Jump to content

Recommended Posts

Hello Fries and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...


Continue and see if the following will run...

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

user posted image

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

user posted image

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

user posted image

7. The following image opens, select Update

user posted image

8. When the update completes select Next.

user posted image

9. In the following window ensure "Targets" are ticked. Then select "Scan"

user posted image

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

user posted image

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:

user posted image

13. Verify that your system is now running normally, making sure that the following items are functional:
 
  • Internet access
  • Windows Update
  • Windows Firewall


14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...
Link to post
Share on other sites

Alright that appeared to have worked, thanks

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 4.000000 GHz
Memory total: 17126559744, free: 12442587136

Downloaded database version: v2017.03.13.05
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.05.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/13/2017 13:33:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\drmkpro64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\XtuAcpiDriver.sys
\SystemRoot\System32\drivers\ISCTD.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mmcss.sys
\??\C:\WINDOWS\system32\drivers\rzpnk.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.13.05
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa20e67463060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa20e6734aae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa20e67463060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffa20e67350c60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffa20e65fd02b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa20e65fd8330, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa20e65fcd060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1375338322
    GPT Header CurrentLba = 1 BackupLba 1000215215
    GPT Header FirstUsableLba 34  LastUsableLba 1000215182
    GPT Header Guid 71318115-38bb-4d04-8570-4dae5458821
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1375338322
    Backup GPT header CurrentLba = 1000215215 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1000215182
    Backup GPT header Guid 71318115-38bb-4d04-8570-4dae5458821
    Backup GPT header Contains 128 partition entries starting at LBA 1000215183
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 6b6138d0-7dd8-4fe6-b79e-675e32a977f9
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID d3dac4b6-d5a-4741-b8b9-ca2e7f167e1f
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 4b076f78-ffd2-4376-9745-30c3a539606d
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 1ffbb4e9-d2aa-4bcc-b092-537fd2c70e5
    FirstLBA 1081344  Last LBA 999292927
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3ed7bc0e-530a-4fbf-9618-a9dad89c302a
    FirstLBA 999292928  Last LBA 1000214527
    Attributes 1
    Partition Name                                     

Disk Size: 512110190592 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffa20e69dfa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa20e67968ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa20e69dfa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffa20e69dfd060, DeviceName: \Device\0000004e\, DriverName: \Driver\UASPStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 9AB91353

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2080044892
    GPT Header CurrentLba = 1 BackupLba 9767541166
    GPT Header FirstUsableLba 34  LastUsableLba 9767541133
    GPT Header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2080044892
    Backup GPT header CurrentLba = 1 BackupLba 9767541166
    Backup GPT header FirstUsableLba 34  LastUsableLba 9767541133
    Backup GPT header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee
    Backup GPT header Contains 128 partition entries starting at LBA 2
    Backup GPT header Partition entry size = 128

    GPT header and Backup GPT header have conflicting data

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ae9b1fd4-e513-42b5-a498-1421a9ca465
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 962da401-99c0-40d5-a8d6-2be6bbc6bfbe
    FirstLBA 264192  Last LBA 9767540735
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 5000981077504 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Adware.Yelloader]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx --> [Adware.Yelloader]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELETED --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader]
Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice --> [Adware.Yelloader]
Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe --> [Adware.Yelloader]
Infected: C:\Windows\syswow64\splsrv.exe --> [Trojan.Clicker]
Infected: C:\Windows\syswow64\splsrv.exe --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\qdcomsvc\znhrsm.exe --> [Adware.Yelloader]
Infected: C:\Users\Joshua\AppData\Local\Temp\1489368841\s5-20150702.exe --> [Adware.Yelloader]
Infected: C:\Users\Joshua\AppData\Local\Temp\883369343\ic-0.ab646c29d6f1d8.exe --> [Adware.OptimizerEliteMax]
File "C:\Users\Joshua\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.83" is compressed (flags = 1)
Infected: C:\Program Files (x86)\svcvmx\icudtl.dat --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef_100_percent.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef_200_percent.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef_extensions.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\debug.log --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\natives_blob.bin --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\snapshot_blob.bin --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\svcvmx.log --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\widevinecdm.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\en-US.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\dataup\dataup.ini --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\NTSVC.ocx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.zip --> [Trojan.Clicker]
Infected: C:\Users\Joshua\AppData\Local\Temp\20170313 --> [Trojan.Clicker]
Infected: C:\Users\Joshua\AppData\Local\Temp\dataup.zip --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.14393 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 4.000000 GHz
Memory total: 17126559744, free: 14406144000

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 4.000000 GHz
Memory total: 17126559744, free: 15476375552

=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/13/2017 13:48:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\XtuAcpiDriver.sys
\SystemRoot\System32\drivers\ISCTD.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
\??\C:\WINDOWS\system32\drivers\rzpnk.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.13.05
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9c8ab264a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9c8ab25e6ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9c8ab264a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9c8ab25ecc60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffff9c8ab24430e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9c8ab24279e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9c8ab243d060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1375338322
    GPT Header CurrentLba = 1 BackupLba 1000215215
    GPT Header FirstUsableLba 34  LastUsableLba 1000215182
    GPT Header Guid 71318115-38bb-4d04-8570-4dae5458821
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1375338322
    Backup GPT header CurrentLba = 1000215215 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1000215182
    Backup GPT header Guid 71318115-38bb-4d04-8570-4dae5458821
    Backup GPT header Contains 128 partition entries starting at LBA 1000215183
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 6b6138d0-7dd8-4fe6-b79e-675e32a977f9
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID d3dac4b6-d5a-4741-b8b9-ca2e7f167e1f
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 4b076f78-ffd2-4376-9745-30c3a539606d
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 1ffbb4e9-d2aa-4bcc-b092-537fd2c70e5
    FirstLBA 1081344  Last LBA 999292927
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3ed7bc0e-530a-4fbf-9618-a9dad89c302a
    FirstLBA 999292928  Last LBA 1000214527
    Attributes 1
    Partition Name                                     

Disk Size: 512110190592 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff9c8ab3346060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9c8ab334a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9c8ab3346060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff9c8ab3349060, DeviceName: \Device\00000049\, DriverName: \Driver\UASPStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 9AB91353

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2080044892
    GPT Header CurrentLba = 1 BackupLba 9767541166
    GPT Header FirstUsableLba 34  LastUsableLba 9767541133
    GPT Header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2080044892
    Backup GPT header CurrentLba = 1 BackupLba 9767541166
    Backup GPT header FirstUsableLba 34  LastUsableLba 9767541133
    Backup GPT header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee
    Backup GPT header Contains 128 partition entries starting at LBA 2
    Backup GPT header Partition entry size = 128

    GPT header and Backup GPT header have conflicting data

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ae9b1fd4-e513-42b5-a498-1421a9ca465
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 962da401-99c0-40d5-a8d6-2be6bbc6bfbe
    FirstLBA 264192  Last LBA 9767540735
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 5000981077504 bytes
Sector size: 512 bytes

Done!
File "C:\Users\Joshua\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.13.05
  rootkit: v2017.03.11.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Joshua :: JOSH [administrator]

3/13/2017 1:33:35 PM
mbar-log-2017-03-13 (13-33-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 296173
Time elapsed: 12 minute(s), 47 second(s)

Memory Processes Detected: 8
C:\Program Files (x86)\svcvmx\svcvmx.exe (Adware.Yelloader) -> 8496 -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44]
C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 8896 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23]
C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 8992 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23]
C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 12872 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23]
C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Adware.Yelloader) -> 9328 -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0]
C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe (Adware.Yelloader) -> 1788 -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070]
C:\Windows\syswow64\splsrv.exe (Trojan.Clicker) -> 4676 -> Delete on reboot. [c0c93495cbdd40f6beef94e9976a5aa6]
C:\Program Files (x86)\dataup\dataup.exe (Adware.Yelloader) -> 2916 -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759]

Memory Modules Detected: 12
C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libEGL.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libGLESv2.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\pepflashplayer.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]

Registry Keys Detected: 10
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc (Adware.Yelloader) -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Adware.Yelloader) -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [cfba5e6b8820082e77318638fd041ce4]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [47425a6f1b8d989eb3ed3943b150a060]

Registry Values Detected: 4
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Adware.Yelloader) -> Data: "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELETED (Adware.Yelloader) -> Data: "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Program Files (x86)\dataup\dataup.exe -> Delete on reboot. [4d3cd7f2aff9d660d9c63944bf42857b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe -> Delete on reboot. [f990cffa5a4e1e189d05de9edd24e31d]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\svcvmx (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\locales (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\dataup (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
C:\Users\Joshua\AppData\Local\Temp\20170313 (Trojan.Clicker) -> Delete on reboot. [4d3c3f8a48605cdacad97efe966b6898]

Files Detected: 34
C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [0df30f4cc1301a76861c666de45434a1]
C:\Program Files (x86)\svcvmx\svcvmx.exe (Adware.Yelloader) -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44]
C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23]
C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0]
C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe (Adware.Yelloader) -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070]
C:\Windows\syswow64\splsrv.exe (Trojan.Clicker) -> Delete on reboot. [c0c93495cbdd40f6beef94e9976a5aa6]
C:\Program Files (x86)\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759]
C:\Program Files (x86)\qdcomsvc\znhrsm.exe (Adware.Yelloader) -> Delete on reboot. [7f0a9138f4b473c3d50fbabc6d94fd03]
C:\Users\Joshua\AppData\Local\Temp\1489368841\s5-20150702.exe (Adware.Yelloader) -> Delete on reboot. [3f4a1dac2a7eb581184a87f0f20fca36]
C:\Users\Joshua\AppData\Local\Temp\883369343\ic-0.ab646c29d6f1d8.exe (Adware.OptimizerEliteMax) -> Delete on reboot. [d5b4e0e9149490a6afb0f02153ad0bf5]
C:\Program Files (x86)\svcvmx\icudtl.dat (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\cef.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\cef_100_percent.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\cef_200_percent.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\cef_extensions.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\debug.log (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libEGL.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\libGLESv2.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\natives_blob.bin (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\pepflashplayer.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\snapshot_blob.bin (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\svcvmx.log (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\widevinecdm.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\locales\en-US.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\svcvmx\locales\zh-CN.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3]
C:\Program Files (x86)\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
C:\Program Files (x86)\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
C:\Program Files (x86)\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f]
C:\Users\Joshua\AppData\Local\Temp\20170313\ct.zip (Trojan.Clicker) -> Delete on reboot. [4d3c3f8a48605cdacad97efe966b6898]
C:\Users\Joshua\AppData\Local\Temp\dataup.zip (Trojan.Clicker) -> Delete on reboot. [aadfad1c327653e3c03fceae7c85ab55]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Excellent, continue with the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs, also tell me if you have any remaining issues or concerns...

Thank you,

Kevin...
Link to post
Share on other sites

Okay everything seems to be working well now

Here are the logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/13/2017
Scan Time: 2:16 PM
Logfile: scanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.13.05
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Joshua

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295794
Time Elapsed: 5 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v6.044 - Logfile created 13/03/2017 at 14:24:49
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-13.1 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : Joshua - JOSH
# Running from : C:\Users\Joshua\Downloads\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Joshua\AppData\Local\llssoft
[-] Folder deleted: C:\Program Files (x86)\regtool
[-] Folder deleted: C:\Program Files (x86)\qdcomsvc


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx]


***** [ Web browsers ] *****

[-] [C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3331458&octid=EB_ORIGINAL_CTID&ISID=M00C95131-55E8-4C94-8733-8135D877745E&SearchSource=55&CUI=&UM=6&UP=SPD6CA878D-C9E3-43FE-AD9A-A3C67B83079A&SSPV=


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3493 Bytes] - [12/03/2017 22:35:43]
C:\AdwCleaner\AdwCleaner[C2].txt - [2212 Bytes] - [12/03/2017 22:40:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [2559 Bytes] - [13/03/2017 13:04:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [1703 Bytes] - [13/03/2017 14:24:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [2984 Bytes] - [12/03/2017 22:31:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [3174 Bytes] - [12/03/2017 22:34:24]
C:\AdwCleaner\AdwCleaner[S2].txt - [2063 Bytes] - [12/03/2017 22:39:43]
C:\AdwCleaner\AdwCleaner[S3].txt - [2390 Bytes] - [13/03/2017 13:03:20]
C:\AdwCleaner\AdwCleaner[S4].txt - [2191 Bytes] - [13/03/2017 14:24:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2141 Bytes] ##########
 

Microsoft Windows Malicious Software Removal Tool v5.45, February 2017 (build 5.45.13501.0)
Started On Mon Mar 13 14:26:48 2017

Engine: 1.1.13407.0
Signatures: 1.235.1858.0
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 13 14:27:56 2017


Return code: 0 (0x0)

 

 

Link to post
Share on other sites

Yes MBAR was very successful, continue with the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.