Jump to content

Trojan.0Access & Rootkit.Dropper

VickiT77
 Share

Recommended Posts

VickiT77

VickiT77

Posted
Posted

I have 3 of the trojans and 1 rootkit trapped on my Malwarebytes quarantine list that I can not delete. Here is the attach file followed by the dds. (I read the "I'm infected..." pin and am copying and pasting as requested. It will not show up as an attachable file even though it says it is saved).

 

Thank you for your time and help!

 

~Vicki

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/11/2008 4:28:41 AM
System Uptime: 7/20/2013 5:05:43 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel® Core2 Duo CPU     E7200  @ 2.53GHz | Socket 775 | 2534/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 336.955 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 8.709 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
4660_4680_Help
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Advanced SystemCare 4
AOL Uninstaller (Choose which Products to Remove)
Applet
Bing Bar
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Content Manager
CustomerResearchQFolder
Dell Getting Started Guide
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocMgr
DocProc
DocProcQFolder
EDocs
eSupportQFolder
Fax
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet All-In-One Series
HP OfficeJet J4600 All-In-One Series
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
J4600_Basic
Java Auto Updater
Java 6 Update 26
Java 6 Update 5
Java 6 Update 7
LiveUpdate (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Network64
OCR Software by I.R.I.S. 10.0
OpenOffice.org Installer 1.0
ProductContext
PSSWCORE
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RTC Client API v1.2
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
SmartWebPrintingOC
Socrates Media Product Browser
SolutionCenter
SPBBC 64bit
Status
Toolbox
ToolkitCMA
TrayApp
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.17
VideoToolkit01
Viewpoint Media Player
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.5
WebReg
Windows Live ID Sign-in Assistant
WinRAR 5.00 beta 6 (64-bit)
Yahoo! Toolbar
.
==== End Of File ===========================

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496
Run by Vasiliki at 5:34:19 on 2013-07-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4084.2040 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\dlbccoms.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\aol\1220397354\ee\aolsoftware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\aol\1220397354\ee\aolupdates.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\consent.exe
C:\Users\Guest\Downloads\RogueKiller.exe
C:\Program Files (x86)\Common Files\aol\1220397354\ee\aolsoftware.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\twunk_32.exe
C:\Windows\twunk_32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uWinlogon: Shell = explorer.exe,C:\Users\Vasiliki\AppData\Roaming\skype.dat
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [Google Update] "C:\Users\Vasiliki\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [CmTray] "C:\Program Files (x86)\Content Manager\launchCM.exe"
uRun: [Adobe CSS5.1 Manager] C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe
uRunOnce: [Adobe CSS5.1 Manager] C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1220397354\ee\AOLSoftware.exe"
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzYtOTM2MzQ5MTc1LVNUMTJGT0krMS1ERFQrMC1TVDEyQVBQKzEtRVVMQSsx"&"prod=94"&"ver=2012.0.1831"&"mid=1f0683a0225647d1ab22d14acce4e9e6-00598b02bf8194c050f7e14db36065ab82edb9bc
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com








