Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Yelloader

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,372 posts
Content is republished with permission from Malwarebytes.

What is Yelloader ?

The Malwarebytes research team has determined that Yelloader is a family of trojan downloaders, clickers and droppers.

How do I know if my computer is affected by Yelloader?

There are practically no visible signs on your computer, but you may notice a slowdown in your internet connection. The clicker downloads a list of urls that it cycles through and sets some cookies so that the visits to those sites will be attributed to them and bring in the redirect fees.

How did Yelloader get on my computer?
Trojans have many methods for distributing themselves. This particular one was started by a (scarcely) obfuscated vbs file, bundled with other adware. The vbs file downloaded and started the installer.

trick.png

How do I remove Yelloader?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Yelloader?
  • No, Malwarebytes' Anti-Malware removes Yelloader completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Yelloader hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.



protection1.png


Possible signs in FRST logs:
 
 () C:\Program Files (x86)\msrtn32\msrtn32.exe
 () C:\Program Files (x86)\cpx\cpx.exe
 () C:\Program Files (x86)\dataup\dataup.exe
 () C:\Program Files (x86)\msrtn32\cdhtr.exe
 HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [639488 2016-01-24] ()
 HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1221120 2015-08-06] ()
 R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
 R2 windowsmanagementservice; C:\Users\{username}\AppData\Local\Temp\20160215\ct.exe [850944 2015-07-24] (Google Inc.) [File not signed]
 C:\Program Files (x86)\cpx
 C:\Program Files (x86)\regtool
 C:\Program Files (x86)\msrtn32
 C:\Program Files (x86)\dataup
 C:\Windows\TEMPcoral.vbs
 C:\Windows\system32\migwiz
 C:\Users\{username}\AppData\Local\Temp\igalg.exe <= random named file
Alterations made by the installer:
 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\cpx
       Adds the file cef.pak"="1/24/2016 12:25 AM, 2184260 bytes, A
       Adds the file cef_100_percent.pak"="1/24/2016 12:25 AM, 468951 bytes, A
       Adds the file cef_200_percent.pak"="1/24/2016 12:25 AM, 622967 bytes, A
       Adds the file core.dll"="11/24/2015 4:41 PM, 929792 bytes, A
       Adds the file cpx.exe"="1/24/2016 1:18 AM, 639488 bytes, A
       Adds the file d3dcompiler_43.dll"="10/1/2015 10:59 AM, 2106216 bytes, A
       Adds the file d3dcompiler_47.dll"="1/24/2016 12:17 AM, 3466856 bytes, A
       Adds the file debug.log"="2/15/2016 1:24 PM, 0 bytes, A
       Adds the file ffmpegsumo.dll"="1/24/2016 12:25 AM, 961536 bytes, A
       Adds the file icudtl.dat"="10/1/2015 12:45 PM, 10207504 bytes, A
       Adds the file libcef.dll"="1/24/2016 9:25 PM, 45075968 bytes, A
       Adds the file libEGL.dll"="1/24/2016 12:25 AM, 74752 bytes, A
       Adds the file libGLESv2.dll"="1/24/2016 12:25 AM, 1643008 bytes, A
       Adds the file natives_blob.bin"="1/24/2016 12:17 AM, 410937 bytes, A
       Adds the file snapshot_blob.bin"="1/24/2016 12:28 AM, 449780 bytes, A
    Adds the folder C:\Program Files (x86)\cpx\locales
    Adds the folder C:\Program Files (x86)\cpx\PepperFlash
       Adds the file manifest.json"="10/20/2015 10:04 PM, 2046 bytes, A
       Adds the file pepflashplayer.dll"="10/20/2015 11:08 PM, 16493384 bytes, A
    Adds the folder C:\Program Files (x86)\dataup
       Adds the file dataup.exe"="8/6/2015 1:18 PM, 77824 bytes, A
       Adds the file dataup.ini"="6/29/2015 6:34 PM, 22 bytes, A
       Adds the file NTSVC.ocx"="6/29/2015 6:01 PM, 34304 bytes, A
    Adds the folder C:\Program Files (x86)\msrtn32
       Adds the file boost_serialization-vc100-mt-1_54.dll"="9/24/2013 1:38 PM, 243200 bytes, A
       Adds the file cdhtr.exe"="8/6/2015 5:06 PM, 825856 bytes, A
       Adds the file icudt53.dll"="4/1/2014 5:29 PM, 21529088 bytes, A
       Adds the file icuin53.dll"="4/1/2014 5:26 PM, 1580032 bytes, A
       Adds the file icuio53.dll"="4/1/2014 5:27 PM, 37376 bytes, A
       Adds the file icule53.dll"="4/1/2014 5:26 PM, 212992 bytes, A
       Adds the file iculx53.dll"="4/1/2014 5:27 PM, 38912 bytes, A
       Adds the file icutest53.dll"="4/1/2014 5:27 PM, 52224 bytes, A
       Adds the file icutu53.dll"="4/1/2014 5:26 PM, 161280 bytes, A
       Adds the file icuuc53.dll"="4/1/2014 5:25 PM, 1079296 bytes, A
