Help Me Remove Some Nasty Malware

Please re-run ADW and remove:
Trojan.Agent C:\Windows\System32\drivers\WinmonProcessMonitor.sys

Adware.CloudWeb HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F4FD63-6108-4422-8357-8086AD91AB86}
Adware.CloudWeb HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate
Adware.ICLoader HKLM\SOFTWARE\MICROSOFT\Speedycar
Adware.ICLoader HKLM\Software\MICROSOFT\TechnologyDesktopnew
Adware.Linkury HKCU\Software\mtMbappert
Adware.Linkury HKLM\Software\Wow6432Node\mtMbappert
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Then re-run Hitman and RogueKiller and remove everything they found.

Reboot and rescan with all three and attach the new logs, please.

 

Both of those files could be corrupt or affected by malware. Let's do two things;

First open an elevated command prompt ( CMD with Admin. privileges ) and type in:

sfc /scannow ....... note the space. Let me know what it tells you.

 

Go to Run and type in msconfig....then go to the start up section and tell me what is there.

 

They don't look legit:

Please go here > https://www.zemana.com/Download
their program is no longer free, but you can use the demo version for this cleaning.

It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please.

 

Please allow MBAM to remove everything it found!! Reboot and rescan with MBAM and attach the new log and tell me how things are running now.

 

Those two items are legit files. However, you can double check by doing this:

Click on the following link and use the below steps to scan a file: Virustotal

Click the Browse... button.
Navigate to the file FileToBeScanned

Where FileToBeScanned is the actual file to be scanned. Like C:\WINDOWS\System32\vdmt16.sys
[/LIST]

 

It sounds like all is good. If you are booting up without incident and everything is coming back clean. I think you are good to go.

aIf you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
3. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You are most welcome.