Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware generating random number.exe cant run any malware soft


  • This topic is locked This topic is locked

#31
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I didn't see how to get report without a scan. Pressed scan and its been running for 2 hours at 1% completed but I still see the files going by at the bottom. Does it take this long and should I try just to get a report instead of a scan like you said initially. thx!
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye stop the scan and jump directly to the analysis portion that should take no more than 10 minutes to run then attach the zip file
  • 0

#33
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
as soon as you posted a virus was found in the scan. should I delete, skip or quarantine the found file before I stop the scan.
  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete please and let me know what the file name was
  • 0

#35
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
File name is C:\Documents and Settings\Undevco Fil...\index[1].htm
Virus type: HEUR:EXPLOIT.SCRIPT.GENERIC

okay i pressed delete is it okay now to stop the scan thx!
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep it has got as far as documents and settings so the main areas are scanned - go to the analysis now please - also let me know what the current problems are
  • 0

#37
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
okay clicked on gather system info button and it gets to 37% everytime and the program shuts down just like malwarebytes. Simply vanishes. malware shutting it down.
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try from safe mode please
  • 0

#39
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i am in safe mode when it closes out restarted again in safe mode and same results 37% shutdown of scan

Edited by tsurvey73, 25 October 2011 - 03:39 PM.

  • 0

#40
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
okay ran startup repair booted into normal mode and combofix pops up before anything else and starts running..all the way to 50 and then it started saying access denied... and closed and rebooted.

Attached Files


  • 0

Advertisements


#41
tsurvey73

tsurvey73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
just somehow successfully ran combofix and rebooted waiting on log now

ComboFix 11-10-25.04 - Undevco Films 10/25/2011 21:18:52.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2901 [GMT -5:00]
Running from: c:\users\Undevco Films\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB4425$
c:\windows\$NtUninstallKB4425$\448590858\@
c:\windows\$NtUninstallKB4425$\448590858\L\qnbwvoto
c:\windows\$NtUninstallKB4425$\448590858\loader.tlb
c:\windows\$NtUninstallKB4425$\448590858\U\@00000001
c:\windows\$NtUninstallKB4425$\448590858\U\@000000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cf
c:\windows\$NtUninstallKB4425$\448590858\U\@80000000
c:\windows\$NtUninstallKB4425$\448590858\U\@800000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cf
c:\windows\$NtUninstallKB4425$\874146624
c:\windows\system32\
c:\windows\system32\c_44374.nls
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_201c2ab5e826014f\mscorsvw.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2020-01-07 05:32 . 2020-01-07 05:32 -------- d-----w- c:\program files\Cracklock
2011-10-26 02:38 . 2011-10-26 02:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-26 02:38 . 2011-10-26 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 02:12 . 2011-10-25 16:12 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-26 01:36 . 2011-10-26 01:36 48016 --sha-w- c:\windows\system32\c_44374.nl_
2011-10-26 00:16 . 2011-10-26 00:16 94896 ----a-w- c:\windows\system32\drivers\92184235.sys
2011-10-26 00:16 . 2011-10-26 00:16 35328 ----a-w- c:\windows\system32\drivers\tskCB89.tmp
2011-10-25 21:16 . 2011-10-26 00:17 7168 ----a-w- c:\windows\system32\drivers\utiymje4.sys
2011-10-25 19:00 . 2011-10-25 19:00 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-25 18:55 . 2011-10-25 18:55 -------- d-----w- C:\asfjdk
2011-10-25 18:25 . 2011-10-18 23:04 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-25 18:16 . 2011-10-25 18:19 -------- d-----w- C:\asjklfhsdj
2011-10-25 16:21 . 2011-10-25 16:21 -------- d-----w- C:\abc
2011-10-24 18:41 . 2011-10-24 18:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-24 10:29 . 2011-10-24 11:30 -------- d-----w- C:\MGtools
2011-10-24 10:10 . 2011-10-24 10:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-24 09:34 . 2011-10-26 02:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-24 08:39 . 2011-10-24 08:39 -------- d-----w- c:\program files\jskflhasdjk
2011-10-24 08:39 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 05:42 . 2011-10-24 05:42 -------- d-----w- c:\users\Undevco Films\Doctor Web
2011-10-24 05:41 . 2011-10-24 05:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-10-24 05:40 . 2011-10-24 07:10 -------- d-----w- c:\program files\DrWeb
2011-10-24 03:57 . 2011-10-24 03:57 94896 ----a-w- c:\windows\system32\drivers\91912406.sys
2011-10-24 01:49 . 2011-10-24 06:34 -------- d-----w- c:\programdata\Doctor Web
2011-10-24 01:09 . 2011-10-24 01:09 -------- d-----w- c:\program files\m
2011-10-24 00:57 . 2011-10-26 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 22:47 . 2011-10-23 23:41 -------- d-----w- c:\users\Undevco Films\DoctorWeb
2011-10-23 22:01 . 2011-10-23 22:01 94896 ----a-w- c:\windows\system32\drivers\62361770.sys
2011-10-23 20:31 . 2011-10-23 20:31 -------- d--h--w- c:\windows\PIF
2011-10-23 19:28 . 2011-10-23 19:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-18 23:12 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-18 23:12 . 2011-08-03 02:50 96768 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-18 23:12 . 2011-08-03 02:50 443392 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-18 23:12 . 2011-08-03 02:49 151552 ----a-w- c:\windows\system32\MSNP.ax
2011-10-18 23:12 . 2011-08-03 02:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-18 23:12 . 2011-08-03 02:49 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-18 23:12 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-18 23:12 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-18 23:12 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-18 23:12 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-18 23:12 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-16 21:49 . 2011-10-19 02:00 -------- d-----w- c:\users\Undevco Films\AppData\Roaming\WTablet
2011-10-16 21:49 . 2009-11-24 16:25 7892776 ----a-w- c:\windows\system32\WacomTablet.cpl
2011-10-16 21:48 . 2007-02-16 15:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-10-16 21:47 . 2009-05-20 16:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-10-16 21:46 . 2011-10-16 21:46 -------- d-----w- c:\windows\system32\WTablet
2011-10-16 21:46 . 2009-11-24 16:25 4463400 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2011-10-16 21:46 . 2009-11-24 16:25 412456 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-10-16 21:46 . 2009-11-24 16:20 285184 ----a-w- c:\windows\system32\Wintab32.dll
2011-10-16 21:46 . 2011-10-16 21:48 -------- d-----w- c:\program files\Tablet
2011-10-09 09:28 . 2011-10-09 09:28 -------- d-----w- c:\program files\Black_Box
2011-10-01 04:33 . 2011-10-25 18:49 -------- d-----w- c:\programdata\Hitman Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 04:30 . 2010-03-13 07:50 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2011-10-26 02:40 . 2010-03-12 11:04 17488 ----a-w- c:\windows\gdrv.sys
2011-10-25 01:13 . 2010-03-13 07:50 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-25 01:10 . 2011-06-15 22:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:11 . 2011-06-15 22:03 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-24 11:30 . 2011-10-24 10:31 580339 ----a-w- C:\MGlogs.zip
2011-10-24 07:10 . 2010-03-12 22:37 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-24 04:02 . 2010-03-13 07:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 01:24 . 2010-03-13 07:51 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-03 00:25 . 2010-03-22 18:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-11 17:37 . 2011-08-11 17:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 17:37 . 2011-08-11 17:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 17:37 . 2011-08-11 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-11 17:37 . 2011-08-11 17:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-11 17:37 . 2011-08-11 17:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 17:37 . 2011-08-11 17:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-11 17:37 . 2011-08-11 17:37 367104 ----a-w- c:\windows\system32\html.iec
2011-08-11 17:37 . 2011-08-11 17:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 17:37 . 2011-08-11 17:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-11 17:37 . 2011-08-11 17:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-11 17:37 . 2011-08-11 17:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-11 17:37 . 2011-08-11 17:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-11 17:37 . 2011-08-11 17:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 17:37 . 2011-08-11 17:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-11 17:37 . 2011-08-11 17:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-11 17:37 . 2011-08-11 17:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-11 17:37 . 2011-08-11 17:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-10-03 03:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 cpuz130;cpuz130;c:\users\UNDEVC~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-18 23624]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [x]
R3 pgusbwdm;usb-audio.de driver (commercial 2.8.40);c:\windows\system32\Drivers\pgusbwdm.sys [x]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 132232]
R3 utiymje4;AVZ Kernel Driver;c:\windows\system32\Drivers\utiymje4.sys [2011-10-26 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 17703796;17703796;c:\windows\system32\drivers\62361770.sys [2011-10-23 94896]
R4 58010134;58010134;c:\windows\system32\drivers\91912406.sys [2011-10-24 94896]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-03 2151640]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
R4 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-09-17 139264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-05 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-12 69632]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 61440]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
- c:\program files\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
2011-10-24 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-10-24 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6bf54e0b-9c56-49f2-be14-38455c6e14c9%7D&mid=48af4c0ea42647d19c20d119f9fce2b8-53e996cf7d9b37f515ee00ef1aaf8720b6ea968c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-05%2020%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-25 21:47:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-26 02:47
ComboFix2.txt 2011-10-25 22:11
ComboFix3.txt 2011-10-25 21:57
.
Pre-Run: 57,130,147,840 bytes free
Post-Run: 57,092,157,440 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DD4DCDEC10A16D9F76F4383BEAE014B6

Attached Files


Edited by Essexboy, 26 October 2011 - 10:41 AM.

  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Methinks there may be light at the end of this here tunnel


1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\jskflhasdjk
C:\asjklfhsdj
C:\abc
C:\asfjdk

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Run a fresh OTL scan selecting all users please
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP