2013  08:43 AM           575,840 megasr.sys
08/22/2013  07:40 AM            40,960 modem.sys
08/22/2013  07:36 AM            30,208 monitor.sys
11/04/2014  03:25 PM            51,008 mouclass.sys
11/04/2014  02:54 AM            30,208 mouhid.sys
05/10/2017  02:19 PM           101,720 mountmgr.sys
10/28/2014  10:45 PM            74,240 mpsdrv.sys
02/18/2015  05:31 PM           393,220 MrvlDebugStore.bin
12/10/2016  10:47 AM            32,768 mrvldtcm.bin
02/26/2016  04:46 PM           360,448 mrvliram.bin
12/10/2016  10:47 AM            65,536 mrvlitcm.bin
12/10/2016  10:47 AM            32,772 MrvlLogEntry.bin
11/24/2015  12:36 AM         1,016,328 mrvlpcie8897.sys
12/10/2016  10:47 AM           655,360 mrvlsqram.bin
09/08/2016  10:00 AM           140,800 mrxdav.sys
02/01/2017  03:42 PM           401,408 mrxsmb.sys
02/10/2017  03:06 PM           285,184 mrxsmb10.sys
02/01/2017  03:44 PM           201,728 mrxsmb20.sys
08/22/2013  09:25 AM            30,208 msfs.sys
06/18/2013  10:52 AM                 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf
06/18/2013  11:20 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
08/14/2014  08:36 PM           146,752 msgpioclx.sys
08/22/2013  08:43 AM            41,824 msgpiowin32.sys
08/22/2013  07:39 AM             8,192 mshidkmdf.sys
08/22/2013  07:39 AM             9,728 mshidumdf.sys
08/22/2013  08:43 AM            17,248 msisadrv.sys
06/11/2017  08:14 PM           276,320 msiscsi.sys
08/22/2013  07:39 AM            10,624 mskssrv.sys
10/28/2014  10:45 PM            66,560 mslldp.sys
08/22/2013  07:39 AM             7,040 mspclock.sys
08/22/2013  07:39 AM             6,784 mspqm.sys
08/22/2013  09:25 AM           366,432 msrpc.sys
08/22/2013  08:49 AM            37,728 mssmbios.sys
08/22/2013  07:38 AM             7,936 mstee.sys
08/22/2013  07:37 AM            13,312 MTConfig.sys
04/06/2016  05:21 PM           114,528 mup.sys
08/22/2013  08:43 AM            63,840 mvumis.sys
01/18/2017  10:18 PM         1,113,944 ndis.sys
10/28/2014  10:46 PM            43,008 ndiscap.sys
10/28/2014  10:45 PM           126,464 NdisImPlatform.sys
10/28/2014  10:47 PM            24,576 ndistapi.sys
08/22/2013  07:37 AM            60,416 ndisuio.sys
08/22/2013  07:36 AM            16,384 NdisVirtualBus.sys
04/05/2016  06:37 PM           205,824 ndiswan.sys
07/28/2013  01:24 PM           104,736 ndizblil.sys
10/28/2014  10:46 PM            72,192 ndproxy.sys
10/28/2014  10:45 PM           103,424 Ndu.sys
10/28/2014  10:47 PM            48,128 netbios.sys
08/10/2017  11:27 PM           281,600 netbt.sys
05/31/2017  05:20 PM           470,360 netio.sys
10/28/2014  10:46 PM            87,040 netvsc63.sys
08/22/2013  09:25 AM            58,880 npfs.sys
08/22/2013  07:38 AM            23,040 npsvctrig.sys
08/13/2017  01:19 PM            40,960 nsiproxy.sys
07/13/2017  07:03 PM         2,013,528 ntfs.sys
08/22/2013  09:25 AM             5,632 null.sys
08/22/2013  08:43 AM           150,368 nvraid.sys
08/22/2013  08:43 AM           168,288 nvstor.sys
08/22/2013  08:43 AM           124,768 NV_AGP.SYS
06/13/2017  05:47 AM           445,440 nwifi.sys