       Adds the file libeay32.dll"="5/26/2012 5:27 PM, 1176064 bytes, A
       Adds the file msrtn32.exe"="8/6/2015 5:05 PM, 1221120 bytes, A
       Adds the file msvcp100.dll"="3/18/2010 9:15 AM, 421200 bytes, A
       Adds the file msvcr100.dll"="3/18/2010 9:15 AM, 770384 bytes, A
       Adds the file Qt5Core.dll"="10/13/2014 8:16 PM, 4111872 bytes, A
       Adds the file Qt5Gui.dll"="10/13/2014 8:22 PM, 4350464 bytes, A
       Adds the file Qt5Multimedia.dll"="10/13/2014 9:14 PM, 544768 bytes, A
       Adds the file Qt5MultimediaWidgets.dll"="10/13/2014 9:15 PM, 84992 bytes, A
       Adds the file Qt5Network.dll"="11/10/2014 11:28 AM, 851456 bytes, A
       Adds the file Qt5OpenGL.dll"="10/13/2014 8:30 PM, 266752 bytes, A
       Adds the file Qt5Positioning.dll"="10/13/2014 9:20 PM, 155648 bytes, A
       Adds the file Qt5PrintSupport.dll"="10/13/2014 8:31 PM, 262144 bytes, A
       Adds the file Qt5Qml.dll"="10/13/2014 8:51 PM, 2525184 bytes, A
       Adds the file Qt5Quick.dll"="10/13/2014 9:02 PM, 2238464 bytes, A
       Adds the file Qt5Sensors.dll"="10/13/2014 9:21 PM, 145408 bytes, A
       Adds the file Qt5Sql.dll"="10/13/2014 8:18 PM, 152576 bytes, A
       Adds the file Qt5WebKit.dll"="11/10/2014 12:19 PM, 17500672 bytes, A
       Adds the file Qt5WebKitWidgets.dll"="10/27/2014 11:25 AM, 195072 bytes, A
       Adds the file Qt5Widgets.dll"="10/13/2014 8:29 PM, 4372480 bytes, A
       Adds the file QtXml4.dll"="6/19/2014 6:46 PM, 361472 bytes, A
       Adds the file QxOrm.dll"="10/12/2014 1:26 AM, 2299904 bytes, A
       Adds the file rthdcpd.exe"="8/27/2015 1:30 PM, 399872 bytes, A
       Adds the file ssleay32.dll"="5/26/2012 5:28 PM, 265216 bytes, A
       Adds the file ua.txt"="4/8/2015 11:54 PM, 1931 bytes, A
    Adds the folder C:\Program Files (x86)\msrtn32\imageformats
       Adds the file qdds.dll"="10/14/2014 1:31 AM, 32256 bytes, A
       Adds the file qgif.dll"="10/13/2014 8:32 PM, 21504 bytes, A
       Adds the file qicns.dll"="10/14/2014 1:31 AM, 27648 bytes, A
       Adds the file qico.dll"="10/13/2014 8:32 PM, 21504 bytes, A
       Adds the file qjp2.dll"="10/14/2014 1:31 AM, 381952 bytes, A
       Adds the file qjpeg.dll"="10/13/2014 8:31 PM, 204800 bytes, A
       Adds the file qmng.dll"="10/14/2014 1:31 AM, 218112 bytes, A
       Adds the file qsvg.dll"="10/13/2014 8:35 PM, 15872 bytes, A
       Adds the file qtga.dll"="10/14/2014 1:31 AM, 15360 bytes, A
       Adds the file qtiff.dll"="10/14/2014 1:32 AM, 307712 bytes, A
       Adds the file qwbmp.dll"="10/14/2014 1:32 AM, 14848 bytes, A
       Adds the file qwebp.dll"="10/14/2014 1:32 AM, 252928 bytes, A
    Adds the folder C:\Program Files (x86)\msrtn32\platforms
       Adds the file qminimal.dll"="10/13/2014 8:32 PM, 25600 bytes, A
       Adds the file qwindows.dll"="10/13/2014 8:34 PM, 879104 bytes, A
    Adds the folder C:\Program Files (x86)\msrtn32\plugins
       Adds the file NPSWF32_11_5_502_110.dll"="6/28/2014 12:54 PM, 14586808 bytes, A
    Adds the folder C:\Program Files (x86)\msrtn32\sqldrivers
       Adds the file qsqlite.dll"="10/13/2014 8:31 PM, 635392 bytes, A
    Adds the folder C:\Program Files (x86)\regtool
       Adds the file regtool.exe"="6/25/2015 11:56 AM, 55808 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\CEF\User Data\Dictionaries
    Adds the folder C:\Users\{username}\AppData\Local\cpx
       Adds the file config.ini"="2/15/2016 1:27 PM, 58 bytes, A
       Adds the file Cookies"="2/15/2016 1:27 PM, 38912 bytes, A
       Adds the file Cookies-journal"="2/15/2016 1:27 PM, 16384 bytes, A
       Adds the file list.txt"="2/15/2016 1:24 PM, 169239 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\mstrn32
       Adds the file cookies"="2/15/2016 1:27 PM, 7265 bytes, A
       Adds the file db.sqlite"="1/26/2016 11:15 AM, 25758720 bytes, A
       Adds the file Setting.ini"="2/15/2016 1:27 PM, 68 bytes, A
       Adds the file urls.txt"="7/5/2015 2:10 PM, 210379 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\mstrn32\dump
    In the existing folder C:\Windows\System32\migwiz
       Adds the file CRYPTBASE.dll"="2/15/2016 1:22 PM, 63488 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}]
       "(Default)"="REG_SZ", "_DNtSvc"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020420-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}\TypeLib]
       "(Default)"="REG_SZ", "{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}]
       "(Default)"="REG_SZ", "_DNtSvcEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020420-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}\TypeLib]
       "(Default)"="REG_SZ", "{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NTService.Control.1]
       "(Default)"="REG_SZ", "NT Service Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NTService.Control.1\CLSID]
       "(Default)"="REG_SZ", "{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}\1.0]
       "(Default)"="REG_SZ", "Microsoft NT Service Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\dataup\NTSVC.ocx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}\1.0\FLAGS]
       "(Default)"="REG_SZ", "2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\dataup"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}]
       "(Default)"="REG_SZ", "NT Service Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\Control]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\dataup\NTSVC.ocx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\MiscStatus]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\MiscStatus\1]
       "(Default)"="REG_SZ", "199824"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\ProgID]
       "(Default)"="REG_SZ", "NTService.Control.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\ToolboxBitmap32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\dataup\NTSVC.ocx, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\TypeLib]
       "(Default)"="REG_SZ", "{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\Version]
       "(Default)"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}]
       "(Default)"="REG_SZ", "_DNtSvc"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020420-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}\TypeLib]
       "(Default)"="REG_SZ", "{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}]
       "(Default)"="REG_SZ", "_DNtSvcEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020420-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}\TypeLib]
       "(Default)"="REG_SZ", "{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Network\FileService]
       "cpx_time"="REG_QWORD, ....
       "dataup_time"="REG_QWORD, ....
       "install_time"="REG_QWORD, ....
       "Liveup"="REG_SZ", "5E71C769-535D-4E51-B0A6-72E1B3843CC0"
       "msrtn32_time"="REG_QWORD, ....
       "regtool_time"="REG_QWORD, ....
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "cpx"="REG_SZ", ""C:\Program Files (x86)\cpx\cpx.exe" -starup"
       "msrtn32"="REG_SZ", ""C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup]
       "Description"="REG_EXPAND_SZ, "Detect version consistency of client and server, and get the latest version from the server."
       "DisplayName"="REG_SZ", "Dataup Service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\dataup\dataup.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup\Parameters]
       "TimerInterval"="REG_EXPAND_SZ, "300"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Dataup]
       "EventMessageFile"="REG_EXPAND_SZ, "C:\PROGRA~2\dataup\NTSVC.ocx"
       "TypesSupported"="REG_DWORD", 7
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice]
       "DelayedAutostart"="REG_DWORD", 1
       "DependOnService"="REG_MULTI_SZ, "RPCSS "
       "Description"="REG_SZ", "Provides management service for system."
       "DisplayName"="REG_SZ", "Windows Management Service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Users\{username}\AppData\Local\Temp\20160215\ct.exe" /svc"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2016
Scan Time: 7:52 PM
Logfile: mbamTEMPcoral.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.15.04
Rootkit Database: v2016.02.08.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364864
Time Elapsed: 4 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 6
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cpx.exe, 2880, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9]
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cpx.exe, 3296, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9]
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msrtn32.exe, 2524, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db]
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\cdhtr.exe, 1912, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db]
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.exe, 2936, Delete-on-Reboot, [4eb27ce53366ef478e5c9d77fa0a3fc1]
PUP.Optional.WindowsManagementService, C:\Users\{username}\AppData\Local\Temp\20160215\ct.exe, 1304, Delete-on-Reboot, [3dc36001cfca52e4a5668c8138cc5da3]

Modules: 56
PUP.Optional.CPX, C:\Program Files (x86)\cpx\ffmpegsumo.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\core.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\core.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libcef.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libcef.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icudt53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icudt53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuin53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuin53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuuc53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuuc53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\libeay32.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\libeay32.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msvcp100.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msvcp100.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msvcr100.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msvcr100.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Core.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Core.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Gui.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Gui.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Multimedia.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5MultimediaWidgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Network.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Network.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5OpenGL.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Positioning.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5PrintSupport.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Qml.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Quick.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Sensors.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Sql.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Sql.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5WebKit.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5WebKitWidgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Widgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Widgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\QxOrm.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\QxOrm.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\ssleay32.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\ssleay32.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qdds.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qgif.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qicns.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qico.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qmng.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qtga.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\platforms\qwindows.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\platforms\qwindows.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 

Registry Keys: 17
PUP.Optional.Yelloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\NTService.Control.1, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.WindowsManagementService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE, Quarantined, [3dc36001cfca52e4a5668c8138cc5da3], 
PUP.Optional.Clicker.ChrPRST, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\2EE1EBF9_0, Quarantined, [30d0025fd5c44aec74a46888b151f10f], 

Registry Values: 5
PUP.Optional.CPX, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx, "C:\Program Files (x86)\cpx\cpx.exe" -starup, Quarantined, [eb15154c2d6c0630f395428aa75c47b9]
PUP.Optional.Clicker.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msrtn32, "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60, Quarantined, [b14f70f15b3ef1450940c80e1ae925db]
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath, C:\Program Files (x86)\dataup\dataup.exe, Quarantined, [60a02d34cccd3ff7ef46aba47b89af51]
PUP.Optional.WindowsManagementService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath, "C:\Users\{username}\AppData\Local\Temp\20160215\ct.exe" /svc, Quarantined, [3dc36001cfca52e4a5668c8138cc5da3]
PUP.Optional.Clicker.ChrPRST, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\2ee1ebf9_0, {0.0.0.00000000}.{6256f43c-1fdb-48f9-92d4-02b7de615556}|\Device\HarddiskVolume2\Program Files (x86)\msrtn32\cdhtr.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [30d0025fd5c44aec74a46888b151f10f]

Registry Data: 0
(No malicious items detected)

Folders: 16
PUP.Optional.CPX, C:\Program Files (x86)\cpx, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\databases-incognito, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\databases-incognito\0, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\databases-incognito\1, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\platforms, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\plugins, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\sqldrivers, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup, Delete-on-Reboot, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
Rogue.RegTool, C:\Program Files (x86)\regtool, Quarantined, [d927cc9569302d0981bf01ae8d75cb35], 
PUP.Optional.Mstrn, C:\Users\{username}\AppData\Local\mstrn32, Quarantined, [dd23e180ecad171f7e35556a00025ca4], 
PUP.Optional.Mstrn, C:\Users\{username}\AppData\Local\mstrn32\dump, Quarantined, [dd23e180ecad171f7e35556a00025ca4], 
PUP.Optional.Clicker.ChrPRST, C:\Users\{username}\AppData\Local\cpx, Delete-on-Reboot, [50b0550c0b8ee94d192c9c76669fb14f], 

Files: 136
Trojan.Downloader, C:\Users\{username}\AppData\Local\Temp\nkfpk.exe, Quarantined, [d52bc1a0debb53e3c945825af311db25], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\ffmpegsumo.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef.pak, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_100_percent.pak, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_200_percent.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\core.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cpx.exe, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_43.dll, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_47.dll, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\debug.log, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\icudtl.dat, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libcef.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libEGL.dll, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libGLESv2.dll, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\natives_blob.bin, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\snapshot_blob.bin, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, c:\program files (x86)\cpx\databases-incognito\0\1, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, c:\program files (x86)\cpx\databases-incognito\1\2, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hi.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\am.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ar.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bg.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bn.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ca.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\cs.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\da.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\de.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\el.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-GB.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-US.pak, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es-419.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\et.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fa.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fi.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fil.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fr.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\gu.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\he.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hr.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hu.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\id.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\it.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ja.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\kn.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ko.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lt.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lv.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ml.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\mr.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ms.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nb.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nl.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pl.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-BR.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-PT.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ro.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ru.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sk.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sl.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sr.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sv.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sw.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ta.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\te.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\th.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\tr.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\uk.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\vi.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-CN.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-TW.pak, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\manifest.json, Quarantined, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\pepflashplayer.dll, Delete-on-Reboot, [eb15154c2d6c0630f395428aa75c47b9], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msrtn32.exe, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\cdhtr.exe, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icudt53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuin53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuio53.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icule53.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\iculx53.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icutest53.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icutu53.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\icuuc53.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\libeay32.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msvcp100.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\msvcr100.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Core.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Gui.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Multimedia.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5MultimediaWidgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Network.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5OpenGL.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Positioning.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5PrintSupport.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Qml.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Quick.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Sensors.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Sql.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5WebKit.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5WebKitWidgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\Qt5Widgets.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\QtXml4.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\QxOrm.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\rthdcpd.exe, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\ssleay32.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\ua.txt, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qdds.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qgif.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qicns.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qico.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qmng.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qsvg.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qtga.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\platforms\qminimal.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\platforms\qwindows.dll, Delete-on-Reboot, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\plugins\NPSWF32_11_5_502_110.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Clicker.ChrPRST, C:\Program Files (x86)\msrtn32\sqldrivers\qsqlite.dll, Quarantined, [b14f70f15b3ef1450940c80e1ae925db], 
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.ini, Quarantined, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.exe, Delete-on-Reboot, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\NTSVC.ocx, Delete-on-Reboot, [4eb27ce53366ef478e5c9d77fa0a3fc1], 
PUP.Optional.WindowsManagementService, C:\Users\{username}\AppData\Local\Temp\20160215\ct.exe, Delete-on-Reboot, [3dc36001cfca52e4a5668c8138cc5da3], 
Rogue.RegTool, C:\Program Files (x86)\regtool\regtool.exe, Quarantined, [d927cc9569302d0981bf01ae8d75cb35], 
PUP.Optional.Mstrn, C:\Users\{username}\AppData\Local\mstrn32\cookies, Quarantined, [dd23e180ecad171f7e35556a00025ca4], 
PUP.Optional.Mstrn, C:\Users\{username}\AppData\Local\mstrn32\db.sqlite, Quarantined, [dd23e180ecad171f7e35556a00025ca4], 
PUP.Optional.Mstrn, C:\Users\{username}\AppData\Local\mstrn32\Setting.ini, Quarantined, [dd23e180ecad171f7e35556a00025ca4], 
PUP.Optional.Mstrn, C:\Users\{username}\AppData\Local\mstrn32\urls.txt, Quarantined, [dd23e180ecad171f7e35556a00025ca4], 
PUP.Optional.Clicker.ChrPRST, C:\Users\{username}\AppData\Local\cpx\list.txt, Quarantined, [50b0550c0b8ee94d192c9c76669fb14f], 
PUP.Optional.Clicker.ChrPRST, C:\Users\{username}\AppData\Local\cpx\config.ini, Quarantined, [50b0550c0b8ee94d192c9c76669fb14f], 
PUP.Optional.Clicker.ChrPRST, C:\Users\{username}\AppData\Local\cpx\Cookies, Delete-on-Reboot, [50b0550c0b8ee94d192c9c76669fb14f], 
PUP.Optional.Clicker.ChrPRST, C:\Users\{username}\AppData\Local\cpx\Cookies-journal, Delete-on-Reboot, [50b0550c0b8ee94d192c9c76669fb14f], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.