Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with a seemingly unbeatable virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with a seemingly unbeatable virus

Unread postby arcylix » September 24th, 2017, 10:28 am

A few days ago, I downloaded a program that I shouldn't have in an effort to test something before I shelled out $50 for it. Shame on me, I know.

At first, I was hit with a big blue screen that demanded my Windows Activation key. I was able to remove that easily, and uninstalled some rogue programs that were installed. I thought that was the last of it. I opened up Chrome browser and did a simple Google search, only to be redirected to Yahoo. I immediately checked my extensions, and found no rogue extensions to disable. I then attempted to do a virus scan, and found I could not open up my virus scanner, at all. I had MalwareBytes as well as Panda Pro. Neither would open up. I opened up Task Manager and found a process that seemed suspicious: dwonhxbsrv.exe. I tried to End Task, but I couldn't do that, either. The location for the file was C:\Windows\temp. I also stumbled across the Unmelted virus. So my next step was to reboot into Safe mode and delete it. But it didn't seem to exist. I attempted to run antivirus in Safe mode, and it still wouldn't open.

My next step then was to create a bootable USB drive and try to do some repairs there. I tried HBCD, AiO, Medicat, and even tried to use a USB version of Windows 8. Could not boot into Windows 8, and Medicat failed. Got into HBCD, but when I tried to run the antivirus, it failed to execute. Same with AiO (Paul Vreeland, I think?). Then I found out about Norton Power Eraser, which I used. Now I have an "msln is missing" error on boot, and the virus is still active. I also used ESET online virus scanner, and I was hopeful, for it found and cleaned a lot of files. Just not the right one, apparently.

For additional "features" of this virus, after a while, it creates a "Windows Process Manager" task and two sub-tasks called "client". When those are active, I cannot delete them, nor can I scroll down to see the aforementioned suspicious .exe running. It jumps right back to the top if I do. I've caught glimpses of a URL when Google redirects, and it says "extension.whitesmoke.com", though any other details, I don't have. I also cannot do Cmd+R to open up Run (I have to use Task Manager for that), and in an effort to export all running tasks to see if I've missed anything else, I get an "Access is denied." error (using "tasklist /v > taskslist.txt").

I really do not want to reformat and reinstall everything, so this is pretty much my last resort. Is there anything else I can try to get rid of this seemingly unbeatable virus? Thank you, graciously, in advance.
arcylix
Member+
 
Posts: 6
Joined: September 24th, 2017, 9:45 am
Advertisement
Register to Remove

Re: Infected with a seemingly unbeatable virus

Unread postby Gary R » September 24th, 2017, 12:20 pm

Are you able to run programs on your computer, if you are please do the following ....

  • If you're using a 32 bit OS ...Download FRST to your Desktop.
  • If you're using a 64 bit OS ...Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Post each log separately as they are usually long and will overrun the forum post size limit if you post them both into the same post.

If you're not able to run FRST please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with a seemingly unbeatable virus

Unread postby arcylix » September 24th, 2017, 2:40 pm

My apologies, I had read to do the FRST, and I forgot to upload the attachments. I noticed there wasn't an edit button to edit the post and correctly add them. I am attaching them now, for they are too large to post.

If it matters any, it's on a Windows 10 Pro laptop.\

Thank you for your quick response.
You do not have the required permissions to view the files attached to this post.
arcylix
Member+
 
Posts: 6
Joined: September 24th, 2017, 9:45 am

Re: Infected with a seemingly unbeatable virus

Unread postby Gary R » September 24th, 2017, 3:26 pm

It's going to take me a while to go through your FRST logs, so it may be tomorrow (my time gmt) before I get back to you.

In the meantime can you see if you can follow the instructions on THIS page, to run a scan with Malwarebytes Anti-Rootkit Beta, which should then allow you to run a scan with your installed version of Malwarebytes Anti-Malware.

If you are able to run a scan with MBAM, then please fix anything it finds, and post me the log.

  • With Malwarebytes open, click on Reports and select the most recent Scan report.
  • Click View Report to open the Report.
  • Click Export > Copy to clipboard to copy the report's contents
    • Please post those contents in your next reply.

If you are still unable to run MBAM after running MBAR, please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with a seemingly unbeatable virus

Unread postby arcylix » September 24th, 2017, 4:45 pm

Take your time as needed. I appreciate the assistance.

I attempted to run MBAR, but came across this message:

"Error: The system volume seems inaccessible or encrypted. Scan can't continue."

That would explain a few things, it seems, as to why I couldn't scan in Safe mode or even off a USB bootable OS.
arcylix
Member+
 
Posts: 6
Joined: September 24th, 2017, 9:45 am

Re: Infected with a seemingly unbeatable virus

Unread postby Gary R » September 24th, 2017, 5:35 pm

I need some extra information from you please ....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
Code: Select all
Cmd: dir C:\Windows\system32\drivers

  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Question ....