TCP: NameServer = 192.168.254.254
TCP: Interfaces\{061C72D5-6FD8-41CE-810F-D4F1073222DA} : DHCPNameServer = 192.168.254.254
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [skytel] Skytel.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-8-11 53488]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-10-16 328536]
R2 dlbc_device;dlbc_device;C:\Windows\System32\dlbccoms.exe -service --> C:\Windows\System32\dlbccoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-29 652872]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-8-11 403456]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-29 23152]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-22 89920]
SUnknown NisSrv;NisSrv; [x]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-07-20 03:26:50 0 ----a-w- C:\Users\Vasiliki\rundll32.exe
2013-07-20 03:26:50 0 ----a-w- C:\Users\Vasiliki\icq.exe
2013-07-20 03:26:49 855552 ----a-w- C:\Users\Vasiliki\googleupdate.exe
2013-07-12 07:16:29 78185248 ----a-w- C:\Windows\System32\mrt.exe
2013-06-12 03:58:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:58:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-04 02:03:07 2775040 ----a-w- C:\Windows\System32\win32k.sys
2013-06-01 04:19:22 619008 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 04:06:08 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-29 06:15:56 17829376 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-29 05:50:31 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:36:04 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:33:15 237056 ----a-w- C:\Windows\System32\url.dll
2013-05-29 05:31:32 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:27:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-05-29 05:27:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-05-29 05:25:46 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 05:18:27 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-05-29 01:56:15 12333568 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:48:09 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:30 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:40:26 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-05-29 01:38:29 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:35:56 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-05-29 01:35:00 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-05-29 01:33:39 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-05-29 01:33:32 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-29 01:29:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-05-08 04:18:16 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-08 04:14:40 1417576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-08 04:04:52 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-08 02:27:42 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-02 04:16:27 686080 ----a-w- C:\Windows\System32\win32spl.dll
2013-05-02 04:04:25 443904 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- C:\Windows\SysWow64\printcom.dll
2013-04-24 04:09:48 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-04-24 04:09:48 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-04-24 04:09:48 1269248 ----a-w- C:\Windows\System32\crypt32.dll
2013-04-24 04:09:41 50688 ----a-w- C:\Windows\System32\certenc.dll
2013-04-24 04:00:30 985600 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-04-24 04:00:30 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-04-24 04:00:30 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-04-24 04:00:24 41984 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-04-24 02:10:00 1078272 ----a-w- C:\Windows\System32\certutil.exe
2013-04-24 01:46:29 812544 ----a-w- C:\Windows\SysWow64\certutil.exe
.
============= FINISH:  5:34:46.85 ===============

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

Thank you! Report below.

 

 

 

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Vasiliki [Admin rights]
Mode : Scan -- Date : 07/20/2013 15:23:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 489 ¤¤¤
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[sUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Adobe CSS5.1 Manager (C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4151630087-946522165-2231852217-1000\[...]\Run : Adobe CSS5.1 Manager (C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe [-]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\RunOnce : Adobe CSS5.1 Manager (C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4151630087-946522165-2231852217-1000\[...]\RunOnce : Adobe CSS5.1 Manager (C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe [-]) -> FOUND
[sHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Vasiliki\AppData\Roaming\skype.dat [x][-]) -> FOUND
[sHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Vasiliki\AppData\Roaming\skype.dat [x][-]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][sUSP PATH] {144946F1-70B2-42B4-B981-E01BA4E3AE4D}.job : C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisIpsPlugin.dll : C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisLog.dll : C:\Program Files\Microsoft Security Client\NisLog.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisSrv.exe : C:\Program Files\Microsoft Security Client\NisSrv.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisWFP.dll : C:\Program Files\Microsoft Security Client\NisWFP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
 x:\Windows\system32
 
-> D:\windows\system32\config\SOFTWARE
 x:\Windows\system32
 
-> D:\windows\system32\config\SECURITY
 x:\Windows\system32
 
-> D:\windows\system32\config\SAM
 x:\Windows\system32
 
-> D:\windows\system32\config\DEFAULT
 x:\Windows\system32
 
-> D:\Users\Default\NTUSER.DAT
 x:\Windows\system32
 

¤¤¤ Infection : Rans.Gendarm|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] ea51be4ccc23f96c00085860a13883ac
[bSP] 1af4d28bb70c03811e78e660b7f2fd28 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 466899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-75A7B0 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD5000AAKS-75A7B0 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD5000AAKS-75A7B0 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WDC WD5000AAKS-75A7B0 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07202013_152307.txt >>
RKreport[0]_S_07202013_051459.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

Thank you again :) I am going to try to clean it and see how it goes.

 

