Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware generating random number.exe cant run any malware soft

Started by tsurvey73 , Oct 24 2011 10:57 AM

  • This topic is locked This topic is locked

#16
tsurvey73
Posted 24 October 2011 - 03:13 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It seems to be just sitting there indefinitely. Is this normal? thanks
  • 0

Advertisements

#17
Essexboy
Posted 24 October 2011 - 03:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK stop it please and we will try manually

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\183811098:3846376437.exe

rootkit::
c:\windows\183811098:3846376437.exe

Driver::
1abcf40a

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#18
tsurvey73
Posted 24 October 2011 - 03:27 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
After following the instructions Combofix seems to be stuck at the 10min screen again.
  • 0

#19
Essexboy
Posted 24 October 2011 - 03:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK are you able to access the repair my computer option by pressing and holding F8 when the computer restarts
  • 0

#20
tsurvey73
Posted 24 October 2011 - 03:39 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I can access the safe mode and last configuration options when pressing f8 at boot.
  • 0

#21
Essexboy
Posted 24 October 2011 - 03:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is there an option called repair my computer ?
  • 0

#22
tsurvey73
Posted 24 October 2011 - 03:46 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
no option for repair is listed
  • 0

#23
Essexboy
Posted 24 October 2011 - 03:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can create a recovery disc

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

  • 0

#24
tsurvey73
Posted 24 October 2011 - 03:55 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
okay i was able to run a repair from my original vista disk. It is asking me if I would like to restore to an earlier time before the errors.
  • 0

#25
Essexboy
Posted 24 October 2011 - 04:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes restore as far back as you can remember before the infection

Once done run a fresh OTL please
  • 0

Advertisements

#26
tsurvey73
Posted 24 October 2011 - 04:18 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It now says repair completed successfully windows will now start. Should I allow it to boot normally or go into safe mode again. Thank you
  • 0

#27
tsurvey73
Posted 24 October 2011 - 05:14 PM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
System Restore failed.

OTL logfile created on: 10/24/2011 6:02:36 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 84.27% Memory free
7.18 Gb Paging File | 6.87 Gb Available in Paging File | 95.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 11.06 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 495.22 Mb Total Space | 261.23 Mb Free Space | 52.75% Space Free | Partition Type: FAT
Drive G: | 1397.26 Gb Total Space | 254.11 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: UNDEVCOFILMS-PC | User Name: Undevco Films | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/10/24 14:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:25 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/24 18:02:08 | 000,053,248 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\temp\catchme.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MBAMService)
SRV - File not found [Auto | Stopped] -- -- (a2AntiMalware)
SRV - [2011/10/02 19:25:04 | 002,151,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/09 23:36:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/17 14:09:18 | 000,139,264 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/08/23 20:21:40 | 000,008,192 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/27 17:56:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/24 11:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/07/30 18:51:02 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/21 17:02:54 | 000,233,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/24 17:24:00 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\91912406.sys -- (58010134)
DRV - [2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\62361770.sys -- (17703796)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/05 14:12:35 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/06/03 02:54:36 | 001,032,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/31 02:16:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2007/10/31 02:15:52 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/25 06:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/01 16:10:02 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH053C.sys -- (SaiH053C)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001/10/25 22:42:10 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {71D7952D-AAF0-411D-9F41-34B02273C255}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:06&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Undevco Films\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/07 03:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/07/12 14:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 22:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{71D7952D-AAF0-411D-9F41-34B02273C255}: C:\Users\Undevco Films\AppData\Local\{71D7952D-AAF0-411D-9F41-34B02273C255}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{999CFC64-AA62-4B5D-8151-676682645F60}: C:\Users\Undevco Films\AppData\Local\{999CFC64-AA62-4B5D-8151-676682645F60}\

[2010/03/12 06:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Extensions
[2011/10/24 14:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions
[2011/05/12 01:18:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/08/01 19:32:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/11 18:56:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\[email protected]
[2010/11/07 18:00:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\extensions\vshare@toolbar
[2011/09/24 16:57:42 | 000,001,945 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\bing-zugo.xml
[2010/01/01 06:55:02 | 000,000,909 | ---- | M] () -- C:\Users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\searchplugins\conduit.xml
[2011/10/02 22:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 00:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{71D7952D-AAF0-411D-9F41-34B02273C255}
File not found (No name found) -- C:\USERS\UNDEVCO FILMS\APPDATA\LOCAL\{999CFC64-AA62-4B5D-8151-676682645F60}
File not found (No name found) -- C:\USERS\UNDEVCO FILMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5X5CED7.DEFAULT\EXTENSIONS\{460E7E89-5617-4FF2-82A2-26AAAA6519C3}
File not found (No name found) -- C:\USERS\UNDEVCO FILMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5X5CED7.DEFAULT\EXTENSIONS\{A605B862-EF41-4B3D-BD27-F91BD4ADD574}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/06/13 00:36:50 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.10.20_0\
CHR - Extension: No name found = C:\Users\Undevco Films\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/10/24 14:57:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3363404567-1739849673-3770979426-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BC34DB5-5A55-4374-88BC-6E43AF2557DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{121d60e9-fc0d-11e0-a4b4-0050bf180b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23922aa5-60cd-11df-b05a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe /autorun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] --
O37 - HKU\S-1-5-18\...exe [@ = exefile] --

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracklock
[2020/01/07 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cracklock
[2011/10/24 18:00:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/24 17:57:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/24 16:31:14 | 004,272,570 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2011/10/24 15:31:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/24 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\temp
[2011/10/24 13:53:41 | 000,000,000 | ---D | C] -- \_OTL
[2011/10/24 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/10/24 13:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/24 13:13:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Undevco Films\Desktop\aswMBR.exe
[2011/10/24 11:37:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/24 11:37:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/24 11:37:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/24 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 06:10:20 | 000,000,000 | ---D | C] -- C:\keska
[2011/10/24 05:29:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/24 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Documents\Anti-Malware
[2011/10/24 04:34:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 03:53:04 | 000,000,000 | ---D | C] -- \LOST.DIR
[2011/10/24 03:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 03:39:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/24 03:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\d
[2011/10/24 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\Adobe
[2011/10/24 00:42:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Doctor Web
[2011/10/24 00:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/10/24 00:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2011/10/23 22:57:48 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2011/10/23 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\m
[2011/10/23 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/23 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\DoctorWeb
[2011/10/23 17:01:39 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/23 14:28:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/23 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\nextgen-gallery
[2011/10/21 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\DR MUSIC ADD
[2011/10/21 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\FUNNY
[2011/10/17 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\Desktop\LES
[2011/10/16 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\WTablet
[2011/10/16 16:49:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2011/10/16 16:49:05 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2011/10/16 16:48:39 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2011/10/16 16:47:28 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2011/10/16 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2011/10/16 16:46:19 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2011/10/16 16:46:19 | 000,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2011/10/16 16:46:19 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2011/10/16 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/09 04:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box
[2011/10/05 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/05 19:21:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Local\temp(727)
[2011/09/30 23:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/25 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/09/25 09:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/24 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\Undevco Films\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 3
[2011/09/24 22:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 3

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/10/24 17:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 17:29:59 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 17:29:59 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 17:24:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 17:23:49 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_44374.nl_
[2011/10/24 15:48:32 | 004,272,570 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2011/10/24 14:57:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/24 14:14:33 | 004,178,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/24 13:44:31 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/24 13:44:31 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 12:57:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Undevco Films\Desktop\aswMBR.exe
[2011/10/24 11:06:49 | 301,083,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/24 10:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 06:30:40 | 000,580,339 | ---- | M] () -- C:\MGlogs.zip
[2011/10/24 06:15:43 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:55:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 05:29:03 | 002,423,465 | ---- | M] () -- C:\MGtools.exe
[2011/10/24 05:15:40 | 000,649,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 05:15:40 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 03:39:21 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 01:30:33 | 000,000,000 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 22:57:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91912406.sys
[2011/10/23 17:40:24 | 000,001,356 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2011/10/23 17:01:39 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\62361770.sys
[2011/10/23 15:31:56 | 000,002,855 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | M] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 14:08:56 | 000,303,049 | ---- | M] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:55:59 | 000,064,512 | ---- | M] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 13:26:17 | 007,636,901 | ---- | M] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/23 10:50:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 10:50:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/19 11:34:20 | 000,001,991 | ---- | M] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | M] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:31 | 001,021,597 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:27 | 001,045,646 | ---- | M] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:12:28 | 000,207,462 | ---- | M] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/14 04:33:00 | 008,962,806 | ---- | M] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | M] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/12 11:23:13 | 000,662,551 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/10/09 05:10:07 | 000,000,882 | ---- | M] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | M] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | M] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 19:25:14 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/09/24 22:16:06 | 000,000,902 | ---- | M] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk

========== Files Created - No Company Name ==========

[2020/01/07 00:32:35 | 000,001,651 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\Cracklock.settings
[2011/10/24 14:52:06 | 004,272,570 | ---- | C] () -- \svchost.exe
[2011/10/24 14:19:45 | 000,584,192 | ---- | C] () -- \OTL.exe
[2011/10/24 14:13:04 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_44374.nl_
[2011/10/24 13:41:35 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/24 13:41:35 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 13:33:51 | 006,395,200 | ---- | C] () -- \HitmanPro35.exe
[2011/10/24 13:23:11 | 000,000,512 | ---- | C] () -- \MBR.dat
[2011/10/24 12:57:06 | 001,916,416 | ---- | C] () -- \aswMBR.exe
[2011/10/24 12:23:28 | 001,561,392 | ---- | C] () -- \tdsskiller.exe
[2011/10/24 11:37:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/24 11:37:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/24 11:37:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/24 11:37:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/24 11:37:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/24 06:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{BB35E04F-A16E-4002-9389-2C24E2FB523E}
[2011/10/24 05:31:25 | 000,580,339 | ---- | C] () -- C:\MGlogs.zip
[2011/10/24 05:29:00 | 002,423,465 | ---- | C] () -- C:\MGtools.exe
[2011/10/24 05:06:49 | 101,526,088 | ---- | C] () -- \EmsisoftAntiMalwareSetup.exe
[2011/10/24 03:57:38 | 000,080,384 | ---- | C] () -- \MBRCheck-1.exe
[2011/10/24 03:56:27 | 000,000,000 | ---- | C] () -- \MBRCheck.exe
[2011/10/24 03:39:21 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 01:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\{C20A63DE-2E1B-42CC-ABC9-736B4095D8A2}
[2011/10/23 19:43:12 | 000,000,015 | ---- | C] () -- \settings.dat
[2011/10/23 19:42:38 | 000,472,064 | ---- | C] () -- \RootRepeal.exe
[2011/10/23 17:58:44 | 079,532,096 | ---- | C] () -- \m36z5576.exe
[2011/10/23 17:46:51 | 042,730,616 | ---- | C] () -- \4k8t247w.exe
[2011/10/23 17:34:22 | 000,050,688 | ---- | C] () -- \ATF-Cleaner.exe
[2011/10/23 17:28:01 | 000,000,000 | ---- | C] () -- \mab.exe
[2011/10/23 15:31:56 | 000,002,855 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill - Shortcut.pif
[2011/10/23 15:31:47 | 001,008,092 | ---- | C] () -- C:\Users\Undevco Films\Desktop\rkill.com
[2011/10/23 13:59:17 | 000,303,049 | ---- | C] () -- C:\Users\Undevco Films\Desktop\WLHAND.jpg
[2011/10/23 13:26:07 | 007,636,901 | ---- | C] () -- C:\Users\Undevco Films\Desktop\version_2701.jpg
[2011/10/19 11:34:20 | 000,001,991 | ---- | C] () -- C:\Users\Undevco Films\Desktop\footer.php
[2011/10/18 23:37:28 | 001,386,627 | ---- | C] () -- C:\Users\Undevco Films\Desktop\scool1.psd
[2011/10/18 22:52:30 | 001,021,597 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner1.jpg
[2011/10/18 13:17:26 | 001,045,646 | ---- | C] () -- C:\Users\Undevco Films\Desktop\mukundbanner.jpg
[2011/10/17 19:08:25 | 000,207,462 | ---- | C] () -- C:\Users\Undevco Films\Desktop\ptwtter.jpg
[2011/10/17 12:13:10 | 301,083,379 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:49:06 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2011/10/14 04:07:59 | 008,962,806 | ---- | C] () -- C:\Users\Undevco Films\Desktop\1.wav
[2011/10/12 16:00:16 | 000,022,254 | ---- | C] () -- C:\Users\Undevco Films\Desktop\zipCashDisplayPaymentReport.pdf
[2011/10/09 05:10:07 | 000,000,882 | ---- | C] () -- C:\Users\Undevco Films\Desktop\Rage - Shortcut.lnk
[2011/10/05 20:59:02 | 000,000,858 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/10/05 19:30:20 | 000,000,851 | ---- | C] () -- C:\Users\Undevco Films\Desktop\nba2k12 - Shortcut.lnk
[2011/10/02 22:43:47 | 000,000,870 | ---- | C] () -- C:\Users\Undevco Films\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/02 22:43:47 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:16:06 | 000,000,902 | ---- | C] () -- C:\Users\Undevco Films\Desktop\PhotoZoom Pro 3.lnk
[2011/09/24 16:27:46 | 000,004,436 | ---- | C] () -- C:\Windows\jtvndq48.ini
[2011/09/24 16:27:46 | 000,001,442 | ---- | C] () -- C:\Windows\cfmrp-n.ini
[2011/08/26 15:14:06 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 10:11:24 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/27 14:29:13 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/04/23 14:12:51 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 14:12:51 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 03:51:34 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/02/02 14:38:15 | 000,000,132 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/14 20:30:58 | 000,138,056 | ---- | C] () -- C:\Users\Undevco Films\AppData\Roaming\PnkBstrK.sys
[2010/12/14 20:30:46 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/14 20:30:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/23 17:14:56 | 000,141,273 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/08/25 00:51:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2010/07/26 09:45:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/07/26 09:45:58 | 000,000,707 | ---- | C] () -- C:\Windows\cm108.ini
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/05/13 15:07:16 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/04/27 18:04:33 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/04/22 19:59:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/04/22 19:59:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/04/22 19:59:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/04/22 19:59:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/04/22 19:59:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/03/29 19:09:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/03/29 18:57:46 | 000,001,541 | ---- | C] () -- C:\Windows\TSearch.INI
[2010/03/25 13:48:23 | 000,075,328 | ---- | C] () -- C:\Windows\System32\prodad-mercalli-10-codec.dll
[2010/03/22 16:19:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 13:49:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/03/15 03:16:12 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010/03/13 17:50:15 | 000,064,512 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 15:29:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/13 02:51:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/13 02:51:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/13 02:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/12 05:54:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/03/12 05:46:26 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2010/03/12 05:46:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/03/12 05:44:08 | 000,001,356 | ---- | C] () -- C:\Users\Undevco Films\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/06/05 18:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2007/05/01 16:10:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC053C_0C.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_10.dll
[2007/05/01 16:10:02 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_0A.dll
[2007/05/01 16:10:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC053C_09.dll
[2007/05/01 16:10:02 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC053C_11.dll
[2007/05/01 16:10:00 | 000,835,584 | ---- | C] () -- C:\Windows\System32\SaiC053C.Dll
[2007/05/01 16:10:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC053C_07.dll
[2007/05/01 16:10:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC053C_0402.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 004,178,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,649,176 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/05 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\2K Sports
[2011/04/23 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\572EFECB296E0DDFABC6F22A08836665
[2011/09/25 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\AVG2012
[2011/10/13 09:26:00 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Azureus
[2011/05/24 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\BlackBean
[2010/08/27 09:00:10 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/16 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\DAEMON Tools Pro
[2010/04/20 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\FreeArc
[2010/09/23 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\HDRsoft
[2010/06/13 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Logia
[2010/11/30 06:16:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Mount&Blade Warband
[2010/04/11 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\MPEG Streamclip
[2010/03/22 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\PACE Anti-Piracy
[2010/04/12 00:40:40 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Pavtube
[2010/03/25 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\proDAD
[2010/04/22 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Publish Providers
[2011/03/23 02:48:02 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\QuickScan
[2010/08/24 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\scriptocean
[2010/04/13 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony
[2010/03/22 01:18:32 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Sony Creative Software
[2010/08/27 16:57:36 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/06 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Stellarium
[2010/06/29 02:27:47 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\The Creative Assembly
[2011/03/28 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TightVNC
[2011/07/27 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Tonido
[2010/07/26 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\TS3Client
[2011/01/07 15:35:45 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\Ulead Systems
[2011/06/01 06:16:08 | 000,000,000 | --SD | M] -- C:\Users\Undevco Films\AppData\Roaming\Virtual CD v10
[2011/03/19 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Undevco Films\AppData\Roaming\WysePocketCloud
[2011/10/23 03:56:09 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
[2011/10/24 13:44:31 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2011/10/24 17:29:59 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/03/23 14:50:36 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/03/23 14:32:17 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1B7B8F31
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3C6F81BD

< End of report >

Attached Files

  • Attached File  OTL.Txt   104.54KB   113 downloads

  • 0

#28
Essexboy
Posted 25 October 2011 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now run the renamed combofix that you have on the C drive (svchost)

As part of the malware appears to be crippled - allow combofix to update if it asks
  • 0

#29
tsurvey73
Posted 25 October 2011 - 11:50 AM

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I have run the renamed ComboFix file. Combofix goes to the scan (without the access denied administrator message now however it still hangs on the 10 minute screen. For some reason earlier it ran just once but you told me it was an older version. I can run non malware and av programs in Normal boot now with internet. Combofix updated but still 10minute screen hangs with hd activity. Last night tried the same thing renamed the file Combofix ran for nearly 7 hours on the 10 minute screen and never scanned.

Edited by tsurvey73, 25 October 2011 - 11:56 AM.

  • 0

#30
Essexboy
Posted 25 October 2011 - 12:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I would like you to run AVP but I am only interested in the analysis portion so you can skip the scan if you wish

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP