Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Infected Laptop
Message
<blockquote data-quote="erbrma" data-source="post: 75285" data-attributes="member: 2550"><p>I don't have the Malwarebytes log but I removed 34 infections found during its scan. My main problem is a window saying "There was a problem starting C:/Windows/system32/crexv.ocx that appears every 5 seconds on my computer even if I exit out of it.</p><p></p><p>RogueKiller Logs:</p><p></p><p>RogueKiller V8.0.5 [09/23/2012] by Tigzy</p><p>mail: tigzyRK<at>gmail<dot>com</p><p>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</p><p>Blog: http://tigzyrk.blogspot.com</p><p></p><p>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</p><p>Started in : Normal mode</p><p>User : Matthew [Admin rights]</p><p>Mode : Scan -- Date : 09/25/2012 17:40:00</p><p></p><p>¤¤¤ Bad processes : 0 ¤¤¤</p><p></p><p>¤¤¤ Registry Entries : 109 ¤¤¤</p><p>[RUN][SUSP PATH] HKCU\[...]\Run : Unity (C:\Users\Matthew\AppData\Roaming\A23687.exe) -> FOUND</p><p>[RUN][BLACKLIST DLL] HKCU\[...]\Run : vcsux ("C:\Windows\System32\rundll32.exe" "C:\Users\Matthew\AppData\Roaming\vcsux.dll",vInitA) -> FOUND</p><p>[RUN][BLACKLIST DLL] HKLM\[...]\Run : vcsux ("C:\Windows\System32\rundll32.exe" "C:\Users\Matthew\AppData\Roaming\vcsux.dll",vInitA) -> FOUND</p><p>[RUN][SUSP PATH] HKUS\S-1-5-21-4059901540-3679170682-413800566-1001[...]\Run : Unity (C:\Users\Matthew\AppData\Roaming\A23687.exe) -> FOUND</p><p>[RUN][BLACKLIST DLL] HKUS\S-1-5-21-4059901540-3679170682-413800566-1001[...]\Run : vcsux ("C:\Windows\System32\rundll32.exe" "C:\Users\Matthew\AppData\Roaming\vcsux.dll",vInitA) -> FOUND</p><p>[TASK][SUSP PATH] At17.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At16.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At15.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At14.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At13.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At12.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At11.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At10.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At1.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At26.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At25.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At24.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At23.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At22.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At21.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At20.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At2.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At19.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At18.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At35.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At34.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At33.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At32.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At31.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At30.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At3.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At29.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At28.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At27.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At44.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At43.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At42.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At41.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At40.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At4.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At39.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At38.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At37.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At36.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At9.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At8.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At7.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At6.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At5.job : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At48.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At47.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At46.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At45.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At1 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At10 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At11 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At12 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At13 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At14 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At15 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At16 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At17 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At18 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At19 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At2 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At20 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At21 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At22 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At23 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At24 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At25 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At26 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At27 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At28 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At29 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At3 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At30 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At31 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At32 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At33 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At34 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At35 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At36 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At37 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At38 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At39 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At4 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At40 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At41 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At42 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At43 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At44 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At45 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At46 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At47 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At48 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND</p><p>[TASK][SUSP PATH] At5 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At6 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At7 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At8 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[TASK][SUSP PATH] At9 : C:\ProgramData\DXwGc1LV.exe -> FOUND</p><p>[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND</p><p>[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND</p><p>[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND</p><p>[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND</p><p>[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND</p><p>[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND</p><p>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</p><p>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p>[ZeroAccess][FOLDER] U : C:\Windows\Installer\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\U --> FOUND</p><p>[ZeroAccess][FILE] n : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\n --> FOUND</p><p>[ZeroAccess][FILE] @ : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\@ --> FOUND</p><p>[ZeroAccess][FOLDER] U : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\U --> FOUND</p><p>[ZeroAccess][FOLDER] L : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\L --> FOUND</p><p>[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND</p><p></p><p>¤¤¤ Driver : [NOT LOADED] ¤¤¤</p><p></p><p>¤¤¤ Extern Hives: ¤¤¤</p><p></p><p>¤¤¤ Infection : ZeroAccess ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>--> C:\Windows\system32\drivers\etc\hosts</p><p></p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 +++++</p><p>--- User ---</p><p>[MBR] e3bdf4cdfd3279ba40f17d7193c1c0e5</p><p>[BSP] a3c659d02ba4c3e274417b065c8d3dfd : Windows 7 MBR Code</p><p>Partition table:</p><p>0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo</p><p>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo</p><p>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 Mo</p><p>User = LL1 ... OK!</p><p>User = LL2 ... OK!</p><p></p><p>Finished : << RKreport[1].txt >></p><p>RKreport[1].txt</p></blockquote><p></p>