Here is the info requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Guest (ATTENTION: The logged in user is not administrator) on 20-07-2013 20:28:14
Running from C:\Users\Guest\Desktop
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x]
HKLM\...\Run: [skytel] - Skytel.exe [x]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] ()
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzYtOTM2MzQ5MTc1LVNUMTJGT0krMS1ERFQrMC1TVDEyQVBQKzEtRVVMQSsx"&"prod=94"&"ver=2012.0.1831"&"mid=1f0683a0225647d1ab22d14acce4e9e6-00598b02bf8194c050f7e14db36065ab82edb9bc [x]
HKCU\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1555968 2009-04-11] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HostManager] - "C:\Program Files (x86)\Common Files\AOL\1220397354\ee\AOLSoftware.exe" [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [CarboniteSetupLite] - "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 [283792 2010-11-20] (Carbonite, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2011-12-24] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] -  [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog9 25 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog9 26 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [328536 2011-08-09] (IObit)
R2 Automatic LiveUpdate Scheduler; C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2008-01-09] (Symantec Corporation)
R2 dlbc_device; C:\Windows\system32\dlbccoms.exe [566768 2007-02-07] ( )
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2008-01-09] (Symantec Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [652872 2011-12-24] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2007-11-16] (Motive Communications, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [19712 2007-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [19712 2007-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [18304 2007-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [18304 2007-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-20 20:27 - 2013-07-20 20:28 - 01779345 _____ (Farbar) C:\Users\Guest\Desktop\FRST64.exe
2013-07-20 20:27 - 2013-07-20 20:27 - 01219758 _____ (Farbar) C:\Users\Guest\Desktop\FRST.exe
2013-07-20 20:22 - 2013-07-20 20:22 - 01219758 _____ (Farbar) C:\Users\Guest\Downloads\FRST.exe
2013-07-20 15:23 - 2013-07-20 15:23 - 00048005 _____ C:\Users\Vasiliki\Desktop\RKreport[0]_S_07202013_152307.txt
2013-07-20 15:18 - 2013-07-20 15:18 - 00915968 _____ C:\Users\Guest\Downloads\RogueKiller (1).exe
2013-07-20 05:36 - 2013-07-20 05:36 - 00009143 _____ C:\Users\Vasiliki\Desktop\attach.txt
2013-07-20 05:36 - 2013-07-20 05:34 - 00017753 _____ C:\Users\Vasiliki\Desktop\dds.txt
2013-07-20 05:32 - 2013-07-20 05:32 - 00688992 ____R (Swearware) C:\Users\Guest\Desktop\dds.com
2013-07-20 05:31 - 2013-07-20 05:31 - 00688992 _____ (Swearware) C:\Users\Guest\Downloads\dds.com
2013-07-20 05:14 - 2013-07-20 05:14 - 00009536 _____ C:\Users\Vasiliki\Desktop\RKreport[0]_S_07202013_051459.txt
2013-07-20 05:13 - 2013-07-20 05:34 - 00000000 ____D C:\Users\Vasiliki\Desktop\RK_Quarantine
2013-07-20 05:13 - 2013-07-20 05:13 - 00915968 _____ C:\Users\Guest\Downloads\RogueKiller.exe
2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-07-19 23:46 - 2013-07-19 23:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-07-19 23:29 - 2013-07-20 05:13 - 00000004 _____ C:\Users\Vasiliki\AppData\Roaming\skype.ini
2013-07-19 23:28 - 2013-07-19 23:28 - 00213371 _____ C:\Users\Vasiliki\Downloads\MVC (1).jar
2013-07-19 23:27 - 2013-07-19 23:27 - 00213371 _____ C:\Users\Vasiliki\Downloads\MVC.jar
2013-07-19 23:27 - 2013-07-19 23:27 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\TunkDesign
2013-07-19 23:27 - 2013-07-19 23:27 - 00000000 ____D C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad
2013-07-19 23:26 - 2013-07-19 23:26 - 00855552 _____ (Gracenote) C:\Users\Vasiliki\googleupdate.exe
2013-07-19 23:26 - 2013-07-19 23:26 - 00000000 _____ C:\Users\Vasiliki\rundll32.exe
2013-07-19 23:26 - 2013-07-19 23:26 - 00000000 _____ C:\Users\Vasiliki\icq.exe
2013-07-12 03:02 - 2013-05-29 01:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:02 - 2013-05-29 01:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:02 - 2013-05-29 01:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:02 - 2013-05-29 01:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 03:02 - 2013-05-29 01:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 03:02 - 2013-05-29 01:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:02 - 2013-05-29 01:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:02 - 2013-05-29 01:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 03:02 - 2013-05-29 01:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 03:02 - 2013-05-29 01:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:02 - 2013-05-29 01:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:02 - 2013-05-29 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 03:02 - 2013-05-29 01:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 03:02 - 2013-05-29 01:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:02 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 03:02 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 03:02 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-12 03:02 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 03:02 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 03:02 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-12 03:02 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 03:02 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-12 03:02 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-12 03:02 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 03:02 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 03:02 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 03:02 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 03:02 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-12 03:02 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 03:01 - 2013-05-29 02:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:01 - 2013-05-29 01:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:01 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 15:07 - 2013-06-03 22:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:07 - 2013-06-01 00:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:07 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:07 - 2013-05-08 00:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:07 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:07 - 2013-04-17 08:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 15:07 - 2013-04-17 08:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 15:07 - 2013-04-17 08:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 15:07 - 2013-04-17 08:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 15:07 - 2013-04-17 07:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 15:07 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-11 15:07 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-11 15:07 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-11 15:07 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-11 15:07 - 2013-04-17 07:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 15:07 - 2013-04-17 07:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 15:07 - 2013-04-17 06:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 15:07 - 2013-04-17 06:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 15:07 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-11 15:07 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-11 15:07 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-11 15:07 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-22 20:21 - 2013-06-24 22:35 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\.minecraft
2013-06-22 15:08 - 2013-06-22 15:08 - 01975130 _____ C:\Users\Vasiliki\Desktop\minecraftforge-universal-1.5.2-7.8.0.684 (1).zip
2013-06-22 15:03 - 2013-06-22 15:03 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\WinRAR
2013-06-22 14:53 - 2013-06-23 22:54 - 00000000 ____D C:\Program Files\WinRAR

==================== One Month Modified Files and Folders =======

2013-07-20 20:28 - 2013-07-20 20:27 - 01779345 _____ (Farbar) C:\Users\Guest\Desktop\FRST64.exe
2013-07-20 20:27 - 2013-07-20 20:27 - 01219758 _____ (Farbar) C:\Users\Guest\Desktop\FRST.exe
2013-07-20 20:22 - 2013-07-20 20:22 - 01219758 _____ (Farbar) C:\Users\Guest\Downloads\FRST.exe
2013-07-20 20:20 - 2008-08-11 04:27 - 02009097 _____ C:\Windows\WindowsUpdate.log
2013-07-20 19:06 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 19:06 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 15:23 - 2013-07-20 15:23 - 00048005 _____ C:\Users\Vasiliki\Desktop\RKreport[0]_S_07202013_152307.txt
2013-07-20 15:18 - 2013-07-20 15:18 - 00915968 _____ C:\Users\Guest\Downloads\RogueKiller (1).exe
2013-07-20 05:36 - 2013-07-20 05:36 - 00009143 _____ C:\Users\Vasiliki\Desktop\attach.txt
2013-07-20 05:34 - 2013-07-20 05:36 - 00017753 _____ C:\Users\Vasiliki\Desktop\dds.txt
2013-07-20 05:34 - 2013-07-20 05:13 - 00000000 ____D C:\Users\Vasiliki\Desktop\RK_Quarantine
2013-07-20 05:32 - 2013-07-20 05:32 - 00688992 ____R (Swearware) C:\Users\Guest\Desktop\dds.com
2013-07-20 05:31 - 2013-07-20 05:31 - 00688992 _____ (Swearware) C:\Users\Guest\Downloads\dds.com
2013-07-20 05:14 - 2013-07-20 05:14 - 00009536 _____ C:\Users\Vasiliki\Desktop\RKreport[0]_S_07202013_051459.txt
2013-07-20 05:13 - 2013-07-20 05:13 - 00915968 _____ C:\Users\Guest\Downloads\RogueKiller.exe
2013-07-20 05:13 - 2013-07-19 23:29 - 00000004 _____ C:\Users\Vasiliki\AppData\Roaming\skype.ini
2013-07-20 05:13 - 2006-11-02 08:46 - 00802418 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 05:11 - 2008-09-02 15:21 - 00000000 ____D C:\Users\Vasiliki
2013-07-20 05:10 - 2012-12-13 08:05 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-07-19 23:46 - 2013-07-19 23:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-07-19 23:28 - 2013-07-19 23:28 - 00213371 _____ C:\Users\Vasiliki\Downloads\MVC (1).jar
2013-07-19 23:27 - 2013-07-19 23:27 - 00213371 _____ C:\Users\Vasiliki\Downloads\MVC.jar
2013-07-19 23:27 - 2013-07-19 23:27 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\TunkDesign
2013-07-19 23:27 - 2013-07-19 23:27 - 00000000 ____D C:\Users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad
2013-07-19 23:26 - 2013-07-19 23:26 - 00855552 _____ (Gracenote) C:\Users\Vasiliki\googleupdate.exe
2013-07-19 23:26 - 2013-07-19 23:26 - 00000000 _____ C:\Users\Vasiliki\rundll32.exe
2013-07-19 23:26 - 2013-07-19 23:26 - 00000000 _____ C:\Users\Vasiliki\icq.exe
2013-07-16 10:40 - 2011-10-16 20:16 - 00002059 _____ C:\Users\Vasiliki\Desktop\Google Chrome.lnk
2013-07-12 03:40 - 2006-11-02 11:21 - 00302496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:39 - 2011-09-30 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 03:38 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-12 03:38 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:16 - 2006-11-02 08:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-12 03:03 - 2008-09-02 21:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-24 22:35 - 2013-06-22 20:21 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\.minecraft
2013-06-23 22:54 - 2013-06-22 14:53 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 19:52 - 2011-09-29 15:51 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\GBtzP0ycAiDoF
2013-06-22 15:08 - 2013-06-22 15:08 - 01975130 _____ C:\Users\Vasiliki\Desktop\minecraftforge-universal-1.5.2-7.8.0.684 (1).zip
2013-06-22 15:03 - 2013-06-22 15:03 - 00000000 ____D C:\Users\Vasiliki\AppData\Roaming\WinRAR

