Jump to content

requested resource message. Anti rootkit found nothing


Recommended Posts

I have been trying to diagnose a laptop that will not allow any antivirus, anti malware to run. the anti rootkit did load but only scanned for a few seconds and said "done".

so what is my next step??

rkill failed because of the resource in use message.

Any suggestions? I can do a lot of things with computer but do NOT consider myself extremely knowledgeable.

Link to post
Share on other sites

Hi nleeh:)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Once MBAR is done scanning, a log called "mbar-log-TODAY'S-DATE.txt" will be created in the MBAR folder. Please copy/paste its content here.

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org

Database version:
  main:    v2017.05.22.08
  rootkit: v2017.04.02.01

Windows 10 x64 NTFS
Internet Explorer 11.1066.14393.0
User :: DESKTOP-GTQB5EV [administrator]

5/22/2017 1:53:44 PM
mbar-log-2017-05-22 (13-53-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 336012
Time elapsed: 1 hour(s), 15 minute(s), 39 second(s)

Memory Processes Detected: 8
C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> 2400 -> Delete on reboot. [89a7d546d2d7ed49f8269a7a9968718f]
C:\Users\User\AppData\Local\ntuserlitelist\winscr\winscr.exe (Adware.Yelloader) -> 7952 -> Delete on reboot. [8ca405161d8c979f7da9110388792cd4]
C:\Users\User\AppData\Local\safhjsol\ct.exe (Trojan.Clicker.Generic) -> 4240 -> Delete on reboot. [bb759c7f5554e74f14152895966b9070]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> 7844 -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> 8040 -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> 8180 -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> 7240 -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> 7792 -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]

Memory Modules Detected: 12
C:\Users\User\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]

Registry Keys Detected: 9
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [89a7d546d2d7ed49f8269a7a9968718f]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Trojan.Clicker.Generic) -> Delete on reboot. [bb759c7f5554e74f14152895966b9070]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [85aba2793f6ae4527657291e6e93eb15]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [ed4371aad6d350e6cee7130412ef01ff]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]

Registry Values Detected: 3
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\User\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [a48c8398b5f4a2946711a41836cb758b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [89a78596dfca7abc3d2fa672a859f30d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\User\AppData\Local\safhjsol\ct.exe -> Delete on reboot. [d45c67b41f8a74c2362f813a0ff27c84]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 40
C:\Users\User\AppData\Local\llssoft\winvmx (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\dump (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]

Files Detected: 238
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [89a7d546d2d7ed49f8269a7a9968718f]
C:\Users\User\AppData\Local\ntuserlitelist\winscr\winscr.exe (Adware.Yelloader) -> Delete on reboot. [8ca405161d8c979f7da9110388792cd4]
C:\Users\User\AppData\Local\Temp\1494525522\s5m_install_325.exe (Trojan.Clicker) -> Delete on reboot. [fa3671aac4e5ea4c075b4a788e736c94]
C:\Users\User\AppData\Local\Temp\genius2.js (Adware.Genius) -> Delete on reboot. [9d930c0f03a66ec87d133a80b9489b65]
C:\Users\User\AppData\Local\safhjsol\ct.exe (Trojan.Clicker.Generic) -> Delete on reboot. [bb759c7f5554e74f14152895966b9070]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\Cookies (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [fc34dd3e713854e2d0739614b74943bd]
C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\regtool\regtool.exe (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]
C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [1d139a818b1e3afc82335259f70add23]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Awesome. Now you should be to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

Link to post
Share on other sites

I also ran AVG before I went to bed.

If I can figure out how to send that log do you want it too?

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.14393 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.1066.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.996000 GHz
Memory total: 3708825600, free: 1823707136

Downloaded database version: v2017.05.22.08
Downloaded database version: v2017.05.19.01
=======================================
Driver version: 0.3.0.4
------------ Kernel report ------------
     05/22/2017 13:53:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\ndistpr64.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\NDIS.SYS
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\avgVmm.sys
\SystemRoot\system32\drivers\avgRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\avgbuniva.sys
\SystemRoot\system32\drivers\avgbloga.sys
\SystemRoot\system32\drivers\avgbidsha.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\avgSP.sys
\SystemRoot\system32\drivers\avgSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\avgNetSec.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\avgbidsdrivera.sys
\SystemRoot\system32\drivers\avgbdiska.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\bcmwl63a.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\AmdAS4.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\avgMonFlt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\avgStm.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.05.22.08
  rootkit: v2017.04.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffc48515f22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffc48515f22ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffc48515f22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffc485139cd8d0, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xffffc485139cc060, DeviceName: \Device\0000002f\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 682E54C8

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3754721909
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid bf0aeab2-8cdc-4bfd-bdab-abe54385b092
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3754721909
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid bf0aeab2-8cdc-4bfd-bdab-abe54385b092
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 26fa4790-3df2-4302-803a-4aa3505c2ba5
    FirstLBA 2048  Last LBA 534527
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 3a3a525d-466c-4245-bcd2-cadc84496ff8
    FirstLBA 534528  Last LBA 796671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b55b8da6-d898-4525-8474-9dd12bfd4f52
    FirstLBA 796672  Last LBA 1421393062
    Attributes 0
    Partition Name                 Basic data partition

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 32ac32-ca72-4707-a5d6-b46b07dc6a
    FirstLBA 1421393920  Last LBA 1423103999
    Attributes 1
    Partition Name                                     

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a9c59502-87c5-4502-b42-dc6d7075168
    FirstLBA 1423104000  Last LBA 1465141247
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup --> [Adware.Yelloader]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe --> [Adware.Yelloader]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\winscr\winscr.exe --> [Adware.Yelloader]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\winscr\winscr.exe --> [Adware.Yelloader]
Infected: C:\Users\User\AppData\Local\Temp\1494525522\s5m_install_325.exe --> [Trojan.Clicker]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5A7DCA959804E1DEC5A26EBFB2C3073F934E573B.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5A7DCA959804E1DEC5A26EBFB2C3073F934E573B.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5A7DCA959804E1DEC5A26EBFB2C3073F934E573B.bin.83" is compressed (flags = 1)
Infected: C:\Users\User\AppData\Local\Temp\genius2.js --> [Adware.Genius]
Infected: C:\Users\User\AppData\Local\safhjsol\ct.exe --> [Trojan.Clicker.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice --> [Trojan.Clicker.Generic]
Infected: C:\Users\User\AppData\Local\safhjsol\ct.exe --> [Trojan.Clicker.Generic]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data604\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data605\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data611\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data612\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data621\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data632\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data641\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data653\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data654\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data662\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data663\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data664\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data670\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data679\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data683\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\data690\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\llssoft\winvmx\dump --> [Trojan.Clicker.D]
Infected: C:\Users\User\AppData\Local\ntuserlitelist --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.ini --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\regtool --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\regtool\regtool.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef.pak --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\debug.log --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\locales --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker]
Infected: C:\Users\User\AppData\Local\ntuserlitelist\winscr --> [Trojan.Clicker]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
=======================================

 

 

Link to post
Share on other sites

This was the MBAR log. The Malwarebytes log can be found under the "Reports" tab (left tab). Click on the most recent "Scan Report" to open it, then "Export", and "Copy to clipboard". Then paste it here.

Edited by Aura
Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/23/17
Scan Time: 2:38 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2000
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398807
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 48 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

this was yesterday. i dont see anything older

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/17
Scan Time: 10:34 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1999
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-GTQB5EV\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398834
Threats Detected: 12
Threats Quarantined: 12
Time Elapsed: 1 hr, 5 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [622], [389038],1.0.1999
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [622], [389038],1.0.1999

Registry Value: 1
Trojan.Clicker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SVCVMX, Quarantined, [26], [359915],1.0.1999

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.SwytShop, C:\USERS\USER\APPDATA\LOCAL\Programs\SS_FF, Quarantined, [3123], [375392],1.0.1999

File: 8
PUP.Optional.SwytShop, C:\Users\User\AppData\Local\Programs\SS_FF\SS_FF.xpi, Quarantined, [3123], [375392],1.0.1999
Trojan.Clicker, C:\WINDOWS\SYSTEM32\TPRDPW64.EXE, Quarantined, [26], [399773],1.0.1999
Trojan.Clicker, C:\USERS\USER\APPDATA\LOCAL\TEMP\1494525522\S5M_INSTALL_325.ZIP, Quarantined, [26], [387412],1.0.1999
PUP.Optional.WeatherBuddy, C:\USERS\USER\APPDATA\LOCAL\TEMP\WEATHERBUDDY.MSI, Quarantined, [1529], [383207],1.0.1999
PUP.Optional.WeatherBuddy, C:\WINDOWS\WEATHERBUDDY.INI, Quarantined, [1529], [388256],1.0.1999
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [548], [391431],1.0.1999
PUP.Optional.WeatherBuddy, C:\USERS\USER\APPDATA\LOCAL\TEMP\{AE415C13-7935-4681-B33B-36C4F47B35B7}\WEATHERBUDDY.MSI, Quarantined, [1529], [383207],1.0.1999
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence, Quarantined, [622], [391769],1.0.1999

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Alright, that was it.

Now, we'll do a sweep with JRT and AdwCleaner.

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by User (Administrator) on Tue 05/23/2017 at 17:03:01.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D133F6A4-1491-4F2D-BD2A-7197E092279E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{D133F6A4-1491-4F2D-BD2A-7197E092279E} (Registry Key)

 

# AdwCleaner v6.047 - Logfile created 23/05/2017 at 17:22:40
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : User - DESKTOP-GTQB5EV
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\User\AppData\Local\llssoft


***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\betterads


***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5679 Bytes] - [19/05/2017 10:53:05]
C:\AdwCleaner\AdwCleaner[C2].txt - [920 Bytes] - [23/05/2017 17:22:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [5025 Bytes] - [19/05/2017 10:49:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1308 Bytes] - [23/05/2017 17:21:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1138 Bytes] ##########

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Good :) Now let's run FRST and get logs to see what's left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.