Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system repair offline


  • This topic is locked This topic is locked
122 replies to this topic

#1 dmsjaj

dmsjaj

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 January 2018 - 03:43 PM

I have been working on trying to resolve this issue for 2 weeks and at every corner, I hit another snag. This is my business computer which our company utilizes Trend Office Scan for live scanning and antivirus.  Two weeks ago, I was trying to fix an external hardrive and everything went wrong.  The virus I picked up blew through officescan, which now won't even come back on, guest user was created, along with some other ones, tagged on to a good portion of my files having the ability to execute and overwrite.  I have no function with system restore as all previous restore points have been deleted.  I have tried numerous times to utilize system repair but it still states system repair offline.  At first, the error included a bad driver, now today, I have that down to just unknown.  Malwarebytes finds a Trojan/proxy agent in the registry key with APEXSVC but when quarantined, it comes right back.  Also with Malwarebytes, it won't even stay on, so I don't have Officescan or that one for active malware protection.  sfc /scannow won't complete anything as there is a system repair that shows that it is needing to complete but with system repair offline, this can never process.  Windows updates won't operate because of the same thing.  On restart, it won't go past that.  Utilizing chkdsk stops at the 50% range because it shows errors.  I am not sure what those are.  The computer is still operational but I can't connect back to my work network until I get this resolved.  Since this was a group build unit, I don't have access to a restore cd and I definitely do not want to start over. I have tried to do some fixes through Dell, some through Microsoft, and it seems if I get one thing corrected, another pops up. I also have a redirect on chrome where Bing becomes the search engine but it won't always go to the page that I need.  I started using explorer to minimize that a little, but I am trying not to use very many webpages on the PC as I don't have an active anti-virus up and running.  Our firewall settings are managed by administrators so those are preset but I did notice that the last 4 on the firewall as approved, I previously removed as they are not valid for and I believe may have been part of the virus.

 

 

 

I am attaching both of the FARBAR texts for your review.  I would really appreciate the help as this is really frustrating as wiping this system really isn't an option for me.

 

 

 

 Thanks,

 

DMSJAJ

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 21 January 2018 - 07:21 PM

Welcome :)

I'll be helping you with your computer. You seem to be infected with a SmartService Rootkit.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

Step 1
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for it to complete
  • A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

Step 2
If successful, favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.
 
Step 3
 

  • Run FRST64 once again.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

We will need to see:

  •   FRST.txt report from the Flash Drive
  •   MBAM report
  •   FRST.txt report from Normal Mode
  •   Addition.txt from Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 dmsjaj

dmsjaj
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 January 2018 - 10:39 PM

Thank you for assisting me JSntgRvr.  As I started to follow your instructions, I went into system repair and once I got to my administrator log in with password, the only two options I had available are system repair and dell back up and restore.  The dell back up and restore won't even allow me into it. Is there another way into a command prompt or am I going to have to create a backup?  If it has to be a backup, I will have to do a USB backup as I don't have a dvd writer on this laptop.  Previous research hasn't turned up much on that end.  I did go through your suggested tutorial with sevenforums but every place I went to didn't have the windows 7 recovery available.  I realize it is a little outdated but I am not sure which way I will need to go. Please let me know what you suggest.

 

 

Thanks,



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 21 January 2018 - 11:19 PM

Are you able to reach the Advanced menu tapping on F8 at startup? Is there a repair my computer option at the menu? Are you able to create a USB bootable media to reach Windows Recovery Environment?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 dmsjaj

dmsjaj
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 January 2018 - 11:33 PM

When I hit F8 at startup and go to repair my computer, that is the only two options I have available.  Previously, it was set as only as an administrator login and password, which I didn't have the password for, so I created one for me.  When I switch over to my login at that point, with password, I only have those two options (system repair and dell back up and restore).  I created the back door to try and gain access to where I needed to be but this is the only options I have been able to.  Is there any way that I can gain more access than what I have created?



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 22 January 2018 - 12:43 AM

At an Administrator Command Promt type the following and press enter:

BCDEDIT/enum all >%userprofile%\desktop\report.txt

Open the report.txt on your desktop and post its contents.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 dmsjaj

dmsjaj
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 22 January 2018 - 07:26 AM

Here it is. Attached File  report.txt   3.6KB   13 downloads


Edited by JSntgRvr, 22 January 2018 - 10:43 AM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 22 January 2018 - 10:35 AM

Some how is not giving me access to the file. Please copy and paste its contents on your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 dmsjaj

dmsjaj
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 22 January 2018 - 10:59 AM

Please let me know if it went through this time.

 

 

Thanks,

Attached Files



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 22 January 2018 - 11:44 AM

I don't see any problems in the BCD, perhaps the Windows Recovery Environment (WinRE) needs to be repair.

 

Follow the instructions here to create a bootable USB with Windows 7. You will need the Product Key to download the Windows 7 .iso file.

 

Let me know if successful.

 

How about using another computer to create a bootable DVD?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 dmsjaj

dmsjaj
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 22 January 2018 - 12:41 PM

I noticed that my recovery is setup as on the d: drive.  Shouldn't it be on the c: drive, and could that explain why I don't have full functionality?



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 22 January 2018 - 12:56 PM

No. In windows 7 the boot partition is different from the OS partition. I am researching Dell.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 22 January 2018 - 04:05 PM

After you select the keyboard and logon in the Recovery Environment, this is the tools that should appear:

 

Attached File  WinREOptions.jpg   104.67KB   0 downloads

 

Is this happening?

 

Download the enclosed file. Attached File  boot_into_RE_2.zip   1.26KB   2 downloads Save and Extract its contents to the desktop. Once extracted, Open the folder and right click on the file. Select Run as Administrator. Follow the prompts and see if you are able to boot to the above menu.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 dmsjaj

dmsjaj
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 22 January 2018 - 05:31 PM

I finally was able to get in by changing my user permissions. So now I can get there. Using the command prompt of F:\FRST64.exe is now bringing up- The subsystem needed to support the image type is not present. What do I need to do to correct that?

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:01 AM

Posted 22 January 2018 - 07:01 PM

This is due to the rootkit. FRST has been targeted.

 

I need more information. Follow these steps:

 

 

  • Highlight the entire content of the quote box below.

Start::  
FirewallRules: [{457F88FC-0849-4110-BBC8-AE5CB720394E}] => (Allow) LPort=5900
FirewallRules: [{0DCD8598-CE8D-4D31-A551-14D7AAAF1E8D}] => (Allow) LPort=5800
FirewallRules: [{C4029022-8921-487F-A2AC-6960BE3435F8}] => (Allow) LPort=49142
C:\Windows\system32\drivers\pwbpsvzc.sys

S2 apexpsvc; "C:\Users\dstover\AppData\Local\gvkxelho\apexpsvc.exe" /svc [X]
Toolbar: HKU\S-1-5-21-623538099-558311655-452798024-2129 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
2018-01-18 14:16 - 2017-11-10 17:31 - 000340616 _____ (Symantec Corporation) C:\Users\dstover\AppData\Local\Temp\SEVINST64x86.EXE
2018-01-18 20:18 - 2018-01-18 15:15 - 001516216 _____ (Symantec Corporation) C:\Users\dstover\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS__{2CE86211-E10D-4288-9147-B40A033819FF}.exe
2018-01-18 19:13 - 2012-01-22 08:55 - 000095544 _____ (Broadcom Corporation) C:\Windows\system32\OLDBB1C.tmp
2018-01-18 19:13 - 2012-01-22 08:34 - 004378624 _____ (Broadcom Corporation) C:\Windows\system32\OLDBB5C.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe3c73dd1f9b74f5a.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw51d67794dcf8c134.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1c1e09a3ddcdd760.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw b10c5090ba5aa74.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswde5be8ce60284c78.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8a34baa5b6f747ca.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw68b9c974936b435f.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1ec47d90c55f784d.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbac39074642f11e1.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb32baf34684092ed.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7317786c11cce406.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2dd43e6cfaeb681e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf6c45d7e63acc8a9.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa8d935f8fab94055.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa25064183a1133bb.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw17ee1e46a3c3012b.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd810ba9ff3d2d620.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa88a6dc842159c33.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8da8c8eaa17fd850.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1042b2416f0f6365.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf724efd1b3e48d6c.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf583e594c0591a65.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb2de362c5a196033.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9f002bc231b550a6.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe069dae6712bc71e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5d3868920dcb9d3f.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3681e45c29a4fcb2.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw182a6dd16d1f68ff.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asweff976d27367c133.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcabb241b1eb3e91e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw345d255bc827e2d9.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw14f50540728ff152.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcc4709dc59cabc6e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8e9b7d324c2481af.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7a1814a29ee0d578.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw51d9b4b2e1ae38a2.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe3797ecd589c299b.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw86c2a802c5ec69d4.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6c904cc9c7e09a5d.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw178b54ea4b658fb5.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe19cf4e55d15dcf2.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc342e666ee1c1aaa.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa3b84beab234c720.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8b21030f3e17ce48.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswab414e8392921f53.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa7113b5e46bd160e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw569b661a9411e5d0.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw11b15b62a0ce1884.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfec29916fb6a9832.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcedac5caffae5573.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw74322852cc5ae1c5.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw f4d00e8604bdbdb.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd07aff6b44426153.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb574bef93c645b64.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa6796364f2385b14.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9fdf4fb8e71c6699.tmp
2018-01-10 12:20 - 2012-01-22 08:55 - 000095544 _____ (Broadcom Corporation) C:\Windows\system32\OLDA0BA.tmp
2018-01-10 12:20 - 2012-01-22 08:34 - 004378624 _____ (Broadcom Corporation) C:\Windows\system32\OLDA0BB.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\asw281ed2c15b4914ff.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9dce305414d799e0.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbf4f55c2d86dddbe.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4864ebc818212332.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw be404fba4326024.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb2fc0802530bbcb7.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb4bd736b5086112b.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb733c3103bdc7fb6.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 2b420d55c6c0e10.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6bdbe4ccd0c53314.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4b879e6f0647b192.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw56bc87613a52b2f9.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw788425ed9cfc1054.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb0d97510e96ad42b.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 008925184 _____ (Dell Inc.) C:\Windows\bcm980E.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SETB960.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SETA575.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET9F7B.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET905E.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET74A3.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET70BD.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET5C15.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET5928.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET52B2.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET511D.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET49F6.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 003155456 _____ (Dell Inc.) C:\Windows\bcm981E.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000336384 _____ (TODO: <Company name>) C:\Windows\bcm981F.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000106000 _____ (CACE Technologies, Inc.) C:\Windows\bcm9830.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SETBB08.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SETA9BB.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SETA086.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET91B7.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET8410.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET7956.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET6589.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET5DEB.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET55A1.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET5498.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET4CB6.tmp
C:\Windows\system32\spmtoilsvc.exe
C:\Users\dstover\AppData\Local\wmixbkr
C:\Users\dstover\AppData\Local\pwrghbo
C:\Users\dstover\AppData\Local\dwrciak
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

Lets try the latest of MBAR:

 

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds]Upon completion of the scan or after the reboot, two files named  mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop.
Please attach both files in your next reply.
 


Edited by JSntgRvr, 22 January 2018 - 07:06 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users