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\@
C:\Windows\assembly\tmp\bckfg.tmp
C:\Windows\assembly\tmp\cfg.ini
C:\Windows\assembly\tmp\keywords
C:\Windows\assembly\tmp\kwrd.dll
C:\Windows\assembly\tmp\loader.tlb
C:\Windows\assembly\tmp\lsflt7.ver
C:\Windows\assembly\tmp\U

Files to move or delete:
====================
C:\Users\Vasiliki\googleupdate.exe
C:\Users\Vasiliki\icq.exe
C:\Users\Vasiliki\rundll32.exe
C:\Users\Vasiliki\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

Thank you. I saved it to the desktop since that is where the FRST thing is. I hope I did that right. Here is the log and I am getting ready to do download tha malwarebytes antiroot kit now.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by Guest at 2013-07-20 23:06:15 Run:1
Running from C:\Users\Guest\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value not found.

"C:\Windows\assembly\tmp" directory move:

Could not move "C:\Windows\assembly\tmp\@" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\bckfg.tmp" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\cfg.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\keywords" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\kwrd.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\loader.tlb" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\lsflt7.ver" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\assembly\tmp\@" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\bckfg.tmp" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\cfg.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\keywords" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\kwrd.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\loader.tlb" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp\lsflt7.ver" => Scheduled to move on reboot.

"C:\Windows\assembly\tmp\U" directory move:

Could not move "C:\Windows\assembly\tmp\U" directory. => Scheduled to move on reboot.

Could not move "C:\Users\Vasiliki\googleupdate.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Vasiliki\icq.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Vasiliki\rundll32.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Vasiliki\googleupdate.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Vasiliki\rundll32.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Vasiliki\icq.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Vasiliki\AppData\Roaming\skype.ini" => Scheduled to move on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\\LibraryPath Error setting value to %SystemRoot%\system32\NLAapi.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\\LibraryPath Error setting value to %SystemRoot%\system32\NLAapi.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\\LibraryPath Error setting value to %SystemRoot%\System32\mswsock.dll
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpClient.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpOAV.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MpSvc.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MSASCui.exe" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Failed to delete reparsepoint.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\Drivers" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\en-us" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

System-lsystem-log.txtog

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 4282662912, free: 2193297408

Downloaded database version: v2013.07.21.01
Canceled update
Initializing...
------------ Kernel report ------------
     07/20/2013 23:48:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032e.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\CAXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\CAX_DPV.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80068b3060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa800685a740
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80068b2060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa80067bb060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80068b1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000061\
Lower Device Object: 0xfffffa8006775890
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006910360
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xfffffa800676d0e0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800564d260
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800486f060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800564d260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005752b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800564d260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004892040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800486f060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1EBF09A3

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920  Numsec = 20480000

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20561920  Numsec = 956209200
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006910360, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80068af730, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006910360, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800676d0e0, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80068b1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80068b1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80068b1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006775890, DeviceName: \Device\00000061\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80068b2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80068b2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80068b2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80067bb060, DeviceName: \Device\00000062\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80068b3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80068b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80068b3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800685a740, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_20561920_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

 

 

 

mbar-log

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Vasiliki :: VASILIKI-PC [administrator]

7/20/2013 11:48:43 PM
mbar-log-2013-07-20 (23-48-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 268092
Time elapsed: 12 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mbar-log-2013-07-20 (23-48-43).txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Yes, run fixdamage and then.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

Here you go :)

 

 

ComboFix 13-07-20.03 - Vasiliki 07/22/2013   0:30.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4084.2583 [GMT -4:00]
Running from: c:\users\Guest\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad
c:\users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe
c:\users\Vasiliki\AppData\Roaming\skype.ini
c:\users\Vasiliki\icq.exe
c:\windows\assembly\tmp\U
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))
.
.
2013-07-22 04:36 . 2013-07-22 04:57 -------- d-----w- c:\users\Vasiliki\AppData\Local\temp
2013-07-22 04:36 . 2013-07-22 04:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-22 04:36 . 2013-07-22 04:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-21 05:33 . 2013-07-21 05:33 -------- d-----w- c:\users\Guest\AppData\Roaming\AOL
2013-07-21 04:59 . 2013-07-21 05:00 -------- d-----w- c:\programdata\IObit
2013-07-21 04:51 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AF8725B-4C36-4D44-9406-FF4C4E0CD4B2}\mpengine.dll
2013-07-21 01:49 . 2013-07-21 01:49 -------- d-----w- c:\programdata\osy
2013-07-20 04:33 . 2013-07-20 04:33 -------- d-----w- c:\programdata\WindowsSearch
2013-07-20 03:46 . 2013-07-20 03:46 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2013-07-20 03:27 . 2013-07-20 03:27 -------- d-----w- c:\users\Vasiliki\AppData\Roaming\TunkDesign
2013-07-12 07:01 . 2013-05-29 06:15 17829376 ----a-w- c:\windows\system32\mshtml.dll
2013-07-12 07:01 . 2013-05-29 05:50 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-06-23 00:21 . 2013-06-25 02:35 -------- d-----w- c:\users\Vasiliki\AppData\Roaming\.minecraft
2013-06-22 19:09 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6458004-8DF9-43FE-9BD6-167A39DFC9C0}\mpengine.dll
2013-06-22 19:08 . 2013-06-22 19:08 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3A2C8C6-0060-4246-8731-806D8E58D159}\offreg.dll
2013-06-22 18:53 . 2013-06-24 02:54 -------- d-----w- c:\program files\WinRAR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 07:16 . 2006-11-02 12:35 78185248 ----a-w- c:\windows\system32\mrt.exe
2013-06-21 23:46 . 2013-06-21 23:47 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C2BB5F4-7F91-4F02-A385-94F65224D3D8}\gapaengine.dll
2013-06-12 03:58 . 2013-04-23 17:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 03:58 . 2011-10-17 01:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:08 . 2013-06-22 01:44 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3A2C8C6-0060-4246-8731-806D8E58D159}\mpengine.dll
2013-06-12 03:08 . 2013-06-21 23:46 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-23 18:18 . 2013-06-15 02:17 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B34C5A6-D9DE-4939-814E-90BDDBBF44F7}\gapaengine.dll
2013-05-23 18:18 . 2012-02-10 19:50 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-08 04:14 . 2013-06-15 02:15 1417576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 02:27 . 2013-06-15 02:15 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 06:06 . 2010-03-07 18:52 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 04:16 . 2013-06-15 02:15 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-15 02:15 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-15 02:15 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2013-04-24 04:09 . 2013-06-15 02:16 1269248 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:09 . 2013-06-15 02:16 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:09 . 2013-06-15 02:16 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:09 . 2013-06-15 02:16 50688 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 04:00 . 2013-06-15 02:16 985600 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-04-24 04:00 . 2013-06-15 02:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-04-24 04:00 . 2013-06-15 02:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-04-24 04:00 . 2013-06-15 02:16 41984 ----a-w- c:\windows\SysWow64\certenc.dll
2013-04-24 02:10 . 2013-06-15 02:16 1078272 ----a-w- c:\windows\system32\certutil.exe
2013-04-24 01:46 . 2013-06-15 02:16 812544 ----a-w- c:\windows\SysWow64\certutil.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"CmTray"="c:\program files (x86)\Content Manager\launchCM.exe" [2011-12-28 94208]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1220397354\ee\AOLSoftware.exe" [2010-03-08 41800]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg&inst=NzYtOTM2MzQ5MTc1LVNUMTJGT0krMS1ERFQrMC1TVDEyQVBQKzEtRVVMQSsx∏=94&ver=2012.0.1831&mid=1f0683a0225647d1ab22d14acce4e9e6-00598b02bf8194c050f7e14db36065ab82edb9bc" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-8-11 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-23 03:58]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 04:36]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 04:36]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4151630087-946522165-2231852217-1000Core.job
- c:\users\Vasiliki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 00:10]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4151630087-946522165-2231852217-1000UA.job
- c:\users\Vasiliki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 00:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: facebook.com\apps
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 192.168.254.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe CSS5.1 Manager - c:\users\Vasiliki\AppData\Local\cb8a61d3-4639-4419-bec7-a3d7aa9628cbad\cbadbecadaacbad.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Applet - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqste08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2013-07-22  01:02:36 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-22 05:02
ComboFix2.txt  2011-10-17 01:01
.
Pre-Run: 365,844,627,456 bytes free
Post-Run: 366,119,116,800 bytes free
.
- - End Of File - - E6B9A9FD6357432DCBF4BBF0B6598D6B
CDB4DE4BBD714F152979DA2DCBEF57EB
 

ComboFix.txt

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

It found some stuff in the registry and says to delete items with buttons. Should I go ahead and do that?

 

Here is the log in the mean time.

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Vasiliki [Admin rights]
Mode : Scan -- Date : 07/22/2013 12:09:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
 x:\Windows\system32
 
-> D:\windows\system32\config\SOFTWARE
 x:\Windows\system32
 
-> D:\windows\system32\config\SECURITY
 x:\Windows\system32
 
-> D:\windows\system32\config\SAM
 x:\Windows\system32
 
-> D:\windows\system32\config\DEFAULT
 x:\Windows\system32
 
-> D:\Users\Default\NTUSER.DAT
 x:\Windows\system32
 

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] ea51be4ccc23f96c00085860a13883ac
[bSP] 1af4d28bb70c03811e78e660b7f2fd28 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 466899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07222013_120918.txt >>

 

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

No, those are OK....

Lets check for any adware while you're here:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

I don't think there is anything there that I need to keep. This computer is only used for games and homework right now. I use it for work every once in a while.

 

Here is the log, and again Thank You for all your time and help.

 

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 21:53:18
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Vasiliki - VASILIKI-PC
# Boot Mode : Normal
# Running from : C:\Users\Guest\Desktop\adwcleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Vasiliki\AppData\LocalLow\ShoppingReport2

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Vasiliki\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3453 octets] - [23/07/2013 21:53:18]

########## EOF - C:\AdwCleaner[R1].txt - [3513 octets] ##########

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Some adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

Adware cleaner log. Going to do sec check now.

 

 

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 22:46:36
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Vasiliki - VASILIKI-PC
# Boot Mode : Normal
# Running from : C:\Users\Guest\Desktop\adwcleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\Vasiliki\AppData\LocalLow\ShoppingReport2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Vasiliki\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3578 octets] - [23/07/2013 21:53:18]
AdwCleaner[R2].txt - [3638 octets] - [23/07/2013 22:46:19]
AdwCleaner[s1].txt - [3548 octets] - [23/07/2013 22:46:36]

########## EOF - C:\AdwCleaner[s1].txt - [3608 octets] ##########

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

Sec check log:

 

 

 Results of screen317's Security Check version 0.99.71 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 26 
 Java 6 Update 5 
 Java 6 Update 7 
 Java version out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall all and any Java in your add/remove programs:
Java™ 6 Update 26
Java™ 6 Update 5
Java™ 6 Update 7

Java version out of Date! <-------Download and install the latest version (Version 25) from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~



Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~

Google Chrome 28.0.1500.71 <-----OLD
Google Chrome 28.0.1500.72 <-----OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”


~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
VickiT77

VickiT77

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows Vista Home Premium x64
Ran by Vasiliki on Tue 07/23/2013 at 23:00:19.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Vasiliki\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/23/2013 at 23:04:21.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.