[QUOTE="erbrma, post: 75285, member: 2550"] I don't have the Malwarebytes log but I removed 34 infections found during its scan. My main problem is a window saying "There was a problem starting C:/Windows/system32/crexv.ocx that appears every 5 seconds on my computer even if I exit out of it. RogueKiller Logs: RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Matthew [Admin rights] Mode : Scan -- Date : 09/25/2012 17:40:00 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 109 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : Unity (C:\Users\Matthew\AppData\Roaming\A23687.exe) -> FOUND [RUN][BLACKLIST DLL] HKCU\[...]\Run : vcsux ("C:\Windows\System32\rundll32.exe" "C:\Users\Matthew\AppData\Roaming\vcsux.dll",vInitA) -> FOUND [RUN][BLACKLIST DLL] HKLM\[...]\Run : vcsux ("C:\Windows\System32\rundll32.exe" "C:\Users\Matthew\AppData\Roaming\vcsux.dll",vInitA) -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-4059901540-3679170682-413800566-1001[...]\Run : Unity (C:\Users\Matthew\AppData\Roaming\A23687.exe) -> FOUND [RUN][BLACKLIST DLL] HKUS\S-1-5-21-4059901540-3679170682-413800566-1001[...]\Run : vcsux ("C:\Windows\System32\rundll32.exe" "C:\Users\Matthew\AppData\Roaming\vcsux.dll",vInitA) -> FOUND [TASK][SUSP PATH] At17.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At16.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At15.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At14.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At13.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At12.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At11.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At10.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At1.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At26.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At25.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At24.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At23.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At22.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At21.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At20.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At2.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At19.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At18.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At35.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At34.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At33.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At32.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At31.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At30.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At3.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At29.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At28.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At27.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At44.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At43.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At42.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At41.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At40.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At4.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At39.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At38.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At37.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At36.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At9.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At8.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At7.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At6.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At5.job : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At48.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At47.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At46.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At45.job : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At1 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At10 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At11 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At12 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At13 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At14 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At15 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At16 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At17 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At18 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At19 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At2 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At20 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At21 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At22 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At23 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At24 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At25 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At26 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At27 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At28 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At29 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At3 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At30 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At31 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At32 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At33 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At34 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At35 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At36 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At37 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At38 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At39 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At4 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At40 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At41 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At42 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At43 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At44 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At45 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At46 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At47 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At48 : C:\ProgramData\DXwGc1LV.exe_ -> FOUND [TASK][SUSP PATH] At5 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At6 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At7 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At8 : C:\ProgramData\DXwGc1LV.exe -> FOUND [TASK][SUSP PATH] At9 : C:\ProgramData\DXwGc1LV.exe -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND [HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\U --> FOUND [ZeroAccess][FILE] n : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\n --> FOUND [ZeroAccess][FILE] @ : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Users\Matthew\AppData\Local\{47b3213b-47d3-4c81-a3ba-ccfbc3c028e7}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 +++++ --- User --- [MBR] e3bdf4cdfd3279ba40f17d7193c1c0e5 [BSP] a3c659d02ba4c3e274417b065c8d3dfd : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt [/QUOTE]
Insert quotes…
Verification
Post reply
Top
