Fries

Members

View Profile See their activity

Posts
4
Joined
March 13, 2017
Last visited
March 13, 2017

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Fries

Winvmx/svcmx

Fries replied to Fries's topic in Resolved Malware Removal Logs

Thanks!
- March 13, 2017
- 8 replies
Winvmx/svcmx

Fries replied to Fries's topic in Resolved Malware Removal Logs

Okay everything seems to be working well now Here are the logs: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/13/2017 Scan Time: 2:16 PM Logfile: scanlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.03.13.05 Rootkit Database: v2017.03.11.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Joshua Scan Type: Threat Scan Result: Completed Objects Scanned: 295794 Time Elapsed: 5 min, 26 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v6.044 - Logfile created 13/03/2017 at 14:24:49 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-13.1 [Local] # Operating System : Windows 10 Pro (X64) # Username : Joshua - JOSH # Running from : C:\Users\Joshua\Downloads\adwcleaner_6.044.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Joshua\AppData\Local\llssoft [-] Folder deleted: C:\Program Files (x86)\regtool [-] Folder deleted: C:\Program Files (x86)\qdcomsvc ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx] ***** [ Web browsers ] ***** [-] [C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3331458&octid=EB_ORIGINAL_CTID&ISID=M00C95131-55E8-4C94-8733-8135D877745E&SearchSource=55&CUI=&UM=6&UP=SPD6CA878D-C9E3-43FE-AD9A-A3C67B83079A&SSPV= ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3493 Bytes] - [12/03/2017 22:35:43] C:\AdwCleaner\AdwCleaner[C2].txt - [2212 Bytes] - [12/03/2017 22:40:25] C:\AdwCleaner\AdwCleaner[C3].txt - [2559 Bytes] - [13/03/2017 13:04:04] C:\AdwCleaner\AdwCleaner[C4].txt - [1703 Bytes] - [13/03/2017 14:24:49] C:\AdwCleaner\AdwCleaner[S0].txt - [2984 Bytes] - [12/03/2017 22:31:17] C:\AdwCleaner\AdwCleaner[S1].txt - [3174 Bytes] - [12/03/2017 22:34:24] C:\AdwCleaner\AdwCleaner[S2].txt - [2063 Bytes] - [12/03/2017 22:39:43] C:\AdwCleaner\AdwCleaner[S3].txt - [2390 Bytes] - [13/03/2017 13:03:20] C:\AdwCleaner\AdwCleaner[S4].txt - [2191 Bytes] - [13/03/2017 14:24:39] ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2141 Bytes] ########## Microsoft Windows Malicious Software Removal Tool v5.45, February 2017 (build 5.45.13501.0) Started On Mon Mar 13 14:26:48 2017 Engine: 1.1.13407.0 Signatures: 1.235.1858.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 13 14:27:56 2017 Return code: 0 (0x0)
- March 13, 2017
- 8 replies
Winvmx/svcmx

Fries replied to Fries's topic in Resolved Malware Removal Logs

Alright that appeared to have worked, thanks --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17126559744, free: 12442587136 Downloaded database version: v2017.03.13.05 Downloaded database version: v2017.03.11.01 Downloaded database version: v2017.03.05.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/13/2017 13:33:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorTcgDrv.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\drmkpro64.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\drivers\XtuAcpiDriver.sys \SystemRoot\System32\drivers\ISCTD.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\rzendpt.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\rzudd.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\drivers\mmcss.sys \??\C:\WINDOWS\system32\drivers\rzpnk.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\tunnel.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.13.05 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffa20e67463060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffa20e6734aae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffa20e67463060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffa20e67350c60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\ DevicePointer: 0xffffa20e65fd02b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffa20e65fd8330, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffa20e65fcd060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys will be destroyed Infected: C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys --> [Rootkit.Agent.PUA] Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1375338322 GPT Header CurrentLba = 1 BackupLba 1000215215 GPT Header FirstUsableLba 34 LastUsableLba 1000215182 GPT Header Guid 71318115-38bb-4d04-8570-4dae5458821 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1375338322 Backup GPT header CurrentLba = 1000215215 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1000215182 Backup GPT header Guid 71318115-38bb-4d04-8570-4dae5458821 Backup GPT header Contains 128 partition entries starting at LBA 1000215183 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 6b6138d0-7dd8-4fe6-b79e-675e32a977f9 FirstLBA 2048 Last LBA 616447 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID d3dac4b6-d5a-4741-b8b9-ca2e7f167e1f FirstLBA 616448 Last LBA 819199 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 4b076f78-ffd2-4376-9745-30c3a539606d FirstLBA 819200 Last LBA 1081343 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1ffbb4e9-d2aa-4bcc-b092-537fd2c70e5 FirstLBA 1081344 Last LBA 999292927 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 3ed7bc0e-530a-4fbf-9618-a9dad89c302a FirstLBA 999292928 Last LBA 1000214527 Attributes 1 Partition Name Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffa20e69dfa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffa20e67968ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffa20e69dfa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffa20e69dfd060, DeviceName: \Device\0000004e\, DriverName: \Driver\UASPStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 9AB91353 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2080044892 GPT Header CurrentLba = 1 BackupLba 9767541166 GPT Header FirstUsableLba 34 LastUsableLba 9767541133 GPT Header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2080044892 Backup GPT header CurrentLba = 1 BackupLba 9767541166 Backup GPT header FirstUsableLba 34 LastUsableLba 9767541133 Backup GPT header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee Backup GPT header Contains 128 partition entries starting at LBA 2 Backup GPT header Partition entry size = 128 GPT header and Backup GPT header have conflicting data Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID ae9b1fd4-e513-42b5-a498-1421a9ca465 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 962da401-99c0-40d5-a8d6-2be6bbc6bfbe FirstLBA 264192 Last LBA 9767540735 Attributes 0 Partition Name Basic data partition Disk Size: 5000981077504 bytes Sector size: 512 bytes Done! Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Adware.Yelloader] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx --> [Adware.Yelloader] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELETED --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc --> [Adware.Yelloader] Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe --> [Adware.Yelloader] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe --> [Adware.Yelloader] Infected: C:\Windows\syswow64\splsrv.exe --> [Trojan.Clicker] Infected: C:\Windows\syswow64\splsrv.exe --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup --> [Adware.Yelloader] Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\qdcomsvc\znhrsm.exe --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\1489368841\s5-20150702.exe --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\883369343\ic-0.ab646c29d6f1d8.exe --> [Adware.OptimizerEliteMax] File "C:\Users\Joshua\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.83" is compressed (flags = 1) Infected: C:\Program Files (x86)\svcvmx\icudtl.dat --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef_100_percent.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef_200_percent.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef_extensions.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\debug.log --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\natives_blob.bin --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\snapshot_blob.bin --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\svcvmx.log --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\widevinecdm.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\locales --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\locales\en-US.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\dataup\dataup.ini --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\NTSVC.ocx --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.zip --> [Trojan.Clicker] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313 --> [Trojan.Clicker] Infected: C:\Users\Joshua\AppData\Local\Temp\dataup.zip --> [Trojan.Clicker] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker] Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.14393 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17126559744, free: 14406144000 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17126559744, free: 15476375552 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/13/2017 13:48:03 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorTcgDrv.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\athw8x.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\drivers\XtuAcpiDriver.sys \SystemRoot\System32\drivers\ISCTD.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\rzendpt.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\rzudd.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys \??\C:\WINDOWS\system32\drivers\rzpnk.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\tunnel.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.13.05 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff9c8ab264a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9c8ab25e6ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9c8ab264a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffff9c8ab25ecc60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\ DevicePointer: 0xffff9c8ab24430e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9c8ab24279e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9c8ab243d060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1375338322 GPT Header CurrentLba = 1 BackupLba 1000215215 GPT Header FirstUsableLba 34 LastUsableLba 1000215182 GPT Header Guid 71318115-38bb-4d04-8570-4dae5458821 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1375338322 Backup GPT header CurrentLba = 1000215215 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1000215182 Backup GPT header Guid 71318115-38bb-4d04-8570-4dae5458821 Backup GPT header Contains 128 partition entries starting at LBA 1000215183 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 6b6138d0-7dd8-4fe6-b79e-675e32a977f9 FirstLBA 2048 Last LBA 616447 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID d3dac4b6-d5a-4741-b8b9-ca2e7f167e1f FirstLBA 616448 Last LBA 819199 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 4b076f78-ffd2-4376-9745-30c3a539606d FirstLBA 819200 Last LBA 1081343 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1ffbb4e9-d2aa-4bcc-b092-537fd2c70e5 FirstLBA 1081344 Last LBA 999292927 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 3ed7bc0e-530a-4fbf-9618-a9dad89c302a FirstLBA 999292928 Last LBA 1000214527 Attributes 1 Partition Name Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff9c8ab3346060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9c8ab334a040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9c8ab3346060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffff9c8ab3349060, DeviceName: \Device\00000049\, DriverName: \Driver\UASPStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 9AB91353 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2080044892 GPT Header CurrentLba = 1 BackupLba 9767541166 GPT Header FirstUsableLba 34 LastUsableLba 9767541133 GPT Header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2080044892 Backup GPT header CurrentLba = 1 BackupLba 9767541166 Backup GPT header FirstUsableLba 34 LastUsableLba 9767541133 Backup GPT header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee Backup GPT header Contains 128 partition entries starting at LBA 2 Backup GPT header Partition entry size = 128 GPT header and Backup GPT header have conflicting data Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID ae9b1fd4-e513-42b5-a498-1421a9ca465 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 962da401-99c0-40d5-a8d6-2be6bbc6bfbe FirstLBA 264192 Last LBA 9767540735 Attributes 0 Partition Name Basic data partition Disk Size: 5000981077504 bytes Sector size: 512 bytes Done! File "C:\Users\Joshua\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.83" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.13.05 rootkit: v2017.03.11.01 Windows 10 x64 NTFS Internet Explorer 11.576.14393.0 Joshua :: JOSH [administrator] 3/13/2017 1:33:35 PM mbar-log-2017-03-13 (13-33-35).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 296173 Time elapsed: 12 minute(s), 47 second(s) Memory Processes Detected: 8 C:\Program Files (x86)\svcvmx\svcvmx.exe (Adware.Yelloader) -> 8496 -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 8896 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 8992 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 12872 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Adware.Yelloader) -> 9328 -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0] C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe (Adware.Yelloader) -> 1788 -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070] C:\Windows\syswow64\splsrv.exe (Trojan.Clicker) -> 4676 -> Delete on reboot. [c0c93495cbdd40f6beef94e9976a5aa6] C:\Program Files (x86)\dataup\dataup.exe (Adware.Yelloader) -> 2916 -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759] Memory Modules Detected: 12 C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libEGL.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libGLESv2.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\pepflashplayer.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] Registry Keys Detected: 10 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc (Adware.Yelloader) -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Adware.Yelloader) -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759] HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [cfba5e6b8820082e77318638fd041ce4] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [47425a6f1b8d989eb3ed3943b150a060] Registry Values Detected: 4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Adware.Yelloader) -> Data: "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELETED (Adware.Yelloader) -> Data: "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Program Files (x86)\dataup\dataup.exe -> Delete on reboot. [4d3cd7f2aff9d660d9c63944bf42857b] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe -> Delete on reboot. [f990cffa5a4e1e189d05de9edd24e31d] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Program Files (x86)\svcvmx (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\locales (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\dataup (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Users\Joshua\AppData\Local\Temp\20170313 (Trojan.Clicker) -> Delete on reboot. [4d3c3f8a48605cdacad97efe966b6898] Files Detected: 34 C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [0df30f4cc1301a76861c666de45434a1] C:\Program Files (x86)\svcvmx\svcvmx.exe (Adware.Yelloader) -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0] C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe (Adware.Yelloader) -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070] C:\Windows\syswow64\splsrv.exe (Trojan.Clicker) -> Delete on reboot. [c0c93495cbdd40f6beef94e9976a5aa6] C:\Program Files (x86)\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759] C:\Program Files (x86)\qdcomsvc\znhrsm.exe (Adware.Yelloader) -> Delete on reboot. [7f0a9138f4b473c3d50fbabc6d94fd03] C:\Users\Joshua\AppData\Local\Temp\1489368841\s5-20150702.exe (Adware.Yelloader) -> Delete on reboot. [3f4a1dac2a7eb581184a87f0f20fca36] C:\Users\Joshua\AppData\Local\Temp\883369343\ic-0.ab646c29d6f1d8.exe (Adware.OptimizerEliteMax) -> Delete on reboot. [d5b4e0e9149490a6afb0f02153ad0bf5] C:\Program Files (x86)\svcvmx\icudtl.dat (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef_100_percent.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef_200_percent.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef_extensions.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\debug.log (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libEGL.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libGLESv2.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\natives_blob.bin (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\pepflashplayer.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\snapshot_blob.bin (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\svcvmx.log (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\widevinecdm.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\locales\en-US.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\locales\zh-CN.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Program Files (x86)\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Program Files (x86)\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Users\Joshua\AppData\Local\Temp\20170313\ct.zip (Trojan.Clicker) -> Delete on reboot. [4d3c3f8a48605cdacad97efe966b6898] C:\Users\Joshua\AppData\Local\Temp\dataup.zip (Trojan.Clicker) -> Delete on reboot. [aadfad1c327653e3c03fceae7c85ab55] Physical Sectors Detected: 0 (No malicious items detected) (end)
- March 13, 2017
- 8 replies
Winvmx/svcmx

Fries posted a topic in Resolved Malware Removal Logs

Hi, as of yesterday I've noticed a bunch of unknown processes related to something called winvmx client. Whatever this virus is is preventing me from running malwarebytes, and appears to be interfering with chrome.
- March 13, 2017
- 8 replies

Sign In

Fries

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Fries

Winvmx/svcmx

Winvmx/svcmx

Winvmx/svcmx

Winvmx/svcmx

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information