CLOSED Help please! Smartservice will not let me delete file

[Adriane 0]

Came back saying it could not fix it and that i shouldn't delete the file as it may affect the system. 

Forensics_171008-085945.txt

Addition.txt

[Kevin Zoll 308]

Hello Adriane,

The Forensics Report is not one of teh logs I need.

I need a scan report from the Emsisoft Emergency Kit.

I also need the FRST scan report named FRST.txt.

[Adriane 0]

sorry about that, i hope this is what you need. 

FRST.txt

scan_171008-064745.txt

[Kevin Zoll 308]

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

CloseProcesses:
CreateRestorePoint:
() C:\Windows\System32\msboyib.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vmatmuz] => C:\Users\adriane miles\AppData\Local\ntuserlitelist\vmatmuz\vmatmuz.exe [914432 2017-09-18] () <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\Run: [Bomgar Support Reconnect [59C8E45A]] => "C:\ProgramData\apple-scc-0x59c8e45b\apple-scc.exe" -nomulti
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\Run: [Bomgar_Cleanup_ZD15339026003] => cmd.exe /C rd /S /Q "C:\ProgramData\apple-scc-0x59c8e9d6" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD15339026003 /f <==== ATTENTION
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\Run: [Bomgar_Cleanup_ZD33032819610] => cmd.exe /C rd /S /Q "C:\Users\ADRIAN~1\AppData\Local\Temp\nst997F.tmpb" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD33032819610 /f <==== ATTENTION
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\MountPoints2: {abc5aac0-753c-11e7-8268-f0761c88a852} - "E:\VZW_Software_upgrade_assistant.exe"
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => No File
SearchScopes: HKU\S-1-5-21-3812737795-3334972217-2985048740-1001 -> DefaultScope {C18D112A-4D73-4628-8D63-5484B3FE857F} URL =
SearchScopes: HKU\S-1-5-21-3812737795-3334972217-2985048740-1001 -> {C18D112A-4D73-4628-8D63-5484B3FE857F} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
2017-10-06 08:54 - 2017-10-07 13:04 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 2b83646d40259bc.tmp
2017-10-06 08:54 - 2017-10-07 13:04 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw24390d52731c9808.tmp
2017-10-06 08:54 - 2017-10-07 13:04 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd01be747c9192fc2.tmp
2017-10-06 08:54 - 2017-10-07 13:04 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa4cf06a99c65a0db.tmp
2017-10-06 08:54 - 2017-10-07 13:04 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd2ded7b63a778240.tmp
2017-10-06 08:54 - 2017-10-07 13:04 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb359b98f2a32c151.tmp
2017-10-06 08:54 - 2017-10-07 13:04 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2cbd8d2abd1b6c66.tmp
2017-10-06 08:54 - 2017-10-07 13:03 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3a0e4a20250f6556.tmp
2017-10-06 08:54 - 2017-10-07 13:03 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw27ec1a68ed57a68a.tmp
2017-10-06 08:54 - 2017-10-07 13:03 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswc7614104a1247773.tmp
2017-10-06 08:54 - 2017-10-07 13:03 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswca694688c1cdbfcb.tmp
2017-10-06 08:54 - 2017-10-07 13:03 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswa739669d196a5270.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4cad10ecdc9dc205.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw22f1f829ac0dd757.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw544a5e987cd29e7a.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw21733ed32f36d873.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8b82ece814634f19.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw49cba6faeefa45a5.tmp
2017-10-06 08:54 - 2017-10-06 08:53 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw a0c5247b92e4399.tmp
2017-10-06 08:54 - 2017-10-06 08:51 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf9facb23c8224322.tmp
2017-10-06 08:54 - 2017-10-06 08:51 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw5fd74c488698bda7.tmp
2017-10-06 08:54 - 2017-10-06 08:51 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswab3f0f80b4f69301.tmp
2017-10-06 08:54 - 2017-10-06 08:51 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswa6ec39fe41450f20.tmp
2017-10-06 08:54 - 2017-10-06 08:51 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw592f5963a79c9806.tmp
2017-09-10 06:56 - 2017-09-10 06:56 - 000000000 ____D C:\Users\adriane miles\Downloads\EMBCSYwckdgmsomni
2017-10-08 08:58 - 2017-08-13 06:01 - 000000000 ____D C:\Users\adriane miles\AppData\Local\ntuserlitelist
C:\Users\adriane miles\AppData\Local\ntuserlitelist\vmatmuz\vmatmuz.exe
C:\ProgramData\uninstall1458702.exe
2017-08-13 05:53 - 2017-08-13 05:53 - 029097540 _____ (AppTrailers) C:\Users\adriane miles\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-10-06 07:15 - 2017-10-06 07:15 - 000592768 _____ (Sysinternals - www.sysinternals.com) C:\Users\adriane miles\AppData\Local\Temp\IVTSSU.exe
2017-09-05 16:10 - 2015-09-29 11:13 - 001131040 _____ (CANON INC.) C:\Users\adriane miles\AppData\Local\Temp\MSETUP4.EXE
2017-10-06 07:11 - 2017-10-06 07:11 - 000351104 _____ (Sysinternals - www.sysinternals.com) C:\Users\adriane miles\AppData\Local\Temp\PS.exe
2017-08-13 05:53 - 2017-08-13 05:53 - 002199040 _____ () C:\Users\adriane miles\AppData\Local\Temp\setup.exe
2017-10-06 07:12 - 2017-10-06 07:12 - 000412544 _____ (Sysinternals - www.sysinternals.com) C:\Users\adriane miles\AppData\Local\Temp\WPGIARG.exe
2017-09-13 04:21 - 2017-09-13 04:21 - 037285168 _____ (Lamantine Software                                          ) C:\Users\adriane miles\AppData\Local\Temp\~2FC9.tmp.exe
2017-09-04 05:06 - 2017-09-04 05:06 - 037285168 _____ (Lamantine Software                                          ) C:\Users\adriane miles\AppData\Local\Temp\~FE8E.tmp.exe
C:\WINDOWS\system32\drivers\msidntfs.sys
C:\WINDOWS\system32\drivers\vmrenijv.sys
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
Task: {C62E660C-65F9-4E3E-B529-0AE375B23A91} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
2017-08-13 05:53 - 2017-08-13 05:53 - 002793472 ____N () C:\WINDOWS\SYSTEM32\MSBOYIB.EXE
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\StartupApproved\Run: => "Bomgar Support Reconnect [59C8E45A]"
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\StartupApproved\Run: => "Bomgar Support Reconnect [59C8F141]"
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\StartupApproved\Run: => "Bomgar_Cleanup_ZD33032819610"
HKU\S-1-5-21-3812737795-3334972217-2985048740-1001\...\StartupApproved\Run: => "Bomgar_Cleanup_ZD15339026003"
C:\WINDOWS\System32\Drivers\vmrenijv.sys
C:\Users\adriane miles\AppData\Local\ntuserlitelist
C:\Program Files (x86)\AMAZON\AMAZON1BUTTONAPP
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AMAZONAPPIE.APPGATEWAY" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3812737795-3334972217-2985048740-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}" /f

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[Adriane 0]

Fixlog.txt

[Adriane 0]

problem is still happening. this did not fix it.

[Kevin Zoll 308]

Download and run MBAR according to this post: https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

[Kevin Zoll 308]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.