Do you know these User accounts ????

C:\Users\Qfd4eey
C:\Users\Aksnb26p


By the way, do you use this computer to connect to a business or educational network, because your FRST logs would suggest that you do.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with a seemingly unbeatable virus

Unread postby arcylix » September 24th, 2017, 9:20 pm

Here is the fixlog.txt file:
Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by Joshua (24-09-2017 21:17:55) Run:1
Running from C:\Users\Joshua\Downloads
Loaded Profiles: Joshua (Available Profiles: Joshua)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Cmd: dir C:\Windows\system32\drivers
*****************


========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is A608-C6AA

 Directory of C:\Windows\system32\drivers

09/24/2017  04:41 PM    <DIR>          .
09/24/2017  04:41 PM    <DIR>          ..
09/22/2017  10:07 PM           253,888 03703FE4.sys
09/21/2017  07:14 PM           253,888 0A1A6D3F.sys
09/22/2017  11:31 PM           253,888 0A4F0087.sys
09/22/2017  04:57 PM           253,888 102452FC.sys
03/18/2017  04:56 PM           238,080 1394ohci.sys
09/20/2017  09:18 PM           253,888 161D7E60.sys
09/24/2017  09:25 AM           253,888 198114FC.sys
09/21/2017  07:52 PM           253,888 282B0A44.sys
09/24/2017  09:25 AM           253,888 3327154D.sys
09/22/2017  11:19 PM           253,888 34DD76EF.sys
03/18/2017  04:56 PM           107,424 3ware.sys
09/21/2017  03:23 AM           253,888 507B15EE.sys
09/24/2017  04:41 PM           253,888 564EC65C.sys
09/21/2017  07:18 PM           253,888 64B17059.sys
09/22/2017  11:19 PM           253,888 7A8B773A.sys
09/22/2017  06:30 PM           253,888 7E5919AE.sys
08/23/2012  09:45 AM            42,400 Accelerometer.sys
07/28/2017  01:23 AM           723,360 acpi.sys
03/18/2017  04:56 PM            20,480 AcpiDev.sys
03/18/2017  04:56 PM           127,392 acpiex.sys
03/18/2017  04:56 PM            12,800 acpipagr.sys
03/18/2017  04:56 PM            14,848 acpipmi.sys
03/18/2017  04:56 PM            14,336 acpitime.sys
03/18/2017  04:56 PM         1,135,512 adp80xx.sys
09/05/2017  01:11 AM           610,720 afd.sys
03/18/2017  04:58 PM           108,544 agilevpn.sys
03/18/2017  04:57 PM           239,616 ahcache.sys
08/01/2015  12:51 AM           315,120 amdacpksd.sys
03/18/2017  04:56 PM           176,640 amdk8.sys
08/18/2016  05:41 PM            49,448 amdkmafd.sys
03/18/2017  04:56 PM           172,544 amdppm.sys
03/18/2017  04:56 PM            83,352 amdsata.sys
03/18/2017  04:56 PM           259,488 amdsbs.sys
03/18/2017  04:56 PM            27,040 amdxata.sys
07/24/2012  05:35 AM            79,528 amd_sata.sys
07/24/2012  05:35 AM            26,280 amd_xata.sys
06/23/2012  09:23 AM           199,008 appexDrv.sys
03/18/2017  04:58 PM           184,736 appid.sys
03/18/2017  04:58 PM            17,920 applockerfltr.sys
03/18/2017  04:56 PM           132,000 arcsas.sys
03/18/2017  04:57 PM            28,672 asyncmac.sys
03/18/2017  04:56 PM            29,088 atapi.sys
03/18/2017  04:56 PM           194,464 ataport.sys
08/29/2016  12:08 AM         4,318,648 athwbx.sys
08/01/2015  12:51 AM            60,960 ati2erec.dll
08/09/2016  09:39 AM           118,848 AtihdWB6.sys
05/28/2015  07:00 AM           102,912 AtihdWT6.sys
08/01/2015  12:51 AM        21,637,664 atikmdag.sys
08/01/2015  12:51 AM           682,016 atikmpag.sys
03/18/2017  04:56 PM            57,344 BasicDisplay.sys
06/03/2017  05:11 AM            35,840 BasicRender.sys
03/18/2017  04:56 PM            36,256 battc.sys
03/18/2017  04:56 PM             9,728 bcmfn2.sys
03/18/2017  04:57 PM            10,240 beep.sys
03/18/2017  04:56 PM           101,888 bowser.sys
07/28/2017  12:25 AM           115,712 bridge.sys
03/18/2017  04:56 PM            23,552 BtaMPM.sys
03/18/2017  04:56 PM            43,520 BthAvrcpTg.sys
07/28/2017  12:08 AM            97,792 bthhfenum.sys
03/18/2017  04:56 PM            32,256 BthhfHid.sys
03/18/2017  04:56 PM            66,560 bthmodem.sys
09/05/2017  12:28 AM            39,424 buttonconverter.sys
03/18/2017  04:56 PM           533,920 bxvbda.sys
03/18/2017  04:56 PM            53,664 CAD.sys
03/18/2017  04:56 PM           122,880 capimg.sys
03/18/2017  04:57 PM            93,184 cdfs.sys
03/18/2017  04:56 PM           160,256 cdrom.sys
03/18/2017  04:57 PM            77,216 CEA.sys
03/18/2017  04:56 PM           102,816 cht4dx64.sys
03/18/2017  04:56 PM           347,032 cht4sx64.sys
03/18/2017  04:56 PM         2,104,224 cht4vx64.sys
03/18/2017  04:56 PM            49,152 circlass.sys
03/18/2017  04:57 PM           391,584 Classpnp.sys
03/18/2017  04:58 PM            12,288 cldflt.sys
07/31/2017  10:38 PM           382,368 clfs.sys
03/18/2017  04:58 PM           877,472 ClipSp.sys
06/25/2012  01:24 PM            92,536 CLVirtualDrive.sys
03/18/2017  04:56 PM            30,208 CmBatt.sys
03/18/2017  04:56 PM            28,064 cmimcext.sys
03/18/2017  04:58 PM           642,688 cng.sys
03/18/2017  04:57 PM            39,840 cnghwassist.sys
03/18/2017  04:57 PM            56,224 condrv.sys
03/18/2017  04:57 PM            86,432 crashdmp.sys
05/20/2017  02:59 AM           112,544 dam.sys
09/20/2017  12:48 PM            45,640 dbx-canary.sys
09/20/2017  12:48 PM            45,672 dbx-dev.sys
09/20/2017  12:48 PM            45,640 dbx-stable.sys
03/18/2017  04:56 PM            45,568 devauthe.sys
03/18/2017  04:57 PM           150,528 dfsc.sys
03/18/2017  04:56 PM           102,816 disk.sys
03/18/2017  04:58 PM            38,816 Diskdump.sys
03/18/2017  04:57 PM            15,360 Dmpusbstor.sys
03/18/2017  04:56 PM            47,104 dmvsc.sys
03/18/2017  04:56 PM            97,280 drmk.sys
03/18/2017  04:56 PM            16,232 drmkaud.sys
03/18/2017  04:57 PM            35,744 Dumpata.sys
03/18/2017  04:59 PM            91,152 dumpfve.sys
09/05/2017  01:21 AM           189,344 dumpsd.sys
03/18/2017  04:58 PM            32,256 dumpsdport.sys
03/18/2017  04:57 PM            25,600 Dumpstorport.sys
09/05/2017  01:19 AM         2,443,168 dxgkrnl.sys
05/13/2017  09:43 AM           409,504 dxgmms1.sys
07/31/2017  10:32 PM           712,600 dxgmms2.sys
03/18/2017  04:57 PM            88,992 EhStorClass.sys
03/18/2017  04:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  10:31 PM    <DIR>          en-US
03/18/2017  04:56 PM            13,824 errdev.sys
05/13/2017  06:34 AM    <DIR>          etc
03/18/2017  04:56 PM         3,419,040 evbda.sys
03/18/2017  04:57 PM           347,136 exfat.sys
09/20/2017  08:51 PM           101,824 farflt.sys
05/20/2017  02:53 AM           363,424 fastfat.sys
03/18/2017  04:56 PM            32,768 fdc.sys
03/18/2017  04:56 PM            54,272 filecrypt.sys
03/18/2017  04:57 PM            86,432 fileinfo.sys
03/18/2017  04:57 PM            36,864 filetrace.sys
03/18/2017  04:56 PM            26,624 flpydisk.sys
03/18/2017  04:57 PM           386,464 fltMgr.sys
03/18/2017  04:56 PM            63,904 fsdepends.sys
03/18/2017  04:57 PM            33,688 fs_rec.sys
09/05/2017  01:16 AM           715,168 fvevol.sys
03/18/2017  04:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  04:56 PM            21,504 genericusbfn.sys
03/18/2017  04:57 PM         3,440,660 gm.dls
03/18/2017  04:57 PM               646 gmreadme.txt
03/18/2017  04:58 PM             8,192 gpuenergydrv.sys
06/20/2017  01:12 AM            86,528 hdaudbus.sys
03/18/2017  04:56 PM           416,256 HdAudio.sys
03/18/2017  04:56 PM            38,296 hidbatt.sys
09/05/2017  12:26 AM           107,008 hidbth.sys
03/18/2017  04:56 PM           180,736 hidclass.sys
03/18/2017  04:56 PM            52,224 hidi2c.sys
03/18/2017  04:56 PM            51,104 hidinterrupt.sys
03/18/2017  04:56 PM            46,592 hidir.sys
03/18/2017  04:56 PM            40,960 hidparse.sys
03/18/2017  04:56 PM            40,960 hidusb.sys
08/23/2012  09:45 AM            29,600 hpdskflt.sys
05/15/2014  04:18 PM            28,376 HpqKbFiltr64.sys
03/18/2017  04:56 PM            64,416 HpSAMD.sys
07/07/2017  03:07 AM         1,106,848 http.sys
03/18/2017  04:57 PM            74,648 hvservice.sys
03/18/2017  04:56 PM           118,688 hvsocket.sys
03/18/2017  04:57 PM            29,600 hwpolicy.sys
03/18/2017  04:56 PM            16,896 hyperkbd.sys
03/18/2017  04:56 PM           115,200 i8042prt.sys
03/18/2017  04:56 PM            33,280 iagpio.sys
03/18/2017  04:56 PM            81,408 iai2c.sys
03/18/2017  04:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  04:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  04:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  04:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  04:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  04:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  04:56 PM           673,184 iaStorAV.sys
03/18/2017  04:56 PM           412,064 iaStorV.sys
03/18/2017  04:56 PM           526,240 ibbus.sys
03/18/2017  04:58 PM            36,864 IndirectKmd.sys
03/18/2017  04:56 PM            19,360 intelide.sys
03/18/2017  04:56 PM            74,840 intelpep.sys
03/18/2017  04:56 PM           193,536 intelppm.sys
03/18/2017  04:57 PM            49,568 iorate.sys
03/18/2017  04:57 PM            87,040 ipfltdrv.sys
03/18/2017  04:56 PM            92,064 IPMIDrv.sys
03/18/2017  04:58 PM           214,528 ipnat.sys
03/18/2017  04:57 PM           120,320 irda.sys
03/18/2017  04:57 PM            19,968 irenum.sys
03/18/2017  04:56 PM            22,944 isapnp.sys
03/18/2017  04:56 PM            64,416 kbdclass.sys
03/18/2017  04:56 PM            40,448 kbdhid.sys
03/18/2017  04:56 PM            23,040 kdnic.sys
03/18/2017  04:58 PM           390,144 ks.sys
09/05/2017  01:27 AM           136,096 ksecdd.sys
03/18/2017  04:58 PM           170,912 ksecpkg.sys
05/20/2017  02:10 AM            27,136 ksthunk.sys
06/17/2015  07:25 PM            87,696 LEqdUsb.sys
09/01/2016  01:14 PM            47,928 libusbK.sys
06/26/2017  07:23 PM            32,376 libwamf.sys
06/26/2017  07:23 PM            38,520 libwasys.sys
03/18/2017  04:58 PM            66,560 lltdio.sys
05/13/2017  06:07 AM            18,960 LNonPnP.sys
12/20/2015  04:24 PM            53,144 LPCFilter.sys
03/18/2017  04:56 PM           108,960 lsi_sas.sys
03/18/2017  04:56 PM           123,808 lsi_sas2i.sys
03/18/2017  04:56 PM           103,328 lsi_sas3i.sys
03/18/2017  04:56 PM            82,848 lsi_sss.sys
03/18/2017  04:57 PM           124,928 luafv.sys
08/01/2016  03:24 PM            55,168 lyykbyxk.sys
03/18/2017  04:56 PM           405,408 mausbhost.sys
03/18/2017  04:56 PM            51,104 mausbip.sys
09/22/2017  09:42 PM            77,440 mbae64.sys
09/20/2017  09:18 PM            45,472 mbam.sys
09/20/2017  08:52 PM           192,960 MBAMChameleon.sys
09/24/2017  09:32 AM           253,888 MBAMSwissArmy.sys
03/18/2017  04:57 PM            23,552 mcd.sys
03/18/2017  04:56 PM            59,808 megasas.sys
03/18/2017  04:56 PM            64,416 MegaSas2i.sys
03/18/2017  04:56 PM           575,904 megasr.sys
03/18/2017  04:56 PM           842,656 mlx4_bus.sys
03/18/2017  04:57 PM            50,688 mmcss.sys
03/18/2017  04:57 PM            42,496 modem.sys
03/18/2017  04:56 PM            39,424 monitor.sys
03/18/2017  04:56 PM            60,320 mouclass.sys
03/18/2017  04:56 PM            33,280 mouhid.sys
03/18/2017  04:57 PM           105,880 mountmgr.sys
03/18/2017  04:58 PM            76,800 mpsdrv.sys
03/18/2017  04:57 PM           144,384 mrxdav.sys
03/18/2017  04:57 PM           467,352 mrxsmb.sys
07/07/2017  02:08 AM           285,696 mrxsmb10.sys
09/05/2017  01:16 AM           228,256 mrxsmb20.sys
03/18/2017  04:57 PM            31,744 msfs.sys
07/16/2016  07:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  04:57 PM           169,888 msgpioclx.sys
03/18/2017  04:56 PM            49,056 msgpiowin32.sys
03/18/2017  04:57 PM             8,704 mshidkmdf.sys
03/18/2017  04:57 PM            12,288 mshidumdf.sys
09/24/2017  09:31 AM            81,696 msidntfs.sys
03/18/2017  04:56 PM            19,352 msisadrv.sys
07/28/2017  01:20 AM           279,968 msiscsi.sys
06/20/2017  01:14 AM            32,768 mskssrv.sys
03/18/2017  04:57 PM            83,456 mslldp.sys
03/18/2017  04:58 PM            10,752 mspclock.sys
03/18/2017  04:58 PM            10,752 mspqm.sys
03/18/2017  04:57 PM           367,000 msrpc.sys
03/18/2017  04:56 PM            44,960 mssmbios.sys
03/18/2017  04:58 PM            12,800 mstee.sys
03/18/2017  04:56 PM            16,896 MTConfig.sys
03/18/2017  04:57 PM           123,808 mup.sys
03/18/2017  04:56 PM            63,904 mvumis.sys
09/20/2017  08:51 PM            94,144 mwac.sys
03/18/2017  04:56 PM           108,960 ndfltr.sys
09/05/2017  01:23 AM         1,242,528 ndis.sys
03/18/2017  04:57 PM            50,688 ndiscap.sys
03/18/2017  04:57 PM           128,512 NdisImPlatform.sys
03/18/2017  04:58 PM            27,136 ndistapi.sys
03/18/2017  04:58 PM            65,536 ndisuio.sys
03/18/2017  04:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  04:58 PM           192,000 ndiswan.sys
03/18/2017  04:58 PM            62,464 ndproxy.sys
03/18/2017  04:58 PM           127,488 Ndu.sys
03/18/2017  04:57 PM           122,368 NetAdapterCx.sys
03/18/2017  04:57 PM            57,760 netbios.sys
09/05/2017  12:23 AM           305,152 netbt.sys
09/05/2017  01:24 AM           519,584 netio.sys
05/13/2017  09:43 AM           118,784 netvsc.sys
12/10/2015  10:08 AM           103,856 nnsalpc.sys
12/10/2015  10:08 AM           210,864 nnshttp.sys
12/10/2015  10:08 AM           120,240 nnshttps.sys
12/10/2015  10:08 AM           120,240 nnsids.sys
06/19/2015  05:17 AM            58,616 NNSNAHSL.sys
12/10/2015  10:09 AM           112,560 nnspicc.sys
03/17/2016  06:31 AM            82,864 nnspihsw.sys
12/10/2015  10:09 AM           133,552 nnspop3.sys
12/10/2015  10:09 AM           309,680 nnsprot.sys
02/18/2016  12:37 PM           179,632 nnsprv.sys
12/10/2015  10:09 AM           122,800 nnssmtp.sys
02/18/2016  12:37 PM           267,184 nnsstrm.sys
12/10/2015  10:09 AM           115,632 nnstlsc.sys
02/28/2013  09:49 PM            36,600 npf.sys
03/18/2017  04:57 PM            69,120 npfs.sys
03/18/2017  04:56 PM            27,136 npsvctrig.sys
09/05/2017  12:25 AM            43,520 nsiproxy.sys
07/28/2017  01:24 AM         2,327,456 ntfs.sys
03/18/2017  04:57 PM            20,376 ntosext.sys
03/18/2017  04:57 PM             7,680 null.sys
03/18/2017  04:56 PM            80,896 nvdimmn.sys
03/18/2017  04:56 PM           150,432 nvraid.sys
03/18/2017  04:56 PM           166,304 nvstor.sys
03/18/2017  04:58 PM           549,888 nwifi.sys
03/18/2017  04:57 PM           152,992 pacer.sys
03/18/2017  04:56 PM            97,792 parport.sys
09/05/2017  01:25 AM           159,648 partmgr.sys
09/24/2017  09:30 AM           115,024 pcchknqu.sys
03/18/2017  04:56 PM           353,696 pci.sys
03/18/2017  04:56 PM            16,800 pciide.sys
03/18/2017  04:56 PM            53,656 pciidex.sys
03/18/2017  04:56 PM           120,224 pcmcia.sys
03/18/2017  04:57 PM            52,640 pcw.sys
07/07/2017  03:24 AM           117,664 pdc.sys
03/18/2017  04:58 PM           741,376 PEAuth.sys
03/18/2017  04:56 PM            58,784 percsas2i.sys
