I downloaded a bad program yesterday and i'm pretty sure my computer is infected to the core. Yesterday I had many iexplorer opens but it seems like I was able to fix that, now today I had problems with my core files like lrss, run32 and window explorer seems like he is running many times. etc...Please let me know if the infection is so deep that i neeed to format or what. Thank you (seems also to have internet problems now)
ps. found stuff with ad aware and AVG which are the standard program I use for protection...also just downloaded spybot search and destroy
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:08:11 PM, on 05/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
CHROME: 33.0.1750.146
FIREFOX: 23.0.1 (en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\12345\AppData\Local\VNT\vntldr.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSou...ctid=CT2653012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Veoh Web Player - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1573336260-1148118520-3100803624-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1573336260-1148118520-3100803624-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-ir2012 - {79E19CC8-7698-4B41-8474-52FA5B207EBF} - C:\Program Files (x86)\ImpotRapide 2012\ic2012pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14076 bytes
----------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/12/2010 6:03:53 PM
System Uptime: 05/03/2014 7:14:54 PM (3 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 413.222 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.529 GiB free.
E: is CDROM ()
J: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP246: 26/02/2014 12:35:10 AM - Windows Update
RP247: 04/03/2014 6:30:53 PM - AA11
RP248: 04/03/2014 6:35:44 PM - AA11
RP249: 04/03/2014 7:03:46 PM - Removed Ad-Aware
RP250: 04/03/2014 7:06:14 PM - AA11
RP251: 04/03/2014 7:18:08 PM - AA11
RP252: 04/03/2014 7:19:23 PM - AA11
RP253: 05/03/2014 1:17:07 PM - AA11
RP254: 05/03/2014 1:19:03 PM - AA11
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
For some reason cannot get the ddss.txt file..let me know if u really need it..
------
GMER log
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-06 14:31:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000051 Hitachi_ rev.JP3O 698.64GB
Running: wvwdov6j.exe; Driver: C:\Users\12345\AppData\Local\Temp\agtiqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2152] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2152] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3816] entry point in ".rdata" section 000000006e7371e6
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Users\12345\AppData\Local\VNT\vntldr.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Users\12345\AppData\Local\VNT\vntldr.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetCursorPos 00000000774aca44 5 bytes {CALL 0xffffffffffff35be}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!PeekMessageA 00000000774b3a18 5 bytes {CALL 0xfffffffffffec5ea}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetMessageA 00000000774b6110 5 bytes {CALL 0xfffffffffffe9ef2}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!PeekMessageW 00000000774b8fd0 5 bytes {CALL 0xfffffffffffe7032}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetMessageW 00000000774b9e74 5 bytes {CALL 0xfffffffffffe618e}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetMessagePos 00000000774c84e0 5 bytes {CALL 0xfffffffffffd7b22}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetCursorInfo 00000000774caef0 5 bytes {CALL 0xfffffffffffd5112}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!SetCursorPos 00000000774e1f58 5 bytes {CALL 0xfffffffffffbe0aa}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxA 00000000775112b8 5 bytes {CALL 0xfffffffffff8ed4a}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxW 0000000077511314 2 bytes [E8, E9]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxW + 3 0000000077511317 2 bytes [F8, FF]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExA 0000000077511370 2 bytes [E8, 8D]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExA + 3 0000000077511373 2 bytes [F8, FF]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExW 0000000077511394 2 bytes [E8, 69]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 0000000077511397 2 bytes [F8, FF]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxIndirectA 0000000077511668 5 bytes {CALL 0xfffffffffff8e99a}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxIndirectW 0000000077511874 5 bytes {CALL 0xfffffffffff8e78e}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa332144 5 bytes {CALL 0xffffffffffffdebe}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\winmm.dll!waveOutWrite 000007fefa333d40 5 bytes {CALL 0xffffffffffffc2c2}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\winmm.dll!PlaySound 000007fefa352f10 5 bytes {CALL 0xfffffffffffdd0f2}
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1632:2948] 0000000051073290
Thread C:\Windows\System32\spoolsv.exe [1632:3084] 000007fef7bd10c8
Thread C:\Windows\System32\spoolsv.exe [1632:3092] 000007fef7ba6144
Thread C:\Windows\System32\spoolsv.exe [1632:3096] 000007fef7995fd0
Thread C:\Windows\System32\spoolsv.exe [1632:3100] 000007fef7983438
Thread C:\Windows\System32\spoolsv.exe [1632:3104] 000007fef79963ec
Thread C:\Windows\System32\spoolsv.exe [1632:3112] 000007fef8e35e5c
Thread C:\Windows\System32\spoolsv.exe [1632:3116] 000007fef83e5074
Thread C:\Windows\Explorer.EXE [3064:6088] 00000000058ddd54
Thread C:\Windows\System32\WUDFHost.exe [5152:5236] 000007feede624a0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6128:2364] 000007fefae02a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6128:2064] 000007fee8c74830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6128:6276] 000007fef8f35124
Thread C:\Windows\Explorer.EXE [2208:7508] 0000000000071434
Thread C:\Windows\Explorer.EXE [2208:1108] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:3432] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7616] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8176] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:5640] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:220] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:200] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7084] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6928] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:4888] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:3824] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8156] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7492] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:3836] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:3844] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7712] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7176] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:6384] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7256] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7540] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7968] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:8900] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:9128] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6772] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:4460] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7700] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8860] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:1924] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8592] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8856] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6496] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7832] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8880] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8972] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8756] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8748] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:9196] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8624] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:5036] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7692] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:9024] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7796] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7512] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6376] 0000000000078ea4
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3064] (Online files icon's overlay/Microsoft) 000007fef70d0000
Library C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3064](2014-03-04 22:33:02) 000007feea250000
Library C:\Users\12345\AppData\Local\VNT\vntsrv.dll (*** suspicious ***) @ C:\Users\12345\AppData\Local\VNT\vntldr.exe [4364] (Virtual New Tab Server/APN LLC.)(2013-11-08 03:08:14) 000000006f850000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\ttjHLO4K6ZN.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\a_usersync[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\beacon7M7TCN5V.htm 126 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\5ZHXQE4T.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\AdDisplayTrackerServlet[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\dsy[1].gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\0uk50050fdd3df25[1].js 1158 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\ttjA0L5G6Y5.js 786 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\ttjWCAZ19TJ.js 713 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\main-stylesheet[1].css 72680 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\impr[2] 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\style[6].css 5072 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\json[8].json 306 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\get-user-id[4].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\get-user-id[5].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\hovercard[1].css 8290 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BA3UBKG\ttjWBTAQDQ9.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BA3UBKG\ttjWOK9575L.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttjPEWF455S.js 830 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttjQWNFAQX6.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttjRR7O4KQ3.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj2P9GMP38.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj5IX1B2NG.js 888 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj62CICW3Y.js 953 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj7BQY115Y.js 791 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj7FJVGLK2.js 4013 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\containertag[1].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\st8HQ0KIBJ 5082 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\0uk50050fdd3df25[2].js 1824 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\tt0LJ1PPSN.htm 1193 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\ttCDK5Q9LL.htm 1094 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\serv[1].htm 828 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\ifRTF99UI0.htm 259 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\html[1].htm 26 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\ifDPT6WXTL.htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\beaconF9RLY2OG.htm 126 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\beaconPACLT5DC.htm 126 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\3ddc43c1898350b38629c63bce560fb4[1].swf 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\ajs[4].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\ajs[5].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\ajs[6].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\511c146ae4b0c704f12cfd75_v2[1].swf 9527 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\511c1ecee4b0c704f12cfd7a_v5[1].swf 4557 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\51c425f4e4b09e0c5742bc3e_v36[1].swf 5939 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\Pug[1].htm 1 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\vj[1].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\usermatchLGJP3AMA.htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\ajs[5].js 2631 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\default_199549-4[1].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\ttj9IZ4XNOG.js 893 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ifKKAEL3U3.htm 699 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\serv[1].htm 828 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ifV4OZL42N.htm 603 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ttjJUFD5YVQ.js 652 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ifUH13K7AJ.htm 259 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ttjVGV0YMST.js 791 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ttjADHSLZ5G.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\if7LDQWOZG.htm 622 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\match[8].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\7573458b7bc7b9486b0e2002837dac88[1].gif 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\2dc5e8ef96d0fec009aa4b58ecdaa449[1].swf 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\FI9EW7MM.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjDT8A45U8.js 791 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjOIGW1CZC.js 830 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjQJ6CTC9F.js 746 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttj5U7P6M4R.js 952 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjYYCGPIGZ.js 588 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttj[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRVVA2RT\bd393d69cc689211bc0b8f42504f46fd[1].json 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRVVA2RT\bd393d69cc689211bc0b8f42504f46fd[2].json 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRVVA2RT\ttj4ANU3QPP.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ifZY8E50ML.htm 741 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ttj9A9IF21Y.js 6462 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\if9NS3OL0B.htm 741 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ttj0U9YBV1X.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\food[1].htm 4565 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\NQ61QDQ6.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\RPSDG4UN.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\r2[1].htm 449 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ttjV6JVDYQY.js 704 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\AdServerServlet[1].json 603 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKIK6UAI\ttjULCPQST9.js 301 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKIK6UAI\ttjSCIUCOXV.js 305 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\serv[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\0uk50050fdd3df25[1].js 1106 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\iphone-trade-in-program-from-apple[1].htm 23773 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\97FF2FHJ.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\ts[1].gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\ttj34Z9O6DT.js 941 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\ttjR75D4MT1.js 593 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttj1J09L9JA.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ifY7IZ6UAB.htm 876 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttjQNBM63ID.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ifS33CDQME.htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\html[7].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttjB19Y4USV.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttjCYXPJMYU.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttj51N2VTO5.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\JS[9].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\st[6] 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\a_usersync[3].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\json[3].json 306 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\51BDQMDB.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\if9M22B37S.htm 748 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttjGYF7IW7J.js 902 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttjXYR8U072.js 8548 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttj9POFODQI.js 727 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttjJL9UKW4Y.js 838 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\html[3].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\fm[4].js 1165 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\fp[3].js 19239 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\5176c647e4b09e5e67af5b27_si[1].js 1942 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\WebCache\V0100318.log 524288 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\WebCache\V0100319.log 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\WebCache\V010031A.log 524288 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\0LXF2PQC.txt 755 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\TK3VQ47H.txt 6356 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\43IZSQ76.txt 0 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\YSXJ8FA3.txt 401 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\KA00B1ID.txt 0 bytes
---- EOF - GMER 2.1 ----
I downloaded Malwarebyte and Adwcleaner but the infection persist, I really need your help now.
THank you!!