Malware generating random number.exe cant run any malware soft
Started by
tsurvey73
, Oct 24 2011 10:57 AM
-
This topic is locked
#1
Posted 24 October 2011 - 10:57 AM
tsurvey73
-
- Member
-
- 23 posts
Member
#2
Posted 24 October 2011 - 11:50 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there first I will need to confirm the infection before I can determine which tool is the best to use - if need be run these in safe mode
Download OTL to your Desktop
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#3
Posted 24 October 2011 - 12:12 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
OTL and Extras Logs
OTL logfile created on: 10/24/2011 12:58:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 62.94% Memory free
7.18 Gb Paging File | 6.33 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 10.91 Gb Free Space | 3.66% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 495.22 Mb Total Space | 273.09 Mb Free Space | 55.14% Space Free | Partition Type: FAT
Drive G: | 1397.26 Gb Total Space | 254.11 Gb Free Space | 18.19% Space Free | Partition Type: NTFS
Computer Name: UNDEVCOFILMS-PC | User Name: Undevco Films | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/24 11:44:50 | 000,302,592 | ---- | M] () -- E:\3gstu43m.exe
PRC - [2011/10/24 11:26:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/24 11:44:50 | 000,302,592 | ---- | M] () -- E:\3gstu43m.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/04 08:19:30 | 000,644,096 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
SRV - [2011/10/02 19:25:04 | 002,151,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\d\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/09 23:36:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/17 14:09:18 | 000,139,264 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/08/23 20:21:40 | 000,008,192 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/27 17:56:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/24 11:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/07/30 18:51:02 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/21 17:02:54 | 000,233,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
========== Driver Services (SafeList) ==========
DRV - [2011/10/24 11:26:38 | 000,273,408 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tskACF1.tmp -- (AFD)
DRV - [2011/10/24 10:49:38 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\91912406.sys -- (58010134)
DRV - [2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\62361770.sys -- (17703796)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/05 14:12:35 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/06/03 02:54:36 | 001,032,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/31 02:16:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2007/10/31 02:15:52 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/25 06:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/01 16:10:02 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH053C.sys -- (SaiH053C)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001/10/25 22:42:10 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {71D7952D-AAF0-411D-9F41-34B02273C255}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:06&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Undevco Films\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/07/12 14:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 22:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{71D7952D-AAF0-411D-9F41-34B02273C255}: C:\Users\Undevco Films\AppData\Local\{71D7952D-AAF0-411D-9F41-34B02273C255}\ [2011/04/15 18:08:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{999CFC64-AA62-4B5D-8151-676682645F60}: C:\Users\Undevco Films\AppData\Local\{999CFC64-AA62-4B5D-8151-676682645F60}\ [2011/05/24 21:52:55 | 000,000,000 | ---D | M]
[2010/03/12 06:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Extensions
[2011/10/17 13:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions
[2011/05/12 01:18:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/10/05 18:58:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{460e7e89-5617-4ff2-82a2-26aaaa6519c3}
[2011/08/01 19:32:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 22:43:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{a605b862-ef41-4b3d-bd27-f91bd4add574}
[2010/06/11 18:56:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\[email protected]
[2010/11/07 18:00:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\vshare@toolbar
[2011/09/24 16:57:42 | 000,001,945 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\bing-zugo.xml
[2010/01/01 06:55:02 | 000,000,909 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\conduit.xml
[2011/10/02 22:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 00:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/15 18:08:40 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{71D7952D-AAF0-411D-9F41-34B02273C255}
[2011/05/24 21:52:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{999CFC64-AA62-4B5D-8151-676682645F60}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/06/13 00:36:50 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.10.20_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
Hosts file not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\d\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe /autorun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Windows\System32\
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracklock
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cracklock
[2011/10/24 11:42:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/24 11:37:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/24 11:37:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/24 11:37:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/24 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 11:26:38 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\38675606.sys
[2011/10/24 06:10:20 | 000,000,000 | --SD | C] -- C:\keska
[2011/10/24 06:06:29 | 004,270,772 | R--- | C] (Swearware) -- C:\keska.exe
[2011/10/24 05:29:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Documents\Anti-Malware
[2011/10/24 04:34:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 03:53:04 | 000,000,000 | ---D | C] -- \LOST.DIR
[2011/10/24 03:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 03:39:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/24 03:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\d
[2011/10/24 03:09:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/24 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\Adobe
[2011/10/24 00:42:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Doctor Web
[2011/10/24 00:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/10/24 00:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2011/10/23 22:57:48 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2011/10/23 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\m
[2011/10/23 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/23 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\DoctorWeb
[2011/10/23 17:01:39 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/23 14:28:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/23 14:23:30 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\eK888fRL9hTXqUe
[2011/10/23 14:23:29 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\FooobFF3pmG5QJd
[2011/10/23 14:23:25 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\uUUUCeekIBrz
[2011/10/23 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\TKKK8ffRZ
[2011/10/23 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\SlIIBBtzPNyc1uD
[2011/10/23 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\nextgen-gallery
[2011/10/21 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\DR MUSIC ADD
[2011/10/21 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\FUNNY
[2011/10/17 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\LES
[2011/10/16 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\WTablet
[2011/10/16 16:49:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2011/10/16 16:49:05 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2011/10/16 16:48:39 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2011/10/16 16:47:28 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2011/10/16 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2011/10/16 16:46:19 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2011/10/16 16:46:19 | 000,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2011/10/16 16:46:19 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2011/10/16 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/09 04:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box
[2011/10/05 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/05 19:21:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\temp(727)
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/30 23:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/25 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/09/25 09:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/24 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 3
[2011/09/24 22:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 3
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Windows\System32\
[2011/10/24 11:26:38 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\38675606.sys
[2011/10/24 11:07:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 11:06:49 | 301,083,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/24 11:05:56 | 000,138,425 | ---- | M] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 10:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 10:49:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 10:49:31 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 10:49:31 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 06:30:40 | 000,580,339 | ---- | M] () -- C:\MGlogs.zip
[2011/10/24 06:15:43 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:59:39 | 000,273,408 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
[2011/10/24 05:55:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 05:41:10 | 000,000,000 | ---- | M] () -- C:\Windows\183811098
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
[2011/10/24 05:15:40 | 000,649,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 05:15:40 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 03:39:21 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 03:12:43 | 000,000,000 | ---- | M] () -- C:\Windows\183811098_89808
[2011/10/24 03:03:43 | 000,000,000 | ---- | M] () -- C:\Windows\ISEEYOU
[2011/10/24 01:30:33 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 21:31:01 | 004,270,772 | R--- | M] (Swearware) -- C:\keska.exe
[2011/10/23 17:40:24 | 000,001,356 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2011/10/23 17:24:48 | 000,000,512 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,002,855 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 14:08:56 | 000,303,049 | ---- | M] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:55:59 | 000,064,512 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 13:26:17 | 007,636,901 | ---- | M] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/23 10:50:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 10:50:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | M] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | M] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:31 | 001,021,597 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:27 | 001,045,646 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:12:28 | 000,207,462 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/14 04:33:00 | 008,962,806 | ---- | M] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | M] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/12 11:23:13 | 000,662,551 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/10/09 05:10:07 | 000,000,882 | ---- | M] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | M] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 19:25:14 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/09/26 05:40:38 | 004,178,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/24 22:16:06 | 000,000,902 | ---- | M] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | M] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | M] () -- C:\Windows\cfmrp-n.ini
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2020/01/07 00:32:35 | 000,001,651 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Cracklock.settings
[2011/10/24 12:57:06 | 001,916,416 | ---- | C] () -- \aswMBR.exe
[2011/10/24 12:23:28 | 001,561,392 | ---- | C] () -- \tdsskiller.exe
[2011/10/24 11:44:47 | 000,302,592 | ---- | C] () -- \3gstu43m.exe
[2011/10/24 11:37:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/24 11:37:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/24 11:37:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/24 11:37:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/24 11:37:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/24 11:37:42 | 000,000,512 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/24 11:26:00 | 000,584,192 | ---- | C] () -- \OTL.exe
[2011/10/24 11:22:44 | 000,138,425 | ---- | C] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 11:05:54 | 000,138,425 | ---- | C] () -- \go.exe
[2011/10/24 06:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:31:25 | 000,580,339 | ---- | C] () -- C:\MGlogs.zip
[2011/10/24 05:29:00 | 002,423,465 | ---- | C] () -- C:\MGtools.exe
[2011/10/24 05:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\183811098
[2011/10/24 05:06:49 | 101,526,088 | ---- | C] () -- \EmsisoftAntiMalwareSetup.exe
[2011/10/24 03:57:38 | 000,080,384 | ---- | C] () -- \MBRCheck-1.exe
[2011/10/24 03:56:27 | 000,000,000 | ---- | C] () -- \MBRCheck.exe
[2011/10/24 03:39:21 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 03:12:43 | 000,000,000 | ---- | C] () -- C:\Windows\183811098_89808
[2011/10/24 03:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\ISEEYOU
[2011/10/24 01:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 19:43:12 | 000,000,015 | ---- | C] () -- \settings.dat
[2011/10/23 19:42:38 | 000,472,064 | ---- | C] () -- \RootRepeal.exe
[2011/10/23 17:58:44 | 079,532,096 | ---- | C] () -- \m36z5576.exe
[2011/10/23 17:46:51 | 042,730,616 | ---- | C] () -- \4k8t247w.exe
[2011/10/23 17:34:22 | 000,050,688 | ---- | C] () -- \ATF-Cleaner.exe
[2011/10/23 17:28:01 | 000,000,000 | ---- | C] () -- \mab.exe
[2011/10/23 17:24:46 | 000,000,512 | ---- | C] () -- \ABCD.lnk
[2011/10/23 17:05:20 | 000,454,120 | ---- | C] () -- \cnet_ComboFix_exe.exe
[2011/10/23 15:31:56 | 000,002,855 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 13:59:17 | 000,303,049 | ---- | C] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:26:07 | 007,636,901 | ---- | C] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/21 17:06:09 | 000,068,096 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | C] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | C] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:30 | 001,021,597 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:26 | 001,045,646 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:08:25 | 000,207,462 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/17 12:13:10 | 301,083,379 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:49:06 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2011/10/14 04:07:59 | 008,962,806 | ---- | C] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | C] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/09 05:10:07 | 000,000,882 | ---- | C] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | C] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 22:43:47 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:16:06 | 000,000,902 | ---- | C] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | C] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | C] () -- C:\Windows\cfmrp-n.ini
[2011/08/26 15:14:06 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 10:11:24 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/27 14:29:13 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/15 17:03:38 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/06/01 01:17:59 | 000,000,020 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\IFOJUKOZ.DLL
[2011/05/19 09:34:19 | 000,001,504 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\37rlbp24y820q
[2011/04/28 23:49:32 | 000,011,400 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\sg2x37m3or
[2011/04/24 20:03:40 | 000,013,314 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\2gh770g13j884i17kwfdc0248208452h6e6u1vm68c51rl0
[2011/04/23 14:12:51 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 14:12:51 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/04 00:56:52 | 000,000,120 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Wqisuyubozidi.dat
[2011/04/04 00:56:52 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Ogidomusigegobe.bin
[2011/03/23 03:51:34 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/02/02 14:38:15 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\PnkBstrK.sys
[2010/12/14 20:30:46 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/14 20:30:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/23 17:14:56 | 000,141,273 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/08/25 00:51:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/07/26 09:45:58 | 000,000,707 | ---- | C] () -- C:\Windows\cm108.ini
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/04/27 18:04:33 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/04/22 19:59:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/04/22 19:59:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/04/22 19:59:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/04/22 19:59:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/03/29 19:09:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/03/29 18:57:46 | 000,001,541 | ---- | C] () -- C:\Windows\TSearch.INI
[2010/03/25 13:48:23 | 000,075,328 | ---- | C] () -- C:\Windows\System32\prodad-mercalli-10-codec.dll
[2010/03/22 16:19:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 13:49:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/03/15 03:16:12 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010/03/13 17:50:15 | 000,064,512 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 15:29:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/13 02:51:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/13 02:51:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/13 02:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/12 05:54:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/03/12 05:46:26 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2010/03/12 05:46:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/03/12 05:44:08 | 000,001,356 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/06/05 18:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2007/05/01 16:10:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC053C_0C.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_10.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_0A.dll
[2007/05/01 16:10:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC053C_09.dll
[2007/05/01 16:10:02 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC053C_11.dll
[2007/05/01 16:10:00 | 000,835,584 | ---- | C] () -- C:\Windows\System32\SaiC053C.Dll
[2007/05/01 16:10:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_07.dll
[2007/05/01 16:10:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC053C_0402.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 004,178,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,649,176 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/10/05 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\2K Sports
[2011/04/23 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\572EFECB296E0DDFABC6F22A08836665
[2011/09/25 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/10/13 09:26:00 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Azureus
[2011/05/24 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\BlackBean
[2010/08/27 09:00:10 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/16 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\DAEMON Tools Pro
[2011/10/23 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\eK888fRL9hTXqUe
[2011/10/23 14:23:29 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FooobFF3pmG5QJd
[2010/04/20 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FreeArc
[2010/09/23 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\HDRsoft
[2010/06/13 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Logia
[2010/11/30 06:16:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Mount&Blade Warband
[2010/04/11 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\MPEG Streamclip
[2010/03/22 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\PACE Anti-Piracy
[2010/04/12 00:40:40 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Pavtube
[2010/03/25 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\proDAD
[2010/04/22 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Publish Providers
[2011/03/23 02:48:02 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\QuickScan
[2010/08/24 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\scriptocean
[2011/10/23 14:23:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\SlIIBBtzPNyc1uD
[2010/04/13 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony
[2010/03/22 01:18:32 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony Creative Software
[2010/08/27 16:57:36 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/06 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Stellarium
[2010/06/29 02:27:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\The Creative Assembly
[2011/03/28 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TightVNC
[2011/10/23 14:23:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TKKK8ffRZ
[2011/07/27 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Tonido
[2010/07/26 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TS3Client
[2011/01/07 15:35:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Ulead Systems
[2011/10/23 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\uUUUCeekIBrz
[2011/06/01 06:16:08 | 000,000,000 | --SD | M] -- C:\Users\Undevco Films\AppData\Roaming\Virtual CD v10
[2011/03/19 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\WysePocketCloud
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/24 05:39:05 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2011/10/23 21:31:01 | 004,270,772 | R--- | M] (Swearware) -- C:\keska.exe
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
< MD5 for: EXPLORER.EXE >
[2010/03/12 08:10:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/03/12 08:10:00 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/03/12 08:10:00 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/03/12 08:42:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/03/12 08:42:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/03/12 08:10:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
========== Files - Unicode (All) ==========
[2011/03/23 14:50:36 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/03/23 14:32:17 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\Windows\ISEEYOU:3846376437.exe
@Alternate Data Stream - 816 bytes -> C:\Windows\183811098_89808:3846376437.exe
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1B7B8F31
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3C6F81BD
< End of report >
OTL logfile created on: 10/24/2011 12:58:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 62.94% Memory free
7.18 Gb Paging File | 6.33 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 10.91 Gb Free Space | 3.66% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 495.22 Mb Total Space | 273.09 Mb Free Space | 55.14% Space Free | Partition Type: FAT
Drive G: | 1397.26 Gb Total Space | 254.11 Gb Free Space | 18.19% Space Free | Partition Type: NTFS
Computer Name: UNDEVCOFILMS-PC | User Name: Undevco Films | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/24 11:44:50 | 000,302,592 | ---- | M] () -- E:\3gstu43m.exe
PRC - [2011/10/24 11:26:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/24 11:44:50 | 000,302,592 | ---- | M] () -- E:\3gstu43m.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/04 08:19:30 | 000,644,096 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
SRV - [2011/10/02 19:25:04 | 002,151,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\d\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/09 23:36:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/17 14:09:18 | 000,139,264 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/08/23 20:21:40 | 000,008,192 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/27 17:56:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/24 11:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/07/30 18:51:02 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/21 17:02:54 | 000,233,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
========== Driver Services (SafeList) ==========
DRV - [2011/10/24 11:26:38 | 000,273,408 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tskACF1.tmp -- (AFD)
DRV - [2011/10/24 10:49:38 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\91912406.sys -- (58010134)
DRV - [2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\62361770.sys -- (17703796)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/05 14:12:35 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/06/03 02:54:36 | 001,032,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/31 02:16:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2007/10/31 02:15:52 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/25 06:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/01 16:10:02 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH053C.sys -- (SaiH053C)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001/10/25 22:42:10 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {71D7952D-AAF0-411D-9F41-34B02273C255}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:06&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Undevco Films\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/07/12 14:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 22:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{71D7952D-AAF0-411D-9F41-34B02273C255}: C:\Users\Undevco Films\AppData\Local\{71D7952D-AAF0-411D-9F41-34B02273C255}\ [2011/04/15 18:08:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{999CFC64-AA62-4B5D-8151-676682645F60}: C:\Users\Undevco Films\AppData\Local\{999CFC64-AA62-4B5D-8151-676682645F60}\ [2011/05/24 21:52:55 | 000,000,000 | ---D | M]
[2010/03/12 06:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Extensions
[2011/10/17 13:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions
[2011/05/12 01:18:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/10/05 18:58:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{460e7e89-5617-4ff2-82a2-26aaaa6519c3}
[2011/08/01 19:32:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 22:43:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{a605b862-ef41-4b3d-bd27-f91bd4add574}
[2010/06/11 18:56:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\[email protected]
[2010/11/07 18:00:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\vshare@toolbar
[2011/09/24 16:57:42 | 000,001,945 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\bing-zugo.xml
[2010/01/01 06:55:02 | 000,000,909 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\conduit.xml
[2011/10/02 22:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 00:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/15 18:08:40 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{71D7952D-AAF0-411D-9F41-34B02273C255}
[2011/05/24 21:52:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{999CFC64-AA62-4B5D-8151-676682645F60}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/06/13 00:36:50 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.10.20_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
Hosts file not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\d\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe /autorun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Windows\System32\
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracklock
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cracklock
[2011/10/24 11:42:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/24 11:37:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/24 11:37:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/24 11:37:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/24 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 11:26:38 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\38675606.sys
[2011/10/24 06:10:20 | 000,000,000 | --SD | C] -- C:\keska
[2011/10/24 06:06:29 | 004,270,772 | R--- | C] (Swearware) -- C:\keska.exe
[2011/10/24 05:29:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Documents\Anti-Malware
[2011/10/24 04:34:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 03:53:04 | 000,000,000 | ---D | C] -- \LOST.DIR
[2011/10/24 03:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 03:39:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/24 03:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\d
[2011/10/24 03:09:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/24 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\Adobe
[2011/10/24 00:42:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Doctor Web
[2011/10/24 00:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/10/24 00:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2011/10/23 22:57:48 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2011/10/23 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\m
[2011/10/23 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/23 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\DoctorWeb
[2011/10/23 17:01:39 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/23 14:28:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/23 14:23:30 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\eK888fRL9hTXqUe
[2011/10/23 14:23:29 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\FooobFF3pmG5QJd
[2011/10/23 14:23:25 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\uUUUCeekIBrz
[2011/10/23 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\TKKK8ffRZ
[2011/10/23 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\SlIIBBtzPNyc1uD
[2011/10/23 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\nextgen-gallery
[2011/10/21 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\DR MUSIC ADD
[2011/10/21 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\FUNNY
[2011/10/17 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\LES
[2011/10/16 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\WTablet
[2011/10/16 16:49:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2011/10/16 16:49:05 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2011/10/16 16:48:39 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2011/10/16 16:47:28 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2011/10/16 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2011/10/16 16:46:19 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2011/10/16 16:46:19 | 000,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2011/10/16 16:46:19 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2011/10/16 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/09 04:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box
[2011/10/05 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/05 19:21:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\temp(727)
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/30 23:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/25 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/09/25 09:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/24 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 3
[2011/09/24 22:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 3
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Windows\System32\
[2011/10/24 11:26:38 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\38675606.sys
[2011/10/24 11:07:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 11:06:49 | 301,083,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/24 11:05:56 | 000,138,425 | ---- | M] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 10:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 10:49:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 10:49:31 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 10:49:31 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 06:30:40 | 000,580,339 | ---- | M] () -- C:\MGlogs.zip
[2011/10/24 06:15:43 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:59:39 | 000,273,408 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
[2011/10/24 05:55:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 05:41:10 | 000,000,000 | ---- | M] () -- C:\Windows\183811098
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
[2011/10/24 05:15:40 | 000,649,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 05:15:40 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 03:39:21 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 03:12:43 | 000,000,000 | ---- | M] () -- C:\Windows\183811098_89808
[2011/10/24 03:03:43 | 000,000,000 | ---- | M] () -- C:\Windows\ISEEYOU
[2011/10/24 01:30:33 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 21:31:01 | 004,270,772 | R--- | M] (Swearware) -- C:\keska.exe
[2011/10/23 17:40:24 | 000,001,356 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2011/10/23 17:24:48 | 000,000,512 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,002,855 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 14:08:56 | 000,303,049 | ---- | M] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:55:59 | 000,064,512 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 13:26:17 | 007,636,901 | ---- | M] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/23 10:50:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 10:50:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | M] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | M] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:31 | 001,021,597 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:27 | 001,045,646 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:12:28 | 000,207,462 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/14 04:33:00 | 008,962,806 | ---- | M] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | M] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/12 11:23:13 | 000,662,551 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/10/09 05:10:07 | 000,000,882 | ---- | M] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | M] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 19:25:14 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/09/26 05:40:38 | 004,178,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/24 22:16:06 | 000,000,902 | ---- | M] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | M] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | M] () -- C:\Windows\cfmrp-n.ini
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2020/01/07 00:32:35 | 000,001,651 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Cracklock.settings
[2011/10/24 12:57:06 | 001,916,416 | ---- | C] () -- \aswMBR.exe
[2011/10/24 12:23:28 | 001,561,392 | ---- | C] () -- \tdsskiller.exe
[2011/10/24 11:44:47 | 000,302,592 | ---- | C] () -- \3gstu43m.exe
[2011/10/24 11:37:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/24 11:37:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/24 11:37:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/24 11:37:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/24 11:37:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/24 11:37:42 | 000,000,512 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/24 11:26:00 | 000,584,192 | ---- | C] () -- \OTL.exe
[2011/10/24 11:22:44 | 000,138,425 | ---- | C] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 11:05:54 | 000,138,425 | ---- | C] () -- \go.exe
[2011/10/24 06:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:31:25 | 000,580,339 | ---- | C] () -- C:\MGlogs.zip
[2011/10/24 05:29:00 | 002,423,465 | ---- | C] () -- C:\MGtools.exe
[2011/10/24 05:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\183811098
[2011/10/24 05:06:49 | 101,526,088 | ---- | C] () -- \EmsisoftAntiMalwareSetup.exe
[2011/10/24 03:57:38 | 000,080,384 | ---- | C] () -- \MBRCheck-1.exe
[2011/10/24 03:56:27 | 000,000,000 | ---- | C] () -- \MBRCheck.exe
[2011/10/24 03:39:21 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 03:12:43 | 000,000,000 | ---- | C] () -- C:\Windows\183811098_89808
[2011/10/24 03:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\ISEEYOU
[2011/10/24 01:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 19:43:12 | 000,000,015 | ---- | C] () -- \settings.dat
[2011/10/23 19:42:38 | 000,472,064 | ---- | C] () -- \RootRepeal.exe
[2011/10/23 17:58:44 | 079,532,096 | ---- | C] () -- \m36z5576.exe
[2011/10/23 17:46:51 | 042,730,616 | ---- | C] () -- \4k8t247w.exe
[2011/10/23 17:34:22 | 000,050,688 | ---- | C] () -- \ATF-Cleaner.exe
[2011/10/23 17:28:01 | 000,000,000 | ---- | C] () -- \mab.exe
[2011/10/23 17:24:46 | 000,000,512 | ---- | C] () -- \ABCD.lnk
[2011/10/23 17:05:20 | 000,454,120 | ---- | C] () -- \cnet_ComboFix_exe.exe
[2011/10/23 15:31:56 | 000,002,855 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 13:59:17 | 000,303,049 | ---- | C] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:26:07 | 007,636,901 | ---- | C] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/21 17:06:09 | 000,068,096 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | C] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | C] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:30 | 001,021,597 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:26 | 001,045,646 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:08:25 | 000,207,462 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/17 12:13:10 | 301,083,379 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:49:06 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2011/10/14 04:07:59 | 008,962,806 | ---- | C] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | C] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/09 05:10:07 | 000,000,882 | ---- | C] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | C] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 22:43:47 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:16:06 | 000,000,902 | ---- | C] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | C] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | C] () -- C:\Windows\cfmrp-n.ini
[2011/08/26 15:14:06 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 10:11:24 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/27 14:29:13 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/15 17:03:38 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/06/01 01:17:59 | 000,000,020 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\IFOJUKOZ.DLL
[2011/05/19 09:34:19 | 000,001,504 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\37rlbp24y820q
[2011/04/28 23:49:32 | 000,011,400 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\sg2x37m3or
[2011/04/24 20:03:40 | 000,013,314 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\2gh770g13j884i17kwfdc0248208452h6e6u1vm68c51rl0
[2011/04/23 14:12:51 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 14:12:51 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/04 00:56:52 | 000,000,120 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Wqisuyubozidi.dat
[2011/04/04 00:56:52 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Ogidomusigegobe.bin
[2011/03/23 03:51:34 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/02/02 14:38:15 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\PnkBstrK.sys
[2010/12/14 20:30:46 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/14 20:30:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/23 17:14:56 | 000,141,273 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/08/25 00:51:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/07/26 09:45:58 | 000,000,707 | ---- | C] () -- C:\Windows\cm108.ini
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/04/27 18:04:33 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/04/22 19:59:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/04/22 19:59:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/04/22 19:59:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/04/22 19:59:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/03/29 19:09:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/03/29 18:57:46 | 000,001,541 | ---- | C] () -- C:\Windows\TSearch.INI
[2010/03/25 13:48:23 | 000,075,328 | ---- | C] () -- C:\Windows\System32\prodad-mercalli-10-codec.dll
[2010/03/22 16:19:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 13:49:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/03/15 03:16:12 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010/03/13 17:50:15 | 000,064,512 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 15:29:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/13 02:51:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/13 02:51:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/13 02:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/12 05:54:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/03/12 05:46:26 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2010/03/12 05:46:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/03/12 05:44:08 | 000,001,356 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/06/05 18:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2007/05/01 16:10:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC053C_0C.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_10.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_0A.dll
[2007/05/01 16:10:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC053C_09.dll
[2007/05/01 16:10:02 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC053C_11.dll
[2007/05/01 16:10:00 | 000,835,584 | ---- | C] () -- C:\Windows\System32\SaiC053C.Dll
[2007/05/01 16:10:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_07.dll
[2007/05/01 16:10:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC053C_0402.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 004,178,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,649,176 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/10/05 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\2K Sports
[2011/04/23 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\572EFECB296E0DDFABC6F22A08836665
[2011/09/25 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/10/13 09:26:00 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Azureus
[2011/05/24 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\BlackBean
[2010/08/27 09:00:10 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/16 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\DAEMON Tools Pro
[2011/10/23 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\eK888fRL9hTXqUe
[2011/10/23 14:23:29 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FooobFF3pmG5QJd
[2010/04/20 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FreeArc
[2010/09/23 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\HDRsoft
[2010/06/13 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Logia
[2010/11/30 06:16:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Mount&Blade Warband
[2010/04/11 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\MPEG Streamclip
[2010/03/22 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\PACE Anti-Piracy
[2010/04/12 00:40:40 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Pavtube
[2010/03/25 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\proDAD
[2010/04/22 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Publish Providers
[2011/03/23 02:48:02 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\QuickScan
[2010/08/24 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\scriptocean
[2011/10/23 14:23:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\SlIIBBtzPNyc1uD
[2010/04/13 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony
[2010/03/22 01:18:32 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony Creative Software
[2010/08/27 16:57:36 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/06 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Stellarium
[2010/06/29 02:27:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\The Creative Assembly
[2011/03/28 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TightVNC
[2011/10/23 14:23:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TKKK8ffRZ
[2011/07/27 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Tonido
[2010/07/26 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TS3Client
[2011/01/07 15:35:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Ulead Systems
[2011/10/23 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\uUUUCeekIBrz
[2011/06/01 06:16:08 | 000,000,000 | --SD | M] -- C:\Users\Undevco Films\AppData\Roaming\Virtual CD v10
[2011/03/19 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\WysePocketCloud
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/24 05:39:05 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2011/10/23 21:31:01 | 004,270,772 | R--- | M] (Swearware) -- C:\keska.exe
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
< MD5 for: EXPLORER.EXE >
[2010/03/12 08:10:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/03/12 08:10:00 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/03/12 08:10:00 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/03/12 08:42:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/03/12 08:42:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/03/12 08:10:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
========== Files - Unicode (All) ==========
[2011/03/23 14:50:36 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/03/23 14:32:17 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\Windows\ISEEYOU:3846376437.exe
@Alternate Data Stream - 816 bytes -> C:\Windows\183811098_89808:3846376437.exe
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1B7B8F31
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3C6F81BD
< End of report >
Attached Files
-
OTL.Txt 118.84KB
123 downloads
-
Extras.Txt 96.55KB
167 downloads
#4
Posted 24 October 2011 - 12:24 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
aswMBR Log
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-24 13:14:50
-----------------------------
13:14:50.905 OS Version: Windows 6.0.6002 Service Pack 2
13:14:50.905 Number of processors: 4 586 0x170A
13:14:50.905 ComputerName: UNDEVCOFILMS-PC UserName: Undevco Films
13:15:46.535 Initialize success
13:16:17.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:16:17.017 Disk 0 Vendor: WDC_WD3200AAJS-00RYA0 12.01B01 Size: 305245MB BusType: 3
13:16:17.017 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-a
13:16:17.017 Disk 1 Vendor: SAMSUNG_HD154UI 1AG01118 Size: 1430799MB BusType: 3
13:16:19.310 Disk 0 MBR read successfully
13:16:19.310 Disk 0 MBR scan
13:16:19.326 Disk 0 Windows VISTA default MBR code
13:16:19.435 Disk 0 scanning sectors +625139712
13:16:20.574 Disk 0 scanning C:\Windows\system32\drivers
13:19:55.947 Service scanning
13:20:09.083 Service AFD C:\Windows\system32\drivers\tskACF1.tmp **LOCKED** 32
13:20:09.753 Modules scanning
13:22:45.114 Disk 0 trace - called modules:
13:22:45.192 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87ad3500]<<
13:22:45.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87009648]
13:22:45.207 Scan finished successfully
13:23:11.213 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
13:23:11.337 The log file has been saved successfully to "E:\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-24 13:14:50
-----------------------------
13:14:50.905 OS Version: Windows 6.0.6002 Service Pack 2
13:14:50.905 Number of processors: 4 586 0x170A
13:14:50.905 ComputerName: UNDEVCOFILMS-PC UserName: Undevco Films
13:15:46.535 Initialize success
13:16:17.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:16:17.017 Disk 0 Vendor: WDC_WD3200AAJS-00RYA0 12.01B01 Size: 305245MB BusType: 3
13:16:17.017 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-a
13:16:17.017 Disk 1 Vendor: SAMSUNG_HD154UI 1AG01118 Size: 1430799MB BusType: 3
13:16:19.310 Disk 0 MBR read successfully
13:16:19.310 Disk 0 MBR scan
13:16:19.326 Disk 0 Windows VISTA default MBR code
13:16:19.435 Disk 0 scanning sectors +625139712
13:16:20.574 Disk 0 scanning C:\Windows\system32\drivers
13:19:55.947 Service scanning
13:20:09.083 Service AFD C:\Windows\system32\drivers\tskACF1.tmp **LOCKED** 32
13:20:09.753 Modules scanning
13:22:45.114 Disk 0 trace - called modules:
13:22:45.192 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87ad3500]<<
13:22:45.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87009648]
13:22:45.207 Scan finished successfully
13:23:11.213 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
13:23:11.337 The log file has been saved successfully to "E:\aswMBR.txt"
Attached Files
-
aswMBR.txt 1.44KB
143 downloads
#5
Posted 24 October 2011 - 12:48 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I see that you have run combofix could you post the log please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
DRV - [2011/10/24 11:26:38 | 000,273,408 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tskACF1.tmp -- (AFD)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
O2 - BHO: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2011/10/23 14:23:30 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\eK888fRL9hTXqUe
[2011/10/23 14:23:29 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\FooobFF3pmG5QJd
[2011/10/23 14:23:25 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\uUUUCeekIBrz
[2011/10/23 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\TKKK8ffRZ
[2011/10/23 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\SlIIBBtzPNyc1uD
[2011/10/24 03:12:43 | 000,000,000 | ---- | M] () -- C:\Windows\183811098_89808
[2011/10/24 03:03:43 | 000,000,000 | ---- | M] () -- C:\Windows\ISEEYOU
[2011/10/24 12:57:06 | 001,916,416 | ---- | C] () -- \aswMBR.exe
[2011/10/24 12:23:28 | 001,561,392 | ---- | C] () -- \tdsskiller.exe
[2011/10/24 11:44:47 | 000,302,592 | ---- | C] () -- \3gstu43m.exe
[2011/06/01 01:17:59 | 000,000,020 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\IFOJUKOZ.DLL
[2011/05/19 09:34:19 | 000,001,504 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\37rlbp24y820q
[2011/04/28 23:49:32 | 000,011,400 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\sg2x37m3or
[2011/04/24 20:03:40 | 000,013,314 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\2gh770g13j884i17kwfdc0248208452h6e6u1vm68c51rl0
[2011/04/04 00:56:52 | 000,000,120 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Wqisuyubozidi.dat
[2011/04/04 00:56:52 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Ogidomusigegobe.bin
[2011/10/23 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\eK888fRL9hTXqUe
[2011/10/23 14:23:29 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FooobFF3pmG5QJd
[2011/10/23 14:23:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\SlIIBBtzPNyc1uD
[2011/10/23 14:23:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TKKK8ffRZ
[2011/10/23 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\uUUUCeekIBrz
@Alternate Data Stream - 816 bytes -> C:\Windows\ISEEYOU:3846376437.exe
@Alternate Data Stream - 816 bytes -> C:\Windows\183811098_89808:3846376437.exe
:Reg
[ HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
E:\3gstu43m.exe
C:\Windows\183811098_89808
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#6
Posted 24 October 2011 - 01:26 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
OTL Log
OTL logfile created on: 10/24/2011 2:20:42 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 86.51% Memory free
7.17 Gb Paging File | 6.93 Gb Available in Paging File | 96.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 12.53 Gb Free Space | 4.20% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 495.22 Mb Total Space | 265.12 Mb Free Space | 53.54% Space Free | Partition Type: FAT
Drive G: | 1397.26 Gb Total Space | 254.11 Gb Free Space | 18.19% Space Free | Partition Type: NTFS
Computer Name: UNDEVCOFILMS-PC | User Name: Undevco Films | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/24 14:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
SRV - [2011/10/02 19:25:04 | 002,151,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\d\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/09 23:36:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/17 14:09:18 | 000,139,264 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/08/23 20:21:40 | 000,008,192 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/27 17:56:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/24 11:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/07/30 18:51:02 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/21 17:02:54 | 000,233,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
========== Driver Services (SafeList) ==========
DRV - [2011/10/24 14:13:11 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\91912406.sys -- (58010134)
DRV - [2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\62361770.sys -- (17703796)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/14 09:59:03 | 000,075,264 | ---- | M] () [File_System | Unknown | Stopped] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/05 14:12:35 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/06/03 02:54:36 | 001,032,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/31 02:16:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2007/10/31 02:15:52 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/25 06:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/01 16:10:02 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH053C.sys -- (SaiH053C)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001/10/25 22:42:10 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {71D7952D-AAF0-411D-9F41-34B02273C255}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:06&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Undevco Films\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/07/12 14:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 22:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{71D7952D-AAF0-411D-9F41-34B02273C255}: C:\Users\Undevco Films\AppData\Local\{71D7952D-AAF0-411D-9F41-34B02273C255}\ [2011/04/15 18:08:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{999CFC64-AA62-4B5D-8151-676682645F60}: C:\Users\Undevco Films\AppData\Local\{999CFC64-AA62-4B5D-8151-676682645F60}\ [2011/05/24 21:52:55 | 000,000,000 | ---D | M]
[2010/03/12 06:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Extensions
[2011/10/17 13:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions
[2011/05/12 01:18:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/10/05 18:58:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{460e7e89-5617-4ff2-82a2-26aaaa6519c3}
[2011/08/01 19:32:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 22:43:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{a605b862-ef41-4b3d-bd27-f91bd4add574}
[2010/06/11 18:56:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\[email protected]
[2010/11/07 18:00:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\vshare@toolbar
[2011/09/24 16:57:42 | 000,001,945 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\bing-zugo.xml
[2010/01/01 06:55:02 | 000,000,909 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\conduit.xml
[2011/10/02 22:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 00:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/15 18:08:40 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{71D7952D-AAF0-411D-9F41-34B02273C255}
[2011/05/24 21:52:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{999CFC64-AA62-4B5D-8151-676682645F60}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/06/13 00:36:50 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.10.20_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
O1 HOSTS File: ([2011/10/24 13:53:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\d\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BC34DB5-5A55-4374-88BC-6E43AF2557DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe /autorun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] --
O37 - HKU\S-1-5-18\...exe [@ = exefile] --
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Windows\System32\
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracklock
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cracklock
[2011/10/24 13:53:41 | 000,000,000 | ---D | C] -- \_OTL
[2011/10/24 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/10/24 13:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/24 13:13:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Undevco Films\Desktop\aswMBR.exe
[2011/10/24 11:42:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/24 11:37:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/24 11:37:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/24 11:37:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/24 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 06:10:20 | 000,000,000 | --SD | C] -- C:\keska
[2011/10/24 06:06:29 | 004,270,772 | R--- | C] (Swearware) -- C:\keska.exe
[2011/10/24 05:29:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Documents\Anti-Malware
[2011/10/24 04:34:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 03:53:04 | 000,000,000 | ---D | C] -- \LOST.DIR
[2011/10/24 03:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 03:39:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/24 03:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\d
[2011/10/24 03:09:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/24 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\Adobe
[2011/10/24 00:42:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Doctor Web
[2011/10/24 00:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/10/24 00:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2011/10/23 22:57:48 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2011/10/23 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\m
[2011/10/23 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/23 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\DoctorWeb
[2011/10/23 17:01:39 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/23 14:28:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/23 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\nextgen-gallery
[2011/10/21 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\DR MUSIC ADD
[2011/10/21 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\FUNNY
[2011/10/17 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\LES
[2011/10/16 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\WTablet
[2011/10/16 16:49:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2011/10/16 16:49:05 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2011/10/16 16:48:39 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2011/10/16 16:47:28 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2011/10/16 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2011/10/16 16:46:19 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2011/10/16 16:46:19 | 000,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2011/10/16 16:46:19 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2011/10/16 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/09 04:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box
[2011/10/05 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/05 19:21:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\temp(727)
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/30 23:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/25 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/09/25 09:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/24 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 3
[2011/09/24 22:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 3
========== Files - Modified Within 30 Days ==========
File not found -- C:\Windows\System32\
[2011/10/24 14:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 14:14:40 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 14:14:40 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 14:14:33 | 004,178,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/24 14:13:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 14:13:04 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_44374.nl_
[2011/10/24 14:13:04 | 000,000,000 | ---- | M] () -- C:\Windows\183811098
[2011/10/24 13:53:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/24 13:44:31 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/24 13:44:31 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 12:57:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Undevco Films\Desktop\aswMBR.exe
[2011/10/24 11:06:49 | 301,083,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/24 11:05:56 | 000,138,425 | ---- | M] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 10:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 06:30:40 | 000,580,339 | ---- | M] () -- C:\MGlogs.zip
[2011/10/24 06:15:43 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:55:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
[2011/10/24 05:15:40 | 000,649,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 05:15:40 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 03:39:21 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 01:30:33 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 21:31:01 | 004,270,772 | R--- | M] (Swearware) -- C:\keska.exe
[2011/10/23 17:40:24 | 000,001,356 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2011/10/23 17:24:48 | 000,000,512 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,002,855 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 14:08:56 | 000,303,049 | ---- | M] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:55:59 | 000,064,512 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 13:26:17 | 007,636,901 | ---- | M] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/23 10:50:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 10:50:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | M] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | M] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:31 | 001,021,597 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:27 | 001,045,646 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:12:28 | 000,207,462 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/14 04:33:00 | 008,962,806 | ---- | M] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | M] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/12 11:23:13 | 000,662,551 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/10/09 05:10:07 | 000,000,882 | ---- | M] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | M] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 19:25:14 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/09/24 22:16:06 | 000,000,902 | ---- | M] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | M] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | M] () -- C:\Windows\cfmrp-n.ini
========== Files Created - No Company Name ==========
[2020/01/07 00:32:35 | 000,001,651 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Cracklock.settings
[2011/10/24 14:19:45 | 000,584,192 | ---- | C] () -- \OTL.exe
[2011/10/24 14:13:04 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_44374.nl_
[2011/10/24 13:41:35 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/24 13:41:35 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 13:33:51 | 006,395,200 | ---- | C] () -- \HitmanPro35.exe
[2011/10/24 13:28:15 | 000,000,000 | ---- | C] () -- \cnet_HitmanPro35_exe.exe
[2011/10/24 13:23:11 | 000,000,512 | ---- | C] () -- \MBR.dat
[2011/10/24 12:57:06 | 001,916,416 | ---- | C] () -- \aswMBR.exe
[2011/10/24 12:23:28 | 001,561,392 | ---- | C] () -- \tdsskiller.exe
[2011/10/24 11:37:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/24 11:37:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/24 11:37:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/24 11:37:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/24 11:37:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/24 11:37:42 | 000,000,512 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/24 11:22:44 | 000,138,425 | ---- | C] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 11:05:54 | 000,138,425 | ---- | C] () -- \go.exe
[2011/10/24 06:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:31:25 | 000,580,339 | ---- | C] () -- C:\MGlogs.zip
[2011/10/24 05:29:00 | 002,423,465 | ---- | C] () -- C:\MGtools.exe
[2011/10/24 05:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\183811098
[2011/10/24 05:06:49 | 101,526,088 | ---- | C] () -- \EmsisoftAntiMalwareSetup.exe
[2011/10/24 03:57:38 | 000,080,384 | ---- | C] () -- \MBRCheck-1.exe
[2011/10/24 03:56:27 | 000,000,000 | ---- | C] () -- \MBRCheck.exe
[2011/10/24 03:39:21 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 01:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 19:43:12 | 000,000,015 | ---- | C] () -- \settings.dat
[2011/10/23 19:42:38 | 000,472,064 | ---- | C] () -- \RootRepeal.exe
[2011/10/23 17:58:44 | 079,532,096 | ---- | C] () -- \m36z5576.exe
[2011/10/23 17:46:51 | 042,730,616 | ---- | C] () -- \4k8t247w.exe
[2011/10/23 17:34:22 | 000,050,688 | ---- | C] () -- \ATF-Cleaner.exe
[2011/10/23 17:28:01 | 000,000,000 | ---- | C] () -- \mab.exe
[2011/10/23 17:24:46 | 000,000,512 | ---- | C] () -- \ABCD.lnk
[2011/10/23 17:05:20 | 000,454,120 | ---- | C] () -- \cnet_ComboFix_exe.exe
[2011/10/23 15:31:56 | 000,002,855 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 13:59:17 | 000,303,049 | ---- | C] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:26:07 | 007,636,901 | ---- | C] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/21 17:06:09 | 000,068,096 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | C] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | C] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:30 | 001,021,597 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:26 | 001,045,646 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:08:25 | 000,207,462 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/17 12:13:10 | 301,083,379 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:49:06 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2011/10/14 04:07:59 | 008,962,806 | ---- | C] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | C] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/09 05:10:07 | 000,000,882 | ---- | C] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | C] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 22:43:47 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:16:06 | 000,000,902 | ---- | C] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | C] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | C] () -- C:\Windows\cfmrp-n.ini
[2011/08/26 15:14:06 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 10:11:24 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/27 14:29:13 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/15 17:03:43 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/23 14:12:51 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 14:12:51 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 03:51:34 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/02/02 14:38:15 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\PnkBstrK.sys
[2010/12/14 20:30:46 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/14 20:30:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/23 17:14:56 | 000,141,273 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/08/25 00:51:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/07/26 09:45:58 | 000,000,707 | ---- | C] () -- C:\Windows\cm108.ini
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/04/27 18:04:33 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/04/22 19:59:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/04/22 19:59:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/04/22 19:59:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/04/22 19:59:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/03/29 19:09:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/03/29 18:57:46 | 000,001,541 | ---- | C] () -- C:\Windows\TSearch.INI
[2010/03/25 13:48:23 | 000,075,328 | ---- | C] () -- C:\Windows\System32\prodad-mercalli-10-codec.dll
[2010/03/22 16:19:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 13:49:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/03/15 03:16:12 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010/03/13 17:50:15 | 000,064,512 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 15:29:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/13 02:51:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/13 02:51:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/13 02:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/12 05:54:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/03/12 05:46:26 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2010/03/12 05:46:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/03/12 05:44:08 | 000,001,356 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/06/05 18:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2007/05/01 16:10:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC053C_0C.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_10.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_0A.dll
[2007/05/01 16:10:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC053C_09.dll
[2007/05/01 16:10:02 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC053C_11.dll
[2007/05/01 16:10:00 | 000,835,584 | ---- | C] () -- C:\Windows\System32\SaiC053C.Dll
[2007/05/01 16:10:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_07.dll
[2007/05/01 16:10:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC053C_0402.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 004,178,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,649,176 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/10/05 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\2K Sports
[2011/04/23 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\572EFECB296E0DDFABC6F22A08836665
[2011/09/25 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/10/13 09:26:00 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Azureus
[2011/05/24 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\BlackBean
[2010/08/27 09:00:10 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/16 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\DAEMON Tools Pro
[2010/04/20 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FreeArc
[2010/09/23 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\HDRsoft
[2010/06/13 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Logia
[2010/11/30 06:16:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Mount&Blade Warband
[2010/04/11 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\MPEG Streamclip
[2010/03/22 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\PACE Anti-Piracy
[2010/04/12 00:40:40 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Pavtube
[2010/03/25 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\proDAD
[2010/04/22 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Publish Providers
[2011/03/23 02:48:02 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\QuickScan
[2010/08/24 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\scriptocean
[2010/04/13 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony
[2010/03/22 01:18:32 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony Creative Software
[2010/08/27 16:57:36 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/06 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Stellarium
[2010/06/29 02:27:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\The Creative Assembly
[2011/03/28 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TightVNC
[2011/07/27 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Tonido
[2010/07/26 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TS3Client
[2011/01/07 15:35:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Ulead Systems
[2011/06/01 06:16:08 | 000,000,000 | --SD | M] -- C:\Users\Undevco Films\AppData\Roaming\Virtual CD v10
[2011/03/19 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\WysePocketCloud
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/24 13:44:31 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 14:16:04 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/03/23 14:50:36 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/03/23 14:32:17 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\Windows\183811098:3846376437.exe
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1B7B8F31
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3C6F81BD
< End of report >
OTL logfile created on: 10/24/2011 2:20:42 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 86.51% Memory free
7.17 Gb Paging File | 6.93 Gb Available in Paging File | 96.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 12.53 Gb Free Space | 4.20% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 495.22 Mb Total Space | 265.12 Mb Free Space | 53.54% Space Free | Partition Type: FAT
Drive G: | 1397.26 Gb Total Space | 254.11 Gb Free Space | 18.19% Space Free | Partition Type: NTFS
Computer Name: UNDEVCOFILMS-PC | User Name: Undevco Films | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/24 14:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
SRV - [2011/10/02 19:25:04 | 002,151,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\d\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/09 23:36:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/17 14:09:18 | 000,139,264 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/08/23 20:21:40 | 000,008,192 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/27 17:56:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/24 11:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/07/30 18:51:02 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/21 17:02:54 | 000,233,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
========== Driver Services (SafeList) ==========
DRV - [2011/10/24 14:13:11 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\91912406.sys -- (58010134)
DRV - [2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\62361770.sys -- (17703796)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/14 09:59:03 | 000,075,264 | ---- | M] () [File_System | Unknown | Stopped] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/05 14:12:35 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/06/03 02:54:36 | 001,032,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/31 02:16:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2007/10/31 02:15:52 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/25 06:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/01 16:10:02 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH053C.sys -- (SaiH053C)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001/10/25 22:42:10 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {71D7952D-AAF0-411D-9F41-34B02273C255}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:06&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Undevco Films\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/07/12 14:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 22:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{71D7952D-AAF0-411D-9F41-34B02273C255}: C:\Users\Undevco Films\AppData\Local\{71D7952D-AAF0-411D-9F41-34B02273C255}\ [2011/04/15 18:08:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{999CFC64-AA62-4B5D-8151-676682645F60}: C:\Users\Undevco Films\AppData\Local\{999CFC64-AA62-4B5D-8151-676682645F60}\ [2011/05/24 21:52:55 | 000,000,000 | ---D | M]
[2010/03/12 06:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Extensions
[2011/10/17 13:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions
[2011/05/12 01:18:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/10/05 18:58:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{460e7e89-5617-4ff2-82a2-26aaaa6519c3}
[2011/08/01 19:32:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 22:43:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{a605b862-ef41-4b3d-bd27-f91bd4add574}
[2010/06/11 18:56:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\[email protected]
[2010/11/07 18:00:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\vshare@toolbar
[2011/09/24 16:57:42 | 000,001,945 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\bing-zugo.xml
[2010/01/01 06:55:02 | 000,000,909 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\conduit.xml
[2011/10/02 22:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 00:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/15 18:08:40 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{71D7952D-AAF0-411D-9F41-34B02273C255}
[2011/05/24 21:52:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{999CFC64-AA62-4B5D-8151-676682645F60}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/06/13 00:36:50 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.10.20_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
O1 HOSTS File: ([2011/10/24 13:53:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\d\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BC34DB5-5A55-4374-88BC-6E43AF2557DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe /autorun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] --
O37 - HKU\S-1-5-18\...exe [@ = exefile] --
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Windows\System32\
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracklock
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cracklock
[2011/10/24 13:53:41 | 000,000,000 | ---D | C] -- \_OTL
[2011/10/24 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/10/24 13:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/24 13:13:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Undevco Films\Desktop\aswMBR.exe
[2011/10/24 11:42:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/24 11:37:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/24 11:37:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/24 11:37:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/24 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 06:10:20 | 000,000,000 | --SD | C] -- C:\keska
[2011/10/24 06:06:29 | 004,270,772 | R--- | C] (Swearware) -- C:\keska.exe
[2011/10/24 05:29:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Documents\Anti-Malware
[2011/10/24 04:34:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 03:53:04 | 000,000,000 | ---D | C] -- \LOST.DIR
[2011/10/24 03:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 03:39:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/24 03:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\d
[2011/10/24 03:09:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/24 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\Adobe
[2011/10/24 00:42:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Doctor Web
[2011/10/24 00:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/10/24 00:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2011/10/23 22:57:48 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2011/10/23 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\m
[2011/10/23 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/23 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\DoctorWeb
[2011/10/23 17:01:39 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/23 14:28:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/23 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\nextgen-gallery
[2011/10/21 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\DR MUSIC ADD
[2011/10/21 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\FUNNY
[2011/10/17 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\LES
[2011/10/16 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\WTablet
[2011/10/16 16:49:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2011/10/16 16:49:05 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2011/10/16 16:48:39 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2011/10/16 16:47:28 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2011/10/16 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2011/10/16 16:46:19 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2011/10/16 16:46:19 | 000,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2011/10/16 16:46:19 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2011/10/16 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/09 04:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box
[2011/10/05 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/05 19:21:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\temp(727)
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/30 23:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/25 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/09/25 09:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/24 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 3
[2011/09/24 22:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 3
========== Files - Modified Within 30 Days ==========
File not found -- C:\Windows\System32\
[2011/10/24 14:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 14:14:40 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 14:14:40 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 14:14:33 | 004,178,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/24 14:13:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 14:13:04 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_44374.nl_
[2011/10/24 14:13:04 | 000,000,000 | ---- | M] () -- C:\Windows\183811098
[2011/10/24 13:53:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/24 13:44:31 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/24 13:44:31 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 12:57:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Undevco Films\Desktop\aswMBR.exe
[2011/10/24 11:06:49 | 301,083,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/24 11:05:56 | 000,138,425 | ---- | M] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 10:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 06:30:40 | 000,580,339 | ---- | M] () -- C:\MGlogs.zip
[2011/10/24 06:15:43 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:55:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
[2011/10/24 05:15:40 | 000,649,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 05:15:40 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 03:39:21 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 01:30:33 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 21:31:01 | 004,270,772 | R--- | M] (Swearware) -- C:\keska.exe
[2011/10/23 17:40:24 | 000,001,356 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2011/10/23 17:24:48 | 000,000,512 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,002,855 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 14:08:56 | 000,303,049 | ---- | M] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:55:59 | 000,064,512 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 13:26:17 | 007,636,901 | ---- | M] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/23 10:50:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 10:50:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | M] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | M] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:31 | 001,021,597 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:27 | 001,045,646 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:12:28 | 000,207,462 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/14 04:33:00 | 008,962,806 | ---- | M] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | M] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/12 11:23:13 | 000,662,551 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/10/09 05:10:07 | 000,000,882 | ---- | M] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | M] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 19:25:14 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/09/24 22:16:06 | 000,000,902 | ---- | M] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | M] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | M] () -- C:\Windows\cfmrp-n.ini
========== Files Created - No Company Name ==========
[2020/01/07 00:32:35 | 000,001,651 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Cracklock.settings
[2011/10/24 14:19:45 | 000,584,192 | ---- | C] () -- \OTL.exe
[2011/10/24 14:13:04 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_44374.nl_
[2011/10/24 13:41:35 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/24 13:41:35 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 13:33:51 | 006,395,200 | ---- | C] () -- \HitmanPro35.exe
[2011/10/24 13:28:15 | 000,000,000 | ---- | C] () -- \cnet_HitmanPro35_exe.exe
[2011/10/24 13:23:11 | 000,000,512 | ---- | C] () -- \MBR.dat
[2011/10/24 12:57:06 | 001,916,416 | ---- | C] () -- \aswMBR.exe
[2011/10/24 12:23:28 | 001,561,392 | ---- | C] () -- \tdsskiller.exe
[2011/10/24 11:37:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/24 11:37:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/24 11:37:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/24 11:37:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/24 11:37:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/24 11:37:42 | 000,000,512 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ABCD.lnk
[2011/10/24 11:22:44 | 000,138,425 | ---- | C] () -- C:\Users\Undevco Films\Desktop\go.exe
[2011/10/24 11:05:54 | 000,138,425 | ---- | C] () -- \go.exe
[2011/10/24 06:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:31:25 | 000,580,339 | ---- | C] () -- C:\MGlogs.zip
[2011/10/24 05:29:00 | 002,423,465 | ---- | C] () -- C:\MGtools.exe
[2011/10/24 05:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\183811098
[2011/10/24 05:06:49 | 101,526,088 | ---- | C] () -- \EmsisoftAntiMalwareSetup.exe
[2011/10/24 03:57:38 | 000,080,384 | ---- | C] () -- \MBRCheck-1.exe
[2011/10/24 03:56:27 | 000,000,000 | ---- | C] () -- \MBRCheck.exe
[2011/10/24 03:39:21 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 01:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 19:43:12 | 000,000,015 | ---- | C] () -- \settings.dat
[2011/10/23 19:42:38 | 000,472,064 | ---- | C] () -- \RootRepeal.exe
[2011/10/23 17:58:44 | 079,532,096 | ---- | C] () -- \m36z5576.exe
[2011/10/23 17:46:51 | 042,730,616 | ---- | C] () -- \4k8t247w.exe
[2011/10/23 17:34:22 | 000,050,688 | ---- | C] () -- \ATF-Cleaner.exe
[2011/10/23 17:28:01 | 000,000,000 | ---- | C] () -- \mab.exe
[2011/10/23 17:24:46 | 000,000,512 | ---- | C] () -- \ABCD.lnk
[2011/10/23 17:05:20 | 000,454,120 | ---- | C] () -- \cnet_ComboFix_exe.exe
[2011/10/23 15:31:56 | 000,002,855 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:23:30 | 000,000,612 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\ldr.ini
[2011/10/23 14:23:25 | 000,105,984 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\svhostu.exe
[2011/10/23 13:59:17 | 000,303,049 | ---- | C] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:26:07 | 007,636,901 | ---- | C] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/21 17:06:09 | 000,068,096 | -HS- | C] () -- C:\Users\Undevco Films\AppData\Local\volmgr.exe
[2011/10/19 11:34:20 | 000,001,991 | ---- | C] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | C] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:30 | 001,021,597 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:26 | 001,045,646 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:08:25 | 000,207,462 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/17 12:13:10 | 301,083,379 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:49:06 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2011/10/14 04:07:59 | 008,962,806 | ---- | C] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | C] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/09 05:10:07 | 000,000,882 | ---- | C] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | C] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 22:43:47 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:16:06 | 000,000,902 | ---- | C] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | C] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | C] () -- C:\Windows\cfmrp-n.ini
[2011/08/26 15:14:06 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 10:11:24 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/27 14:29:13 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/15 17:03:43 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/23 14:12:51 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 14:12:51 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 03:51:34 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/02/02 14:38:15 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\PnkBstrK.sys
[2010/12/14 20:30:46 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/14 20:30:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/23 17:14:56 | 000,141,273 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/08/25 00:51:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/07/26 09:45:58 | 000,000,707 | ---- | C] () -- C:\Windows\cm108.ini
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/04/27 18:04:33 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/04/22 19:59:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/04/22 19:59:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/04/22 19:59:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/04/22 19:59:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/03/29 19:09:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/03/29 18:57:46 | 000,001,541 | ---- | C] () -- C:\Windows\TSearch.INI
[2010/03/25 13:48:23 | 000,075,328 | ---- | C] () -- C:\Windows\System32\prodad-mercalli-10-codec.dll
[2010/03/22 16:19:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 13:49:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/03/15 03:16:12 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010/03/13 17:50:15 | 000,064,512 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 15:29:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/13 02:51:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/13 02:51:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/13 02:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/12 05:54:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/03/12 05:46:26 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2010/03/12 05:46:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/03/12 05:44:08 | 000,001,356 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/06/05 18:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2007/05/01 16:10:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC053C_0C.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_10.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_0A.dll
[2007/05/01 16:10:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC053C_09.dll
[2007/05/01 16:10:02 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC053C_11.dll
[2007/05/01 16:10:00 | 000,835,584 | ---- | C] () -- C:\Windows\System32\SaiC053C.Dll
[2007/05/01 16:10:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_07.dll
[2007/05/01 16:10:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC053C_0402.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 004,178,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,649,176 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/10/05 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\2K Sports
[2011/04/23 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\572EFECB296E0DDFABC6F22A08836665
[2011/09/25 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/10/13 09:26:00 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Azureus
[2011/05/24 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\BlackBean
[2010/08/27 09:00:10 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/16 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\DAEMON Tools Pro
[2010/04/20 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FreeArc
[2010/09/23 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\HDRsoft
[2010/06/13 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Logia
[2010/11/30 06:16:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Mount&Blade Warband
[2010/04/11 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\MPEG Streamclip
[2010/03/22 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\PACE Anti-Piracy
[2010/04/12 00:40:40 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Pavtube
[2010/03/25 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\proDAD
[2010/04/22 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Publish Providers
[2011/03/23 02:48:02 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\QuickScan
[2010/08/24 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\scriptocean
[2010/04/13 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony
[2010/03/22 01:18:32 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony Creative Software
[2010/08/27 16:57:36 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/06 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Stellarium
[2010/06/29 02:27:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\The Creative Assembly
[2011/03/28 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TightVNC
[2011/07/27 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Tonido
[2010/07/26 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TS3Client
[2011/01/07 15:35:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Ulead Systems
[2011/06/01 06:16:08 | 000,000,000 | --SD | M] -- C:\Users\Undevco Films\AppData\Roaming\Virtual CD v10
[2011/03/19 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\WysePocketCloud
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/24 13:44:31 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 14:16:04 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/03/23 14:50:36 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/03/23 14:32:17 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\Windows\183811098:3846376437.exe
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1B7B8F31
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3C6F81BD
< End of report >
Attached Files
-
OTL.Txt 108.89KB
125 downloads
#7
Posted 24 October 2011 - 01:37 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you delete your current copy of combofix please and after the OTL run download a fresh copy following the instructions posted
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
THEN
When you download combofix please rename it to svchost and save it to the root C drive i.e. C:\svchost.exe
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your C drive
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 87 51 04 CE D7 3A 43 88 99 D2 98 77 46 21 20 [binary data]
[2011/10/05 18:58:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{460e7e89-5617-4ff2-82a2-26aaaa6519c3}
[2011/10/02 22:43:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{a605b862-ef41-4b3d-bd27-f91bd4add574}
[2011/04/15 18:08:40 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{71D7952D-AAF0-411D-9F41-34B02273C255}
[2011/05/24 21:52:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{999CFC64-AA62-4B5D-8151-676682645F60}
:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
When you download combofix please rename it to svchost and save it to the root C drive i.e. C:\svchost.exe
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your C drive
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#8
Posted 24 October 2011 - 02:03 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
OTL and Combofix Logs
ComboFix 11-10-19.06 - Undevco Films 10/24/2011 14:54:55.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2984 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\D\Malwarebytes' Anti-Malware\changes.rtf
c:\program files\D\Malwarebytes' Anti-Malware\Languages\arabic.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\belarusian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\bosnian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\catalan.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\croatian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\czech.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\danish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\dutch.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\english.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\estonian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\finnish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\french.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\german.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\greek.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\hebrew.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\hungarian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\italian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\korean.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\latvian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\macedonian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\norwegian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\polish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\romanian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\russian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\serbian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\slovak.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\slovenian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\spanish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\swedish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\thai.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\turkish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\vietnamese.lng
c:\program files\D\Malwarebytes' Anti-Malware\license.txt
c:\program files\D\Malwarebytes' Anti-Malware\mbam.chm
c:\program files\D\Malwarebytes' Anti-Malware\mbam.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\D\Malwarebytes' Anti-Malware\mbamcore.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\D\Malwarebytes' Anti-Malware\mbamnet.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\D\Malwarebytes' Anti-Malware\ssubtmr6.dll
c:\program files\D\Malwarebytes' Anti-Malware\unins000.dat
c:\program files\D\Malwarebytes' Anti-Malware\unins000.exe
c:\program files\D\Malwarebytes' Anti-Malware\unins000.msg
c:\program files\D\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
c:\users\Undevco Films\AppData\Local\volmgr.exe
c:\users\Undevco Films\AppData\Roaming\ldr.ini
c:\users\Undevco Films\AppData\Roaming\svhostu.exe
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\iun6002.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2020-01-07 05:32 . 2020-01-07 05:32 -------- d-----w- c:\program files\Cracklock
2011-10-24 19:57 . 2011-10-24 19:57 -------- d-----w- c:\users\Undevco Films\AppData\Local\temp
2011-10-24 19:57 . 2011-10-24 19:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-24 19:57 . 2011-10-24 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-24 19:13 . 2011-10-24 19:13 48016 --sha-w- c:\windows\system32\c_44374.nl_
2011-10-24 18:41 . 2011-10-24 18:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-24 11:10 . 2011-10-24 11:11 -------- d-----w- C:\keska
2011-10-24 10:29 . 2011-10-24 11:30 -------- d-----w- C:\MGtools
2011-10-24 10:10 . 2011-10-24 10:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-24 09:34 . 2011-10-24 10:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-24 08:39 . 2011-10-24 08:39 -------- d-----w- c:\program files\d
2011-10-24 08:39 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 06:50 . 2011-10-24 06:55 -------- d-----w- c:\users\Undevco Films\AppData\Local\Adobe
2011-10-24 05:42 . 2011-10-24 05:42 -------- d-----w- c:\users\Undevco Films\Doctor Web
2011-10-24 05:41 . 2011-10-24 05:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-10-24 05:40 . 2011-10-24 07:10 -------- d-----w- c:\program files\DrWeb
2011-10-24 03:57 . 2011-10-24 03:57 94896 ----a-w- c:\windows\system32\drivers\91912406.sys
2011-10-24 01:49 . 2011-10-24 06:34 -------- d-----w- c:\programdata\Doctor Web
2011-10-24 01:09 . 2011-10-24 01:09 -------- d-----w- c:\program files\m
2011-10-24 00:57 . 2011-10-24 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 22:47 . 2011-10-23 23:41 -------- d-----w- c:\users\Undevco Films\DoctorWeb
2011-10-23 22:01 . 2011-10-23 22:01 94896 ----a-w- c:\windows\system32\drivers\62361770.sys
2011-10-23 20:31 . 2011-10-23 20:31 -------- d--h--w- c:\windows\PIF
2011-10-23 19:28 . 2011-10-23 19:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-16 21:49 . 2011-10-19 02:00 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\WTablet
2011-10-16 21:49 . 2009-11-24 16:25 7892776 ----a-w- c:\windows\system32\WacomTablet.cpl
2011-10-16 21:48 . 2007-02-16 15:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-10-16 21:47 . 2009-05-20 16:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-10-16 21:46 . 2011-10-16 21:46 -------- d-----w- c:\windows\system32\WTablet
2011-10-16 21:46 . 2009-11-24 16:25 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2011-10-16 21:46 . 2009-11-24 16:25 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-10-16 21:46 . 2009-11-24 16:20 285184 ----a-w- c:\windows\system32\Wintab32.dll
2011-10-16 21:46 . 2011-10-16 21:48 -------- d-----w- c:\program files\Tablet
2011-10-09 09:28 . 2011-10-09 09:28 -------- d-----w- c:\program files\Black_Box
2011-10-01 04:33 . 2011-10-24 18:43 -------- d-----w- c:\programdata\Hitman Pro
2011-09-25 14:10 . 2011-09-25 14:10 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\AVG2012
2011-09-25 14:10 . 2011-10-17 18:38 -------- d-----w- c:\programdata\AVG2012
2011-09-25 03:16 . 2011-09-25 03:16 -------- d-----w- c:\program files\PhotoZoom Pro 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:43 . 2010-03-12 11:04 17488 ----a-w- c:\windows\gdrv.sys
2011-10-24 19:11 . 2011-06-15 22:03 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-24 11:30 . 2011-10-24 10:31 580339 ----a-w- C:\MGlogs.zip
2011-10-24 07:10 . 2010-03-12 22:37 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-24 04:02 . 2010-03-13 07:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 01:24 . 2010-03-13 07:51 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-03 00:25 . 2010-03-22 18:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-11 17:37 . 2011-08-11 17:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 17:37 . 2011-08-11 17:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 17:37 . 2011-08-11 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-11 17:37 . 2011-08-11 17:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-11 17:37 . 2011-08-11 17:37 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 17:37 . 2011-08-11 17:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-11 17:37 . 2011-08-11 17:37 367104 ----a-w- c:\windows\system32\html.iec
2011-08-11 17:37 . 2011-08-11 17:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 17:37 . 2011-08-11 17:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-11 17:37 . 2011-08-11 17:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-11 17:37 . 2011-08-11 17:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-11 17:37 . 2011-08-11 17:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-11 17:37 . 2011-08-11 17:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 17:37 . 2011-08-11 17:37 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-11 17:37 . 2011-08-11 17:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 17:37 . 2011-08-11 17:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-11 17:37 . 2011-08-11 17:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-11 17:37 . 2011-08-11 17:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-11 17:37 . 2011-08-11 17:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-10-03 03:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMCService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PocketCloud Location
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupd
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 cpuz130;cpuz130;c:\users\UNDEVC~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R4 17703796;17703796;c:\windows\system32\drivers\62361770.sys [2011-10-23 94896]
R4 58010134;58010134;c:\windows\system32\drivers\91912406.sys [2011-10-24 94896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\setup.exe /autorun
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\setup.exe /autorun
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe /autorun
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
- c:\program files\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 08:27]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 08:27]
.
2011-10-24 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-10-24 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6bf54e0b-9c56-49f2-be14-38455c6e14c9%7D&mid=48af4c0ea42647d19c20d119f9fce2b8-53e996cf7d9b37f515ee00ef1aaf8720b6ea968c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-05%2020%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Malwarebytes' Anti-Malware - c:\program files\d\Malwarebytes' Anti-Malware\mbamgui.exe
SafeBoot-08956404.sys
SafeBoot-14994456.sys
SafeBoot-17703796.sys
SafeBoot-33207837.sys
SafeBoot-47127261.sys
SafeBoot-48280481.sys
SafeBoot-49323590.sys
SafeBoot-49778284.sys
SafeBoot-50521455.sys
SafeBoot-53090775.sys
SafeBoot-58010134.sys
SafeBoot-64184865.sys
SafeBoot-74659057.sys
SafeBoot-75412661.sys
SafeBoot-78110732.sys
SafeBoot-80501715.sys
SafeBoot-84528814.sys
SafeBoot-klmdb.sys
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\d\Malwarebytes' Anti-Malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1abcf40a]
"ImagePath"="\systemroot\183811098:3846376437.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-24 15:00:40
ComboFix-quarantined-files.txt 2011-10-24 20:00
.
Pre-Run: 13,343,408,128 bytes free
Post-Run: 13,236,957,184 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 158CCAFF19B0F3F5484E5A1FD1E4CB8F
ComboFix 11-10-19.06 - Undevco Films 10/24/2011 14:54:55.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2984 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\D\Malwarebytes' Anti-Malware\changes.rtf
c:\program files\D\Malwarebytes' Anti-Malware\Languages\arabic.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\belarusian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\bosnian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\catalan.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\croatian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\czech.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\danish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\dutch.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\english.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\estonian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\finnish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\french.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\german.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\greek.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\hebrew.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\hungarian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\italian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\korean.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\latvian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\macedonian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\norwegian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\polish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\romanian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\russian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\serbian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\slovak.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\slovenian.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\spanish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\swedish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\thai.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\turkish.lng
c:\program files\D\Malwarebytes' Anti-Malware\Languages\vietnamese.lng
c:\program files\D\Malwarebytes' Anti-Malware\license.txt
c:\program files\D\Malwarebytes' Anti-Malware\mbam.chm
c:\program files\D\Malwarebytes' Anti-Malware\mbam.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\D\Malwarebytes' Anti-Malware\mbamcore.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\D\Malwarebytes' Anti-Malware\mbamnet.dll
c:\program files\D\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\D\Malwarebytes' Anti-Malware\ssubtmr6.dll
c:\program files\D\Malwarebytes' Anti-Malware\unins000.dat
c:\program files\D\Malwarebytes' Anti-Malware\unins000.exe
c:\program files\D\Malwarebytes' Anti-Malware\unins000.msg
c:\program files\D\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
c:\users\Undevco Films\AppData\Local\volmgr.exe
c:\users\Undevco Films\AppData\Roaming\ldr.ini
c:\users\Undevco Films\AppData\Roaming\svhostu.exe
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\iun6002.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2020-01-07 05:32 . 2020-01-07 05:32 -------- d-----w- c:\program files\Cracklock
2011-10-24 19:57 . 2011-10-24 19:57 -------- d-----w- c:\users\Undevco Films\AppData\Local\temp
2011-10-24 19:57 . 2011-10-24 19:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-24 19:57 . 2011-10-24 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-24 19:13 . 2011-10-24 19:13 48016 --sha-w- c:\windows\system32\c_44374.nl_
2011-10-24 18:41 . 2011-10-24 18:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-24 11:10 . 2011-10-24 11:11 -------- d-----w- C:\keska
2011-10-24 10:29 . 2011-10-24 11:30 -------- d-----w- C:\MGtools
2011-10-24 10:10 . 2011-10-24 10:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-24 09:34 . 2011-10-24 10:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-24 08:39 . 2011-10-24 08:39 -------- d-----w- c:\program files\d
2011-10-24 08:39 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 06:50 . 2011-10-24 06:55 -------- d-----w- c:\users\Undevco Films\AppData\Local\Adobe
2011-10-24 05:42 . 2011-10-24 05:42 -------- d-----w- c:\users\Undevco Films\Doctor Web
2011-10-24 05:41 . 2011-10-24 05:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-10-24 05:40 . 2011-10-24 07:10 -------- d-----w- c:\program files\DrWeb
2011-10-24 03:57 . 2011-10-24 03:57 94896 ----a-w- c:\windows\system32\drivers\91912406.sys
2011-10-24 01:49 . 2011-10-24 06:34 -------- d-----w- c:\programdata\Doctor Web
2011-10-24 01:09 . 2011-10-24 01:09 -------- d-----w- c:\program files\m
2011-10-24 00:57 . 2011-10-24 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 22:47 . 2011-10-23 23:41 -------- d-----w- c:\users\Undevco Films\DoctorWeb
2011-10-23 22:01 . 2011-10-23 22:01 94896 ----a-w- c:\windows\system32\drivers\62361770.sys
2011-10-23 20:31 . 2011-10-23 20:31 -------- d--h--w- c:\windows\PIF
2011-10-23 19:28 . 2011-10-23 19:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-16 21:49 . 2011-10-19 02:00 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\WTablet
2011-10-16 21:49 . 2009-11-24 16:25 7892776 ----a-w- c:\windows\system32\WacomTablet.cpl
2011-10-16 21:48 . 2007-02-16 15:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-10-16 21:47 . 2009-05-20 16:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-10-16 21:46 . 2011-10-16 21:46 -------- d-----w- c:\windows\system32\WTablet
2011-10-16 21:46 . 2009-11-24 16:25 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2011-10-16 21:46 . 2009-11-24 16:25 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-10-16 21:46 . 2009-11-24 16:20 285184 ----a-w- c:\windows\system32\Wintab32.dll
2011-10-16 21:46 . 2011-10-16 21:48 -------- d-----w- c:\program files\Tablet
2011-10-09 09:28 . 2011-10-09 09:28 -------- d-----w- c:\program files\Black_Box
2011-10-01 04:33 . 2011-10-24 18:43 -------- d-----w- c:\programdata\Hitman Pro
2011-09-25 14:10 . 2011-09-25 14:10 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\AVG2012
2011-09-25 14:10 . 2011-10-17 18:38 -------- d-----w- c:\programdata\AVG2012
2011-09-25 03:16 . 2011-09-25 03:16 -------- d-----w- c:\program files\PhotoZoom Pro 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:43 . 2010-03-12 11:04 17488 ----a-w- c:\windows\gdrv.sys
2011-10-24 19:11 . 2011-06-15 22:03 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-24 11:30 . 2011-10-24 10:31 580339 ----a-w- C:\MGlogs.zip
2011-10-24 07:10 . 2010-03-12 22:37 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-24 04:02 . 2010-03-13 07:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 01:24 . 2010-03-13 07:51 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-03 00:25 . 2010-03-22 18:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-11 17:37 . 2011-08-11 17:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 17:37 . 2011-08-11 17:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 17:37 . 2011-08-11 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-11 17:37 . 2011-08-11 17:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-11 17:37 . 2011-08-11 17:37 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 17:37 . 2011-08-11 17:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-11 17:37 . 2011-08-11 17:37 367104 ----a-w- c:\windows\system32\html.iec
2011-08-11 17:37 . 2011-08-11 17:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 17:37 . 2011-08-11 17:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-11 17:37 . 2011-08-11 17:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-11 17:37 . 2011-08-11 17:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-11 17:37 . 2011-08-11 17:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-11 17:37 . 2011-08-11 17:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 17:37 . 2011-08-11 17:37 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-11 17:37 . 2011-08-11 17:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 17:37 . 2011-08-11 17:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-11 17:37 . 2011-08-11 17:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-11 17:37 . 2011-08-11 17:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-11 17:37 . 2011-08-11 17:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-10-03 03:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMCService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PocketCloud Location
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupd
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 cpuz130;cpuz130;c:\users\UNDEVC~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R4 17703796;17703796;c:\windows\system32\drivers\62361770.sys [2011-10-23 94896]
R4 58010134;58010134;c:\windows\system32\drivers\91912406.sys [2011-10-24 94896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\setup.exe /autorun
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\setup.exe /autorun
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe /autorun
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
- c:\program files\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 08:27]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 08:27]
.
2011-10-24 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-10-24 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6bf54e0b-9c56-49f2-be14-38455c6e14c9%7D&mid=48af4c0ea42647d19c20d119f9fce2b8-53e996cf7d9b37f515ee00ef1aaf8720b6ea968c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-05%2020%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Malwarebytes' Anti-Malware - c:\program files\d\Malwarebytes' Anti-Malware\mbamgui.exe
SafeBoot-08956404.sys
SafeBoot-14994456.sys
SafeBoot-17703796.sys
SafeBoot-33207837.sys
SafeBoot-47127261.sys
SafeBoot-48280481.sys
SafeBoot-49323590.sys
SafeBoot-49778284.sys
SafeBoot-50521455.sys
SafeBoot-53090775.sys
SafeBoot-58010134.sys
SafeBoot-64184865.sys
SafeBoot-74659057.sys
SafeBoot-75412661.sys
SafeBoot-78110732.sys
SafeBoot-80501715.sys
SafeBoot-84528814.sys
SafeBoot-klmdb.sys
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\d\Malwarebytes' Anti-Malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1abcf40a]
"ImagePath"="\systemroot\183811098:3846376437.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-24 15:00:40
ComboFix-quarantined-files.txt 2011-10-24 20:00
.
Pre-Run: 13,343,408,128 bytes free
Post-Run: 13,236,957,184 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 158CCAFF19B0F3F5484E5A1FD1E4CB8F
Attached Files
-
OTL.Txt 103.39KB
108 downloads
-
ComboFix.txt 20.11KB
133 downloads
#9
Posted 24 October 2011 - 02:25 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you download a fresh copy of combofix please as that was old - either that or let it update when it asks. As the rootkit is still there
#10
Posted 24 October 2011 - 02:30 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
do you possibly have a link to the newest version as i am in safe mode with no internet access.
#11
Posted 24 October 2011 - 02:46 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Are you able to copy it to the poorly computer via USB or cd ?
http://majorgeeks.co...abd69481c775ab1 this is a MajorGeeks redirect link
If you cannot do that I will try to get combofix to remove it manually
http://majorgeeks.co...abd69481c775ab1 this is a MajorGeeks redirect link
If you cannot do that I will try to get combofix to remove it manually
#12
Posted 24 October 2011 - 02:47 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
yes i have usb access. I will download the new file now. thank you
#13
Posted 24 October 2011 - 02:48 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
This one is difficult to remove - I have one currently running where nothing at all will run, mayhap you have an earlier version
#14
Posted 24 October 2011 - 02:52 PM
tsurvey73
- Topic Starter
-
- Member
-
- 23 posts
Member
Okay I ran the new ComboFix file and now it says something like administrative denied and then went through to the 10min screen and hasn't moved since.
#15
Posted 24 October 2011 - 03:00 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK give it a bit longer - I will construct a manual fix if it fails
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