03/18/2017  04:56 PM            61,848 percsas3i.sys
03/18/2017  04:56 PM           101,376 pmem.sys
03/18/2017  04:56 PM           373,248 portcls.sys
03/18/2017  04:56 PM           172,032 processr.sys
08/09/2016  04:17 PM           174,000 PSINAflt.sys
08/09/2016  04:17 PM           129,456 PSINFile.sys
08/09/2016  04:17 PM           207,272 PSINKNC.sys
08/09/2016  04:17 PM           133,544 PSINProc.sys
08/09/2016  04:17 PM           146,864 PSINProt.sys
08/09/2016  04:17 PM           117,168 PSINReg.sys
08/09/2016  10:10 PM            72,112 PSKMAD.sys
08/08/2014  12:31 PM            27,136 ptun0901.sys
03/18/2017  04:57 PM            49,664 qwavedrv.sys
03/18/2017  04:57 PM            17,920 rasacd.sys
03/18/2017  04:58 PM           107,008 rasl2tp.sys
03/18/2017  04:57 PM            81,920 raspppoe.sys
03/18/2017  04:58 PM            97,792 raspptp.sys
03/18/2017  04:58 PM            79,872 rassstp.sys
03/18/2017  04:57 PM           434,080 rdbss.sys
03/18/2017  10:31 PM            27,136 rdpbus.sys
03/18/2017  10:31 PM           183,296 rdpdr.sys
03/18/2017  10:31 PM            30,624 rdpvideominiport.sys
03/18/2017  04:57 PM           282,528 rdyboost.sys
03/18/2017  04:57 PM         1,735,584 refs.sys
03/18/2017  04:57 PM           936,864 refsv1.sys
03/18/2017  04:57 PM            14,336 registry.sys
03/18/2017  04:56 PM            40,960 RfxVmt.sys
06/20/2017  06:43 PM           149,240 rikvm_38F51D56.sys
03/18/2017  04:57 PM           150,016 rmcast.sys
03/18/2017  04:57 PM            34,816 RNDISMP.sys
05/20/2017  02:08 AM            13,312 rootmdm.sys
03/18/2017  04:58 PM            82,432 rspndr.sys
08/16/2016  02:55 PM           943,112 rt640x64.sys
09/02/2016  09:03 AM           337,928 RtsP2Stor.sys
09/28/2012  05:04 AM         8,229,264 rtsuvc.sys
03/18/2017  04:56 PM           110,496 sbp2port.sys
03/18/2017  04:57 PM            43,520 scfilter.sys
03/18/2017  04:56 PM            91,040 scmbus.sys
03/18/2017  04:57 PM           175,520 scsiport.sys
09/05/2017  01:30 AM           287,648 sdbus.sys
03/18/2017  04:56 PM            31,128 SDFRd.sys
03/18/2017  04:56 PM            98,208 sdport.sys
03/18/2017  04:56 PM            94,624 sdstor.sys
03/18/2017  04:57 PM            75,680 SerCx.sys
03/18/2017  04:57 PM           154,016 SerCx2.sys
03/18/2017  04:56 PM            26,112 serenum.sys
03/18/2017  04:56 PM            84,480 serial.sys
03/18/2017  04:56 PM            28,672 sermouse.sys
03/18/2017  04:56 PM            18,432 sfloppy.sys
03/18/2017  04:56 PM            44,960 sisraid2.sys
03/18/2017  04:56 PM            81,824 sisraid4.sys
03/18/2017  04:58 PM            32,672 SleepStudyHelper.sys
04/28/2016  12:53 AM            52,392 Smb_driver_AMDASF.sys
04/28/2016  12:53 AM            52,392 Smb_driver_AMDASF_Aux.sys
08/24/2012  04:38 AM            43,832 Smb_driver_Intel.sys
04/28/2016  12:53 AM            52,904 Smb_driver_Intel_Aux.sys
03/18/2017  04:57 PM            21,504 smclib.sys
09/22/2017  04:54 PM            26,684 SMR501.dat
03/18/2017  04:56 PM           167,328 spacedump.sys
03/18/2017  04:56 PM           587,168 spaceport.sys
03/18/2017  10:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  04:57 PM            80,288 SpbCx.sys
05/13/2017  09:43 AM           414,208 srv.sys
05/13/2017  09:43 AM           722,944 srv2.sys
09/05/2017  12:11 AM           254,976 srvnet.sys
01/16/2017  02:26 AM           131,712 ssudbus.sys
01/16/2017  02:26 AM           165,504 ssudmdm.sys
01/16/2017  02:26 AM            43,648 ss_conn_usb_driver.sys
01/28/2009  10:46 AM           114,960 StarPortLite.sys
03/18/2017  04:56 PM            31,136 stexstor.sys
05/20/2017  02:54 AM           144,288 storahci.sys
03/18/2017  04:56 PM            95,648 stornvme.sys
09/05/2017  01:16 AM           546,208 storport.sys
03/18/2017  04:58 PM            79,872 storqosflt.sys
03/18/2017  04:56 PM            36,760 storufs.sys
03/18/2017  04:56 PM            36,768 storvsc.sys
03/18/2017  04:57 PM            75,776 stream.sys
08/19/2012  09:45 PM           542,208 stwrt64.sys
03/18/2017  04:56 PM            18,336 swenum.sys
04/07/2014  06:55 PM             7,466 SYMEVENT64x86.CAT
04/07/2014  06:55 PM               855 SYMEVENT64x86.INF
04/07/2014  06:55 PM           177,312 SYMEVENT64x86.SYS
03/18/2017  04:56 PM            64,512 Synth3dVsc.sys
04/28/2016  12:53 AM           622,784 SynTP.sys
03/18/2017  04:57 PM            31,232 tape.sys
04/21/2017  04:16 AM            54,896 tapwindscribe0901.sys
03/18/2017  04:57 PM            28,064 tbs.sys
09/05/2017  01:11 AM         2,675,104 tcpip.sys
03/18/2017  04:57 PM            51,712 tcpipreg.sys
03/18/2017  04:57 PM            40,352 tdi.sys
07/31/2017  10:36 PM           119,712 tdx.sys
03/18/2017  10:31 PM            37,280 terminpt.sys
06/03/2017  06:10 AM           130,464 tm.sys
06/03/2017  06:00 AM           219,040 tpm.sys
03/18/2017  04:56 PM            61,440 TsUsbFlt.sys
03/18/2017  04:56 PM            35,328 TsUsbGD.sys
03/18/2017  04:58 PM           162,304 tunnel.sys
03/18/2017  04:56 PM            78,752 uaspstor.sys
09/05/2017  12:27 AM           104,960 UcmCx.sys
03/18/2017  04:58 PM           179,200 UcmTcpciCx.sys
07/28/2017  12:27 AM            51,712 UcmUcsi.sys
03/18/2017  04:56 PM           213,920 Ucx01000.sys
03/18/2017  04:56 PM            45,568 Udecx.sys
03/18/2017  04:57 PM           324,096 udfs.sys
03/18/2017  04:56 PM            29,600 uefi.sys
03/18/2017  04:58 PM           263,584 ufx01000.sys
03/18/2017  04:56 PM            98,712 UfxChipidea.sys
03/18/2017  04:56 PM           138,656 ufxsynopsys.sys
03/18/2017  04:56 PM            57,856 umbus.sys
09/18/2017  03:17 AM    <DIR>          UMDF
03/18/2017  04:56 PM            14,336 umpass.sys
03/18/2017  04:56 PM            29,600 urschipidea.sys
03/18/2017  04:58 PM            59,288 urscx01000.sys
03/18/2017  04:56 PM            28,064 urssynopsys.sys
08/16/2016  04:18 AM           159,936 usb2ser.sys
03/18/2017  04:57 PM            23,040 usb8023.sys
03/18/2017  04:57 PM            37,888 USBCAMD2.sys
03/18/2017  04:56 PM           173,984 usbccgp.sys
03/18/2017  04:56 PM           103,424 usbcir.sys
03/18/2017  04:56 PM            32,160 usbd.sys
03/18/2017  04:56 PM            98,200 usbehci.sys
06/19/2012  10:07 AM            57,000 usbfilter.sys
03/18/2017  04:56 PM           511,904 usbhub.sys
07/28/2017  01:15 AM           554,400 USBHUB3.SYS
03/18/2017  04:56 PM            30,720 usbohci.sys
03/18/2017  04:56 PM           466,336 usbport.sys
03/18/2017  04:56 PM            27,136 usbprint.sys
03/18/2017  04:56 PM            32,768 usbrpm.sys
09/05/2017  12:28 AM            71,680 usbser.sys
03/18/2017  04:56 PM           131,488 USBSTOR.SYS
03/18/2017  04:56 PM            35,328 usbuhci.sys
05/13/2017  09:43 AM           388,000 USBXHCI.SYS
04/28/2017  05:37 PM           961,768 VBoxDrv.sys
04/28/2017  05:37 PM           131,144 VBoxNetAdp6.sys
04/28/2017  05:37 PM           205,952 VBoxNetLwf.sys
04/28/2017  05:37 PM           149,304 VBoxUSBMon.sys
03/18/2017  04:56 PM            54,176 vdrvroot.sys
03/18/2017  04:57 PM           215,456 VerifierExt.sys
05/20/2017  02:54 AM           730,016 vhdmp.sys
03/18/2017  04:56 PM            35,328 vhf.sys
03/18/2017  04:57 PM            49,664 videoprt.sys
07/31/2017  10:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:44 PM            83,968 vmbkmclr.sys
03/18/2017  04:56 PM           107,424 vmbus.sys
03/18/2017  04:56 PM            25,088 VMBusHID.sys
03/18/2017  04:56 PM            13,824 vmgencounter.sys
03/18/2017  04:56 PM            10,240 vmgid.sys
04/14/2016  05:17 PM            33,472 VMkbd.sys
03/18/2017  04:56 PM             9,216 vms3cap.sys
03/18/2017  04:56 PM            47,520 vmstorfl.sys
03/18/2017  04:56 PM            83,360 volmgr.sys
03/18/2017  04:57 PM           373,664 volmgrx.sys
03/18/2017  04:57 PM           397,216 volsnap.sys
03/18/2017  04:56 PM            16,288 volume.sys
03/18/2017  04:56 PM            74,656 vpci.sys
03/18/2017  04:56 PM           166,816 vsmraid.sys
03/18/2017  04:56 PM           305,568 VSTXRAID.SYS
03/18/2017  04:58 PM            27,136 vwifibus.sys
03/18/2017  04:58 PM            77,312 vwififlt.sys
03/18/2017  04:58 PM            41,472 vwifimp.sys
03/18/2017  04:56 PM            30,720 wacompen.sys
03/18/2017  04:58 PM            81,408 wanarp.sys
03/18/2017  04:57 PM            55,808 watchdog.sys
06/20/2017  02:00 AM           142,752 wcifs.sys
03/18/2017  04:57 PM            72,192 wcnfs.sys
03/18/2017  04:56 PM            44,632 WdBoot.sys
03/18/2017  04:57 PM           902,376 Wdf01000.sys
03/18/2017  04:56 PM           294,816 WdFilter.sys
03/18/2017  04:57 PM            61,672 WdfLdr.sys
06/20/2017  01:07 AM           757,248 WdiWiFi.sys
03/18/2017  04:56 PM           121,248 WdNisDrv.sys
03/18/2017  04:57 PM            46,488 werkernel.sys
03/18/2017  04:57 PM           164,768 wfplwfs.sys
03/18/2017  04:57 PM            35,744 wimmount.sys
03/18/2017  04:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  04:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  04:56 PM            31,648 winhv.sys
03/18/2017  04:57 PM            55,296 winhvr.sys
03/18/2017  04:56 PM            32,160 winmad.sys
03/18/2017  04:58 PM           217,088 winnat.sys
03/18/2017  04:56 PM            90,112 winusb.sys
03/18/2017  04:56 PM            64,920 winverbs.sys
04/19/2016  04:55 PM            31,656 WirelessButtonDriver64.sys
03/18/2017  04:56 PM            18,432 wmiacpi.sys
03/18/2017  04:57 PM            20,384 wmilib.sys
03/18/2017  04:57 PM           208,288 wof.sys
03/18/2017  04:59 PM            30,624 WpdUpFltr.sys
03/18/2017  04:57 PM            33,184 WppRecorder.sys
03/18/2017  04:57 PM            23,552 ws2ifsl.sys
03/18/2017  04:57 PM           100,864 WUDFPf.sys
03/18/2017  04:57 PM           220,672 WUDFRd.sys
05/20/2017  02:07 AM           277,504 xboxgip.sys
03/18/2017  04:56 PM            46,592 xinputhid.sys
09/15/2015  11:29 PM           253,384 XQHDrv.sys
03/18/2017  04:56 PM            98,816 xusb22.sys
09/21/2017  08:08 PM           203,680 zam64.sys
09/21/2017  08:08 PM           203,680 zamguard64.sys
             474 File(s)    121,952,026 bytes
               5 Dir(s)  276,597,891,072 bytes free

========= End of CMD: =========


==== End of Fixlog 21:17:55 ====


Regarding your question: I noticed those two folders after I had run FRST the first time, and no, I do not know those two. I browsed them and they have some files in them, but I haven't done anything to delete them. They are also marked with a "hidden" attribute as well.
arcylix
Member+
 
Posts: 6
Joined: September 24th, 2017, 9:45 am

Re: Infected with a seemingly unbeatable virus

Unread postby Gary R » September 25th, 2017, 1:01 am

I also asked .....

do you use this computer to connect to a business or educational network, because your FRST logs would suggest that you do.


..... can you answer that question as well please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with a seemingly unbeatable virus

Unread postby Gary R » September 25th, 2017, 1:41 am

I've now finished going through your FRST logs, and it is clear that you have an infection that we're calling "SmartService".

However, I also discovered that you have some cracked/illegal software installed .....

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help. The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware