Fries Posted March 13, 2017 ID:1108251 Share Posted March 13, 2017 Hi, as of yesterday I've noticed a bunch of unknown processes related to something called winvmx client. Whatever this virus is is preventing me from running malwarebytes, and appears to be interfering with chrome. Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2017 ID:1108259 Share Posted March 13, 2017 Hello Fries and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Continue and see if the following will run... 1.Download Malwarebytes Anti-Rootkit from this link:http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop) 3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process. 12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:System - logMbar - log Date and time of scan will also be shown Thanks, Kevin... Link to post Share on other sites More sharing options...
Fries Posted March 13, 2017 Author ID:1108265 Share Posted March 13, 2017 Alright that appeared to have worked, thanks --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17126559744, free: 12442587136 Downloaded database version: v2017.03.13.05 Downloaded database version: v2017.03.11.01 Downloaded database version: v2017.03.05.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/13/2017 13:33:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorTcgDrv.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\drmkpro64.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\drivers\XtuAcpiDriver.sys \SystemRoot\System32\drivers\ISCTD.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\rzendpt.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\rzudd.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\drivers\mmcss.sys \??\C:\WINDOWS\system32\drivers\rzpnk.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\tunnel.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.13.05 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffa20e67463060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffa20e6734aae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffa20e67463060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffa20e67350c60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\ DevicePointer: 0xffffa20e65fd02b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffa20e65fd8330, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffa20e65fcd060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys will be destroyed Infected: C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys --> [Rootkit.Agent.PUA] Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1375338322 GPT Header CurrentLba = 1 BackupLba 1000215215 GPT Header FirstUsableLba 34 LastUsableLba 1000215182 GPT Header Guid 71318115-38bb-4d04-8570-4dae5458821 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1375338322 Backup GPT header CurrentLba = 1000215215 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1000215182 Backup GPT header Guid 71318115-38bb-4d04-8570-4dae5458821 Backup GPT header Contains 128 partition entries starting at LBA 1000215183 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 6b6138d0-7dd8-4fe6-b79e-675e32a977f9 FirstLBA 2048 Last LBA 616447 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID d3dac4b6-d5a-4741-b8b9-ca2e7f167e1f FirstLBA 616448 Last LBA 819199 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 4b076f78-ffd2-4376-9745-30c3a539606d FirstLBA 819200 Last LBA 1081343 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1ffbb4e9-d2aa-4bcc-b092-537fd2c70e5 FirstLBA 1081344 Last LBA 999292927 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 3ed7bc0e-530a-4fbf-9618-a9dad89c302a FirstLBA 999292928 Last LBA 1000214527 Attributes 1 Partition Name Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffa20e69dfa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffa20e67968ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffa20e69dfa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffa20e69dfd060, DeviceName: \Device\0000004e\, DriverName: \Driver\UASPStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 9AB91353 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2080044892 GPT Header CurrentLba = 1 BackupLba 9767541166 GPT Header FirstUsableLba 34 LastUsableLba 9767541133 GPT Header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2080044892 Backup GPT header CurrentLba = 1 BackupLba 9767541166 Backup GPT header FirstUsableLba 34 LastUsableLba 9767541133 Backup GPT header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee Backup GPT header Contains 128 partition entries starting at LBA 2 Backup GPT header Partition entry size = 128 GPT header and Backup GPT header have conflicting data Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID ae9b1fd4-e513-42b5-a498-1421a9ca465 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 962da401-99c0-40d5-a8d6-2be6bbc6bfbe FirstLBA 264192 Last LBA 9767540735 Attributes 0 Partition Name Basic data partition Disk Size: 5000981077504 bytes Sector size: 512 bytes Done! Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Adware.Yelloader] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx --> [Adware.Yelloader] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELETED --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc --> [Adware.Yelloader] Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe --> [Adware.Yelloader] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe --> [Adware.Yelloader] Infected: C:\Windows\syswow64\splsrv.exe --> [Trojan.Clicker] Infected: C:\Windows\syswow64\splsrv.exe --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup --> [Adware.Yelloader] Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader] Infected: C:\Program Files (x86)\qdcomsvc\znhrsm.exe --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\1489368841\s5-20150702.exe --> [Adware.Yelloader] Infected: C:\Users\Joshua\AppData\Local\Temp\883369343\ic-0.ab646c29d6f1d8.exe --> [Adware.OptimizerEliteMax] File "C:\Users\Joshua\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.83" is compressed (flags = 1) Infected: C:\Program Files (x86)\svcvmx\icudtl.dat --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef_100_percent.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef_200_percent.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\cef_extensions.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\debug.log --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\natives_blob.bin --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\snapshot_blob.bin --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\svcvmx.log --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\widevinecdm.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\locales --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\locales\en-US.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker.E.Generic] Infected: C:\Program Files (x86)\dataup\dataup.ini --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker] Infected: C:\Program Files (x86)\dataup\NTSVC.ocx --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker] Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.zip --> [Trojan.Clicker] Infected: C:\Users\Joshua\AppData\Local\Temp\20170313 --> [Trojan.Clicker] Infected: C:\Users\Joshua\AppData\Local\Temp\dataup.zip --> [Trojan.Clicker] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker] Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.14393 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17126559744, free: 14406144000 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17126559744, free: 15476375552 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/13/2017 13:48:03 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorTcgDrv.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\athw8x.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\drivers\XtuAcpiDriver.sys \SystemRoot\System32\drivers\ISCTD.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\rzendpt.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\rzudd.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys \??\C:\WINDOWS\system32\drivers\rzpnk.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\tunnel.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.13.05 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff9c8ab264a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9c8ab25e6ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9c8ab264a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffff9c8ab25ecc60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\ DevicePointer: 0xffff9c8ab24430e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9c8ab24279e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9c8ab243d060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1375338322 GPT Header CurrentLba = 1 BackupLba 1000215215 GPT Header FirstUsableLba 34 LastUsableLba 1000215182 GPT Header Guid 71318115-38bb-4d04-8570-4dae5458821 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1375338322 Backup GPT header CurrentLba = 1000215215 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1000215182 Backup GPT header Guid 71318115-38bb-4d04-8570-4dae5458821 Backup GPT header Contains 128 partition entries starting at LBA 1000215183 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 6b6138d0-7dd8-4fe6-b79e-675e32a977f9 FirstLBA 2048 Last LBA 616447 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID d3dac4b6-d5a-4741-b8b9-ca2e7f167e1f FirstLBA 616448 Last LBA 819199 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 4b076f78-ffd2-4376-9745-30c3a539606d FirstLBA 819200 Last LBA 1081343 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1ffbb4e9-d2aa-4bcc-b092-537fd2c70e5 FirstLBA 1081344 Last LBA 999292927 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 3ed7bc0e-530a-4fbf-9618-a9dad89c302a FirstLBA 999292928 Last LBA 1000214527 Attributes 1 Partition Name Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff9c8ab3346060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9c8ab334a040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9c8ab3346060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffff9c8ab3349060, DeviceName: \Device\00000049\, DriverName: \Driver\UASPStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 9AB91353 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2080044892 GPT Header CurrentLba = 1 BackupLba 9767541166 GPT Header FirstUsableLba 34 LastUsableLba 9767541133 GPT Header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2080044892 Backup GPT header CurrentLba = 1 BackupLba 9767541166 Backup GPT header FirstUsableLba 34 LastUsableLba 9767541133 Backup GPT header Guid fb6a6023-4391-4c9b-aa54-cedd48135fee Backup GPT header Contains 128 partition entries starting at LBA 2 Backup GPT header Partition entry size = 128 GPT header and Backup GPT header have conflicting data Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID ae9b1fd4-e513-42b5-a498-1421a9ca465 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 962da401-99c0-40d5-a8d6-2be6bbc6bfbe FirstLBA 264192 Last LBA 9767540735 Attributes 0 Partition Name Basic data partition Disk Size: 5000981077504 bytes Sector size: 512 bytes Done! File "C:\Users\Joshua\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-FF2C85BC0DF323F2F15809CE003C5628EE36F6A6.bin.83" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.13.05 rootkit: v2017.03.11.01 Windows 10 x64 NTFS Internet Explorer 11.576.14393.0 Joshua :: JOSH [administrator] 3/13/2017 1:33:35 PM mbar-log-2017-03-13 (13-33-35).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 296173 Time elapsed: 12 minute(s), 47 second(s) Memory Processes Detected: 8 C:\Program Files (x86)\svcvmx\svcvmx.exe (Adware.Yelloader) -> 8496 -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 8896 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 8992 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> 12872 -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Adware.Yelloader) -> 9328 -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0] C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe (Adware.Yelloader) -> 1788 -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070] C:\Windows\syswow64\splsrv.exe (Trojan.Clicker) -> 4676 -> Delete on reboot. [c0c93495cbdd40f6beef94e9976a5aa6] C:\Program Files (x86)\dataup\dataup.exe (Adware.Yelloader) -> 2916 -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759] Memory Modules Detected: 12 C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libEGL.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libGLESv2.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\pepflashplayer.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] Registry Keys Detected: 10 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc (Adware.Yelloader) -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Adware.Yelloader) -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759] HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [cfba5e6b8820082e77318638fd041ce4] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [47425a6f1b8d989eb3ed3943b150a060] Registry Values Detected: 4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Adware.Yelloader) -> Data: "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELETED (Adware.Yelloader) -> Data: "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Program Files (x86)\dataup\dataup.exe -> Delete on reboot. [4d3cd7f2aff9d660d9c63944bf42857b] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe -> Delete on reboot. [f990cffa5a4e1e189d05de9edd24e31d] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Program Files (x86)\svcvmx (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\locales (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\dataup (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Users\Joshua\AppData\Local\Temp\20170313 (Trojan.Clicker) -> Delete on reboot. [4d3c3f8a48605cdacad97efe966b6898] Files Detected: 34 C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [0df30f4cc1301a76861c666de45434a1] C:\Program Files (x86)\svcvmx\svcvmx.exe (Adware.Yelloader) -> Delete on reboot. [b9d0a4257632999d7c4115669f62bc44] C:\Program Files (x86)\svcvmx\vmxclient.exe (Adware.Yelloader) -> Delete on reboot. [6b1e7c4d4f5949ed2147f7801de4dd23] C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [d6b34386b3f5e0567272e59146bb50b0] C:\Users\Joshua\AppData\Local\Temp\20170313\ct.exe (Adware.Yelloader) -> Delete on reboot. [7e0b9f2a1692bf77527b19622ed39070] C:\Windows\syswow64\splsrv.exe (Trojan.Clicker) -> Delete on reboot. [c0c93495cbdd40f6beef94e9976a5aa6] C:\Program Files (x86)\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [088189401e8a84b2481bb0c7c839a759] C:\Program Files (x86)\qdcomsvc\znhrsm.exe (Adware.Yelloader) -> Delete on reboot. [7f0a9138f4b473c3d50fbabc6d94fd03] C:\Users\Joshua\AppData\Local\Temp\1489368841\s5-20150702.exe (Adware.Yelloader) -> Delete on reboot. [3f4a1dac2a7eb581184a87f0f20fca36] C:\Users\Joshua\AppData\Local\Temp\883369343\ic-0.ab646c29d6f1d8.exe (Adware.OptimizerEliteMax) -> Delete on reboot. [d5b4e0e9149490a6afb0f02153ad0bf5] C:\Program Files (x86)\svcvmx\icudtl.dat (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef_100_percent.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef_200_percent.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\cef_extensions.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\dbghelp.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\debug.log (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libcef.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libEGL.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\libGLESv2.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\natives_blob.bin (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\pepflashplayer.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\snapshot_blob.bin (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\svcvmx.log (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\widevinecdm.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\locales\en-US.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\svcvmx\locales\zh-CN.pak (Trojan.Clicker.E.Generic) -> Delete on reboot. [4742c108d1d7e254c9b9f958e21e5da3] C:\Program Files (x86)\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Program Files (x86)\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Program Files (x86)\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [8405b4154e5a9d99851cfd7fb24ff10f] C:\Users\Joshua\AppData\Local\Temp\20170313\ct.zip (Trojan.Clicker) -> Delete on reboot. [4d3c3f8a48605cdacad97efe966b6898] C:\Users\Joshua\AppData\Local\Temp\dataup.zip (Trojan.Clicker) -> Delete on reboot. [aadfad1c327653e3c03fceae7c85ab55] Physical Sectors Detected: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2017 ID:1108266 Share Posted March 13, 2017 Excellent, continue with the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en 64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs, also tell me if you have any remaining issues or concerns... Thank you, Kevin... Link to post Share on other sites More sharing options...
Fries Posted March 13, 2017 Author ID:1108268 Share Posted March 13, 2017 Okay everything seems to be working well now Here are the logs: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/13/2017 Scan Time: 2:16 PM Logfile: scanlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.03.13.05 Rootkit Database: v2017.03.11.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Joshua Scan Type: Threat Scan Result: Completed Objects Scanned: 295794 Time Elapsed: 5 min, 26 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v6.044 - Logfile created 13/03/2017 at 14:24:49 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-13.1 [Local] # Operating System : Windows 10 Pro (X64) # Username : Joshua - JOSH # Running from : C:\Users\Joshua\Downloads\adwcleaner_6.044.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Joshua\AppData\Local\llssoft [-] Folder deleted: C:\Program Files (x86)\regtool [-] Folder deleted: C:\Program Files (x86)\qdcomsvc ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx] ***** [ Web browsers ] ***** [-] [C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3331458&octid=EB_ORIGINAL_CTID&ISID=M00C95131-55E8-4C94-8733-8135D877745E&SearchSource=55&CUI=&UM=6&UP=SPD6CA878D-C9E3-43FE-AD9A-A3C67B83079A&SSPV= ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3493 Bytes] - [12/03/2017 22:35:43] C:\AdwCleaner\AdwCleaner[C2].txt - [2212 Bytes] - [12/03/2017 22:40:25] C:\AdwCleaner\AdwCleaner[C3].txt - [2559 Bytes] - [13/03/2017 13:04:04] C:\AdwCleaner\AdwCleaner[C4].txt - [1703 Bytes] - [13/03/2017 14:24:49] C:\AdwCleaner\AdwCleaner[S0].txt - [2984 Bytes] - [12/03/2017 22:31:17] C:\AdwCleaner\AdwCleaner[S1].txt - [3174 Bytes] - [12/03/2017 22:34:24] C:\AdwCleaner\AdwCleaner[S2].txt - [2063 Bytes] - [12/03/2017 22:39:43] C:\AdwCleaner\AdwCleaner[S3].txt - [2390 Bytes] - [13/03/2017 13:03:20] C:\AdwCleaner\AdwCleaner[S4].txt - [2191 Bytes] - [13/03/2017 14:24:39] ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2141 Bytes] ########## Microsoft Windows Malicious Software Removal Tool v5.45, February 2017 (build 5.45.13501.0) Started On Mon Mar 13 14:26:48 2017 Engine: 1.1.13407.0 Signatures: 1.235.1858.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 13 14:27:56 2017 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2017 ID:1108271 Share Posted March 13, 2017 Yes MBAR was very successful, continue with the following to clean up: Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Fries Posted March 13, 2017 Author ID:1108274 Share Posted March 13, 2017 Thanks! Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2017 ID:1108276 Share Posted March 13, 2017 You`re very welcome, comeback anytime.... Regards, Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 15, 2017 Root Admin ID:1108943 Share Posted March 15, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts