Malware generating random number.exe cant run any malware soft
Started by
tsurvey73
, Oct 24 2011 10:57 AM
#31
Posted 25 October 2011 - 02:42 PM
#32
Posted 25 October 2011 - 02:43 PM
Aye stop the scan and jump directly to the analysis portion that should take no more than 10 minutes to run then attach the zip file
#33
Posted 25 October 2011 - 02:50 PM
as soon as you posted a virus was found in the scan. should I delete, skip or quarantine the found file before I stop the scan.
#34
Posted 25 October 2011 - 02:51 PM
Delete please and let me know what the file name was
#35
Posted 25 October 2011 - 03:06 PM
File name is C:\Documents and Settings\Undevco Fil...\index[1].htm
Virus type: HEUR:EXPLOIT.SCRIPT.GENERIC
okay i pressed delete is it okay now to stop the scan thx!
Virus type: HEUR:EXPLOIT.SCRIPT.GENERIC
okay i pressed delete is it okay now to stop the scan thx!
#36
Posted 25 October 2011 - 03:12 PM
Yep it has got as far as documents and settings so the main areas are scanned - go to the analysis now please - also let me know what the current problems are
#37
Posted 25 October 2011 - 03:26 PM
okay clicked on gather system info button and it gets to 37% everytime and the program shuts down just like malwarebytes. Simply vanishes. malware shutting it down.
#38
Posted 25 October 2011 - 03:34 PM
Could you try from safe mode please
#39
Posted 25 October 2011 - 03:37 PM
i am in safe mode when it closes out restarted again in safe mode and same results 37% shutdown of scan
Edited by tsurvey73, 25 October 2011 - 03:39 PM.
#40
Posted 25 October 2011 - 08:07 PM
okay ran startup repair booted into normal mode and combofix pops up before anything else and starts running..all the way to 50 and then it started saying access denied... and closed and rebooted.
Attached Files
#41
Posted 25 October 2011 - 08:45 PM
just somehow successfully ran combofix and rebooted waiting on log now
ComboFix 11-10-25.04 - Undevco Films 10/25/2011 21:18:52.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2901 [GMT -5:00]
Running from: c:\users\Undevco Films\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB4425$
c:\windows\$NtUninstallKB4425$\448590858\@
c:\windows\$NtUninstallKB4425$\448590858\L\qnbwvoto
c:\windows\$NtUninstallKB4425$\448590858\loader.tlb
c:\windows\$NtUninstallKB4425$\448590858\U\@00000001
c:\windows\$NtUninstallKB4425$\448590858\U\@000000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cf
c:\windows\$NtUninstallKB4425$\448590858\U\@80000000
c:\windows\$NtUninstallKB4425$\448590858\U\@800000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cf
c:\windows\$NtUninstallKB4425$\874146624
c:\windows\system32\
c:\windows\system32\c_44374.nls
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it
Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_201c2ab5e826014f\mscorsvw.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2020-01-07 05:32 . 2020-01-07 05:32 -------- d-----w- c:\program files\Cracklock
2011-10-26 02:38 . 2011-10-26 02:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-26 02:38 . 2011-10-26 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 02:12 . 2011-10-25 16:12 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-26 01:36 . 2011-10-26 01:36 48016 --sha-w- c:\windows\system32\c_44374.nl_
2011-10-26 00:16 . 2011-10-26 00:16 94896 ----a-w- c:\windows\system32\drivers\92184235.sys
2011-10-26 00:16 . 2011-10-26 00:16 35328 ----a-w- c:\windows\system32\drivers\tskCB89.tmp
2011-10-25 21:16 . 2011-10-26 00:17 7168 ----a-w- c:\windows\system32\drivers\utiymje4.sys
2011-10-25 19:00 . 2011-10-25 19:00 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-25 18:55 . 2011-10-25 18:55 -------- d-----w- C:\asfjdk
2011-10-25 18:25 . 2011-10-18 23:04 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-25 18:16 . 2011-10-25 18:19 -------- d-----w- C:\asjklfhsdj
2011-10-25 16:21 . 2011-10-25 16:21 -------- d-----w- C:\abc
2011-10-24 18:41 . 2011-10-24 18:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-24 10:29 . 2011-10-24 11:30 -------- d-----w- C:\MGtools
2011-10-24 10:10 . 2011-10-24 10:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-24 09:34 . 2011-10-26 02:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-24 08:39 . 2011-10-24 08:39 -------- d-----w- c:\program files\jskflhasdjk
2011-10-24 08:39 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 05:42 . 2011-10-24 05:42 -------- d-----w- c:\users\Undevco Films\Doctor Web
2011-10-24 05:41 . 2011-10-24 05:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-10-24 05:40 . 2011-10-24 07:10 -------- d-----w- c:\program files\DrWeb
2011-10-24 03:57 . 2011-10-24 03:57 94896 ----a-w- c:\windows\system32\drivers\91912406.sys
2011-10-24 01:49 . 2011-10-24 06:34 -------- d-----w- c:\programdata\Doctor Web
2011-10-24 01:09 . 2011-10-24 01:09 -------- d-----w- c:\program files\m
2011-10-24 00:57 . 2011-10-26 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 22:47 . 2011-10-23 23:41 -------- d-----w- c:\users\Undevco Films\DoctorWeb
2011-10-23 22:01 . 2011-10-23 22:01 94896 ----a-w- c:\windows\system32\drivers\62361770.sys
2011-10-23 20:31 . 2011-10-23 20:31 -------- d--h--w- c:\windows\PIF