10/28/2014  10:45 PM           151,040 pacer.sys
08/11/2016  02:33 PM            96,256 parport.sys
10/15/2014  04:32 AM            88,896 partmgr.sys
07/24/2014  11:28 AM           280,384 pci.sys
08/22/2013  08:43 AM            14,688 pciide.sys
08/22/2013  08:43 AM            48,992 pciidex.sys
08/22/2013  08:49 AM           114,528 pcmcia.sys
08/22/2013  08:39 AM            50,016 pcw.sys
07/07/2017  11:16 PM            86,360 pdc.sys
08/13/2014  08:43 PM           663,040 PEAuth.sys
10/28/2014  10:46 PM           272,384 portcls.sys
08/22/2013  04:46 AM            92,160 processr.sys
10/28/2014  10:47 PM            47,104 qwavedrv.sys
10/28/2014  10:48 PM            17,408 rasacd.sys
02/02/2016  02:16 PM           112,640 rasl2tp.sys
08/22/2013  07:36 AM            84,992 raspppoe.sys
08/22/2013  07:35 AM           107,520 raspptp.sys
10/28/2014  10:45 PM            93,696 rassstp.sys
04/06/2016  02:20 PM           402,432 rdbss.sys
08/22/2013  07:38 AM            22,528 rdpbus.sys
08/22/2013  03:11 PM           195,584 rdpdr.sys
10/28/2014  11:56 PM            27,456 rdpvideominiport.sys
08/13/2014  08:43 PM           249,688 rdyboost.sys
10/12/2016  05:11 PM           922,968 refs.sys
01/29/2015  11:00 PM           167,424 rfcomm.sys
11/05/2015  04:59 AM           145,408 rmcast.sys
08/22/2013  07:38 AM            32,256 RNDISMP.sys
10/28/2014  10:48 PM            11,776 rootmdm.sys
08/22/2013  07:36 AM            80,384 rspndr.sys
10/29/2015  03:00 AM         4,642,048 RTKVHD64.sys
10/29/2015  02:53 AM                98 RTMICAR.DAT
07/16/2014  10:57 AM           263,896 RtsUStor.sys
08/22/2013  08:39 AM           107,872 sbp2port.sys
12/24/2016  09:21 PM            40,960 scfilter.sys
08/22/2013  08:43 AM           170,848 scsiport.sys
03/13/2015  12:03 AM           239,424 sdbus.sys
08/13/2014  08:43 PM            79,192 sdstor.sys
08/22/2013  11:35 AM            23,040 secdrv.sys
08/22/2013  08:43 AM            69,472 SerCx.sys
08/13/2014  08:43 PM           146,776 SerCx2.sys
08/11/2016  02:33 PM            23,040 serenum.sys
08/11/2016  02:33 PM            83,456 serial.sys
11/04/2014  02:55 AM            26,112 sermouse.sys
08/22/2013  07:40 AM            17,408 sfloppy.sys
08/22/2013  08:43 AM            44,896 sisraid2.sys
08/22/2013  08:43 AM            81,760 sisraid4.sys
08/22/2013  07:40 AM            19,968 smclib.sys
01/11/2017  01:28 PM           422,744 spaceport.sys
08/22/2013  08:43 AM            72,032 SpbCx.sys
05/02/2017  04:08 PM           415,744 srv.sys
05/02/2017  04:09 PM           686,592 srv2.sys
08/10/2017  11:27 PM           243,200 srvnet.sys
01/22/2014  09:52 AM           108,800 ssudbus.sys
01/22/2014  09:52 AM           206,080 ssudmdm.sys
08/22/2013  08:43 AM            31,072 stexstor.sys
08/22/2013  08:43 AM           107,872 storahci.sys
05/15/2017  06:09 PM            57,688 stornvme.sys
05/15/2017  04:03 PM           379,744 storport.sys
08/22/2013  08:36 AM            45,888 storvsc.sys
01/12/2017  11:03 AM            66,560 storvsp.sys
08/22/2013  07:39 AM            67,584 stream.sys
07/16/2014  10:57 AM            51,856 SurfaceAccessoryDevice.sys
11/27/2014  02:00 AM            44,152 SurfaceCapacitiveHomeButton.sys
07/16/2014  10:57 AM            41,616 SurfaceDisplayCalibration.sys
12/09/2014  09:23 AM            49,776 SurfaceIntegrationDriver.sys
10/08/2014  03:10 PM            35,440 SurfacePciController.sys
03/31/2015  09:07 PM            76,424 SurfacePenDriver.sys
07/16/2014  10:57 AM            35,976 SurfaceTouchCover.sys
07/16/2014  10:57 AM            35,984 SurfaceTypeCover.sys
02/01/2016  11:31 PM            41,208 SurfaceTypeCoverV3Integration.sys
10/28/2014  11:59 PM            14,144 swenum.sys
08/22/2013  07:39 AM            29,696 tape.sys
10/29/2014  12:13 AM            21,824 tbs.sys
06/07/2017  09:48 PM         2,457,936 tcpip.sys
08/13/2014  08:53 PM            49,152 tcpipreg.sys
08/22/2013  09:25 AM            30,208 tdi.sys
08/01/2017  11:17 PM           107,520 tdx.sys
07/16/2014  10:57 AM           100,312 TeeDriverx64.sys
08/22/2013  03:11 PM            37,216 terminpt.sys
05/15/2017  03:58 PM           121,184 tm.sys
09/29/2015  08:24 AM           155,480 tpm.sys
07/07/2014  05:21 PM            35,952 TrueColor.sys
08/22/2013  07:37 AM            56,320 TsUsbFlt.sys
10/28/2014  10:46 PM            29,696 TsUsbGD.sys
09/04/2015  03:24 PM           154,112 tunnel.sys
08/22/2013  08:43 AM            64,864 UAGP35.SYS
08/22/2013  08:43 AM            74,080 uaspstor.sys
10/07/2014  02:54 AM           189,248 UCX01000.SYS
03/12/2015  10:02 PM           316,416 udfs.sys
08/22/2013  08:39 AM            26,976 uefi.sys
08/22/2013  08:43 AM            65,888 ULIAGPKX.SYS
08/22/2013  07:38 AM            46,080 umbus.sys
03/10/2016  11:07 AM    <DIR>          UMDF
08/22/2013  07:38 AM            11,776 umpass.sys
04/24/2015  10:25 PM            20,992 usb8023.sys
08/22/2013  07:39 AM            32,512 USBCAMD2.sys
07/24/2014  11:28 AM           143,680 usbccgp.sys
10/28/2014  10:47 PM            98,304 usbcir.sys
10/11/2015  02:34 AM            27,992 usbd.sys
01/08/2016  09:38 PM            91,992 usbehci.sys
10/11/2015  02:34 AM           462,168 usbhub.sys
10/11/2015  02:34 AM           468,824 USBHUB3.SYS
10/10/2015  02:41 PM            30,208 usbohci.sys
10/11/2015  02:34 AM           443,224 usbport.sys
08/22/2013  07:36 AM            26,112 usbprint.sys
08/22/2013  07:39 AM            30,720 usbrpm.sys
01/31/2016  03:16 PM           148,832 USBSTOR.SYS
10/10/2015  02:41 PM            37,376 usbuhci.sys
06/21/2014  03:33 AM           212,736 usbvideo.sys
04/16/2015  02:17 AM           325,464 USBXHCI.SYS
08/22/2013  08:37 AM            37,728 vdrvroot.sys
08/13/2014  08:43 PM           175,960 VerifierExt.sys
10/09/2016  06:59 PM           551,256 vhdmp.sys
08/22/2013  08:43 AM            19,808 viaide.sys
07/08/2017  03:10 PM           220,160 Vid.sys
08/22/2013  07:39 AM            49,152 videoprt.sys
10/28/2014  11:56 PM            89,368 vmbkmcl.sys
04/09/2017  04:39 PM            77,312 vmbkmclr.sys
10/28/2014  11:56 PM            97,048 vmbus.sys
08/22/2013  07:37 AM            21,760 VMBusHID.sys
04/09/2017  04:37 PM           129,536 vmbusr.sys
08/22/2013  07:38 AM            11,264 vmgencounter.sys
08/22/2013  07:38 AM             7,168 vms3cap.sys
10/28/2014  11:56 PM            49,944 vmstorfl.sys
04/11/2016  02:21 AM            74,584 volmgr.sys
07/07/2017  11:46 PM           377,688 volmgrx.sys
03/14/2016  12:50 PM           316,760 volsnap.sys
01/26/2016  03:15 PM            72,024 vpci.sys
08/10/2017  11:27 PM            65,536 vpcivsp.sys
08/22/2013  08:43 AM           168,800 vsmraid.sys
08/22/2013  08:43 AM           305,504 VSTXRAID.SYS
08/12/2016  08:03 PM            24,576 vwifibus.sys
08/12/2016  08:02 PM            71,680 vwififlt.sys
08/12/2016  08:01 PM            38,912 vwifimp.sys
08/22/2013  07:39 AM            26,752 wacompen.sys
10/28/2014  10:45 PM            80,896 wanarp.sys
08/13/2014  08:43 PM            54,272 watchdog.sys
02/10/2017  10:37 AM            46,600 WdBoot.sys
08/22/2013  09:25 AM           839,488 Wdf01000.sys
01/12/2017  12:51 PM           274,776 WdFilter.sys
08/22/2013  09:25 AM            60,224 WdfLdr.sys
01/12/2017  12:51 PM           117,592 WdNisDrv.sys
08/22/2013  08:39 AM            38,240 werkernel.sys
11/10/2014  02:06 PM           136,512 wfplwfs.sys
11/24/2015  12:36 AM           420,360 WiFiCLass.sys
10/29/2014  12:09 AM            33,600 wimmount.sys
10/28/2014  11:56 PM            61,208 winhv.sys
04/09/2017  04:40 PM            48,128 winhvr.sys
08/22/2013  07:37 AM            78,848 winusb.sys
08/22/2013  07:40 AM            16,384 wmiacpi.sys
08/22/2013  09:25 AM            18,272 wmilib.sys
08/13/2014  08:53 PM           157,016 wof.sys
10/28/2014  11:57 PM            54,784 wpcfltr.sys
08/22/2013  08:36 AM            26,976 WpdUpFltr.sys
08/22/2013  09:25 AM            23,392 WppRecorder.sys
08/22/2013  07:40 AM            21,504 ws2ifsl.sys
10/28/2014  10:46 PM           113,664 WUDFPf.sys
10/28/2014  10:46 PM           226,304 WUDFRd.sys
             354 File(s)     69,775,282 bytes
               5 Dir(s)  67,845,926,912 bytes free

========= End of CMD: =========

==== End of Fixlog 21:55:43 ====



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 27 September 2017 - 08:56 PM

Do you have a USB Flash Drive?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 September 2017 - 08:58 PM

yes, I can use a portable drive.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 28 September 2017 - 08:49 AM

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 September 2017 - 12:25 AM

Aura,

 

Please see attached,  Sorry for the delays. It took me a while for get through those "boot" steps.

 

thanks

 

Attached Files



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 29 September 2017 - 07:00 AM

All good, no worries :) Now, you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 xunchen88

xunchen88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 September 2017 - 10:24 AM

it is working now. Just reinstalled malwarebytes, and log is attached.

thanks!

Attached Files



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 29 September 2017 - 10:26 AM

Awesome! Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users