2011-10-23 19:28 . 2011-10-23 19:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-18 23:12 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-18 23:12 . 2011-08-03 02:50 96768 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-18 23:12 . 2011-08-03 02:50 443392 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-18 23:12 . 2011-08-03 02:49 151552 ----a-w- c:\windows\system32\MSNP.ax
2011-10-18 23:12 . 2011-08-03 02:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-18 23:12 . 2011-08-03 02:49 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-18 23:12 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-18 23:12 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-18 23:12 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-18 23:12 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-18 23:12 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-16 21:49 . 2011-10-19 02:00 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\WTablet
2011-10-16 21:49 . 2009-11-24 16:25 7892776 ----a-w- c:\windows\system32\WacomTablet.cpl
2011-10-16 21:48 . 2007-02-16 15:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-10-16 21:47 . 2009-05-20 16:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-10-16 21:46 . 2011-10-16 21:46 -------- d-----w- c:\windows\system32\WTablet
2011-10-16 21:46 . 2009-11-24 16:25 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2011-10-16 21:46 . 2009-11-24 16:25 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-10-16 21:46 . 2009-11-24 16:20 285184 ----a-w- c:\windows\system32\Wintab32.dll
2011-10-16 21:46 . 2011-10-16 21:48 -------- d-----w- c:\program files\Tablet
2011-10-09 09:28 . 2011-10-09 09:28 -------- d-----w- c:\program files\Black_Box
2011-10-01 04:33 . 2011-10-25 18:49 -------- d-----w- c:\programdata\Hitman Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 04:30 . 2010-03-13 07:50 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2011-10-26 02:40 . 2010-03-12 11:04 17488 ----a-w- c:\windows\gdrv.sys
2011-10-25 01:13 . 2010-03-13 07:50 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-25 01:10 . 2011-06-15 22:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:11 . 2011-06-15 22:03 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-24 11:30 . 2011-10-24 10:31 580339 ----a-w- C:\MGlogs.zip
2011-10-24 07:10 . 2010-03-12 22:37 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-24 04:02 . 2010-03-13 07:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 01:24 . 2010-03-13 07:51 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-03 00:25 . 2010-03-22 18:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-11 17:37 . 2011-08-11 17:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 17:37 . 2011-08-11 17:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 17:37 . 2011-08-11 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-11 17:37 . 2011-08-11 17:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 17:37 . 2011-08-11 17:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-11 17:37 . 2011-08-11 17:37 367104 ----a-w- c:\windows\system32\html.iec
2011-08-11 17:37 . 2011-08-11 17:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 17:37 . 2011-08-11 17:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-11 17:37 . 2011-08-11 17:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-11 17:37 . 2011-08-11 17:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-11 17:37 . 2011-08-11 17:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-11 17:37 . 2011-08-11 17:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 17:37 . 2011-08-11 17:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-11 17:37 . 2011-08-11 17:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-11 17:37 . 2011-08-11 17:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-11 17:37 . 2011-08-11 17:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-10-03 03:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 cpuz130;cpuz130;c:\users\UNDEVC~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-18 23624]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [x]
R3 pgusbwdm;usb-audio.de driver (commercial 2.8.40);c:\windows\system32\Drivers\pgusbwdm.sys [x]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 132232]
R3 utiymje4;AVZ Kernel Driver;c:\windows\system32\Drivers\utiymje4.sys [2011-10-26 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 17703796;17703796;c:\windows\system32\drivers\62361770.sys [2011-10-23 94896]
R4 58010134;58010134;c:\windows\system32\drivers\91912406.sys [2011-10-24 94896]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-03 2151640]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
R4 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-09-17 139264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-05 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-12 69632]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 61440]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
- c:\program files\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
2011-10-24 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-10-24 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6bf54e0b-9c56-49f2-be14-38455c6e14c9%7D&mid=48af4c0ea42647d19c20d119f9fce2b8-53e996cf7d9b37f515ee00ef1aaf8720b6ea968c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-05%2020%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-25 21:47:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-26 02:47
ComboFix2.txt 2011-10-25 22:11
ComboFix3.txt 2011-10-25 21:57
.
Pre-Run: 57,130,147,840 bytes free
Post-Run: 57,092,157,440 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DD4DCDEC10A16D9F76F4383BEAE014B6
ComboFix 11-10-25.04 - Undevco Films 10/25/2011 21:18:52.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2901 [GMT -5:00]
Running from: c:\users\Undevco Films\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB4425$
c:\windows\$NtUninstallKB4425$\448590858\@
c:\windows\$NtUninstallKB4425$\448590858\L\qnbwvoto
c:\windows\$NtUninstallKB4425$\448590858\loader.tlb
c:\windows\$NtUninstallKB4425$\448590858\U\@00000001
c:\windows\$NtUninstallKB4425$\448590858\U\@000000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cf
c:\windows\$NtUninstallKB4425$\448590858\U\@80000000
c:\windows\$NtUninstallKB4425$\448590858\U\@800000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cf
c:\windows\$NtUninstallKB4425$\874146624
c:\windows\system32\
c:\windows\system32\c_44374.nls
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it
Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_201c2ab5e826014f\mscorsvw.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2020-01-07 05:32 . 2020-01-07 05:32 -------- d-----w- c:\program files\Cracklock
2011-10-26 02:38 . 2011-10-26 02:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-26 02:38 . 2011-10-26 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 02:12 . 2011-10-25 16:12 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-26 01:36 . 2011-10-26 01:36 48016 --sha-w- c:\windows\system32\c_44374.nl_
2011-10-26 00:16 . 2011-10-26 00:16 94896 ----a-w- c:\windows\system32\drivers\92184235.sys
2011-10-26 00:16 . 2011-10-26 00:16 35328 ----a-w- c:\windows\system32\drivers\tskCB89.tmp
2011-10-25 21:16 . 2011-10-26 00:17 7168 ----a-w- c:\windows\system32\drivers\utiymje4.sys
2011-10-25 19:00 . 2011-10-25 19:00 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-25 18:55 . 2011-10-25 18:55 -------- d-----w- C:\asfjdk
2011-10-25 18:25 . 2011-10-18 23:04 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-25 18:16 . 2011-10-25 18:19 -------- d-----w- C:\asjklfhsdj
2011-10-25 16:21 . 2011-10-25 16:21 -------- d-----w- C:\abc
2011-10-24 18:41 . 2011-10-24 18:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-24 10:29 . 2011-10-24 11:30 -------- d-----w- C:\MGtools
2011-10-24 10:10 . 2011-10-24 10:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-24 09:34 . 2011-10-26 02:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-24 08:39 . 2011-10-24 08:39 -------- d-----w- c:\program files\jskflhasdjk
2011-10-24 08:39 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 05:42 . 2011-10-24 05:42 -------- d-----w- c:\users\Undevco Films\Doctor Web
2011-10-24 05:41 . 2011-10-24 05:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-10-24 05:40 . 2011-10-24 07:10 -------- d-----w- c:\program files\DrWeb
2011-10-24 03:57 . 2011-10-24 03:57 94896 ----a-w- c:\windows\system32\drivers\91912406.sys
2011-10-24 01:49 . 2011-10-24 06:34 -------- d-----w- c:\programdata\Doctor Web
2011-10-24 01:09 . 2011-10-24 01:09 -------- d-----w- c:\program files\m
2011-10-24 00:57 . 2011-10-26 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 22:47 . 2011-10-23 23:41 -------- d-----w- c:\users\Undevco Films\DoctorWeb
2011-10-23 22:01 . 2011-10-23 22:01 94896 ----a-w- c:\windows\system32\drivers\62361770.sys
2011-10-23 20:31 . 2011-10-23 20:31 -------- d--h--w- c:\windows\PIF
2011-10-23 19:28 . 2011-10-23 19:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-18 23:12 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-18 23:12 . 2011-08-03 02:50 96768 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-18 23:12 . 2011-08-03 02:50 443392 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-18 23:12 . 2011-08-03 02:49 151552 ----a-w- c:\windows\system32\MSNP.ax
2011-10-18 23:12 . 2011-08-03 02:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-18 23:12 . 2011-08-03 02:49 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-18 23:12 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-18 23:12 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-18 23:12 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-18 23:12 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-18 23:12 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-16 21:49 . 2011-10-19 02:00 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\WTablet
2011-10-16 21:49 . 2009-11-24 16:25 7892776 ----a-w- c:\windows\system32\WacomTablet.cpl
2011-10-16 21:48 . 2007-02-16 15:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-10-16 21:47 . 2009-05-20 16:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-10-16 21:46 . 2011-10-16 21:46 -------- d-----w- c:\windows\system32\WTablet
2011-10-16 21:46 . 2009-11-24 16:25 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2011-10-16 21:46 . 2009-11-24 16:25 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-10-16 21:46 . 2009-11-24 16:20 285184 ----a-w- c:\windows\system32\Wintab32.dll
2011-10-16 21:46 . 2011-10-16 21:48 -------- d-----w- c:\program files\Tablet
2011-10-09 09:28 . 2011-10-09 09:28 -------- d-----w- c:\program files\Black_Box
2011-10-01 04:33 . 2011-10-25 18:49 -------- d-----w- c:\programdata\Hitman Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 04:30 . 2010-03-13 07:50 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2011-10-26 02:40 . 2010-03-12 11:04 17488 ----a-w- c:\windows\gdrv.sys
2011-10-25 01:13 . 2010-03-13 07:50 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-25 01:10 . 2011-06-15 22:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:11 . 2011-06-15 22:03 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-24 11:30 . 2011-10-24 10:31 580339 ----a-w- C:\MGlogs.zip
2011-10-24 07:10 . 2010-03-12 22:37 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-24 04:02 . 2010-03-13 07:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 01:24 . 2010-03-13 07:51 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-03 00:25 . 2010-03-22 18:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-11 17:37 . 2011-08-11 17:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 17:37 . 2011-08-11 17:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 17:37 . 2011-08-11 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-11 17:37 . 2011-08-11 17:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 17:37 . 2011-08-11 17:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-11 17:37 . 2011-08-11 17:37 367104 ----a-w- c:\windows\system32\html.iec
2011-08-11 17:37 . 2011-08-11 17:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 17:37 . 2011-08-11 17:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-11 17:37 . 2011-08-11 17:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-11 17:37 . 2011-08-11 17:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-11 17:37 . 2011-08-11 17:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-11 17:37 . 2011-08-11 17:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 17:37 . 2011-08-11 17:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-11 17:37 . 2011-08-11 17:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-11 17:37 . 2011-08-11 17:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-11 17:37 . 2011-08-11 17:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-10-03 03:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 cpuz130;cpuz130;c:\users\UNDEVC~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-18 23624]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [x]
R3 pgusbwdm;usb-audio.de driver (commercial 2.8.40);c:\windows\system32\Drivers\pgusbwdm.sys [x]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 132232]
R3 utiymje4;AVZ Kernel Driver;c:\windows\system32\Drivers\utiymje4.sys [2011-10-26 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 17703796;17703796;c:\windows\system32\drivers\62361770.sys [2011-10-23 94896]
R4 58010134;58010134;c:\windows\system32\drivers\91912406.sys [2011-10-24 94896]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-03 2151640]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
R4 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-09-17 139264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-05 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-12 69632]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 61440]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
- c:\program files\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
2011-10-24 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-10-24 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6bf54e0b-9c56-49f2-be14-38455c6e14c9%7D&mid=48af4c0ea42647d19c20d119f9fce2b8-53e996cf7d9b37f515ee00ef1aaf8720b6ea968c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-05%2020%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-25 21:47:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-26 02:47
ComboFix2.txt 2011-10-25 22:11
ComboFix3.txt 2011-10-25 21:57
.
Pre-Run: 57,130,147,840 bytes free
Post-Run: 57,092,157,440 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DD4DCDEC10A16D9F76F4383BEAE014B6
Attached Files
Edited by Essexboy, 26 October 2011 - 10:41 AM.
#42
Posted 26 October 2011 - 10:46 AM
Methinks there may be light at the end of this here tunnel
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
THEN
Run a fresh OTL scan selecting all users please
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exeFolder::
c:\program files\jskflhasdjk
C:\asjklfhsdj
C:\abc
C:\asfjdk
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
THEN
Run a fresh OTL scan selecting all users please
#43
Posted 30 October 2011 - 06:54 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users