Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit.Cloaked/Service-Gen.


  • This topic is locked This topic is locked
12 replies to this topic

#1 azelo

azelo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 05 October 2011 - 06:30 PM

I got this by clicking a link, then my pc restarted and that fast I was infected. It has disabled part of my antivirus and disabled windows auto update. Super AntiSpyware found RootKit.Cloaked/Service-Gen.and says that it removes it but after a reboot its still there in C:\windows\sys32\drivers\125F52191EC10B9B. I also tried to delete the file but it wouldn't let me.

FYI

when I tried to run gmer I got these four errors and all keys were greyed out

1. LoadDriver("C:Docume~1\Locals~1\Temp\fwlyy Doc.sys") error 0xc0000001:cannot create a stable subkey under a volatile parent key.

2. C:\WINDOWS\system32\config\system: the process cannot access the file because it is being used by another process.

3. C:\documents and settings\compact owner\ntuser.dat: the process cannot access the file because it is being used by another process.

4. C:\documents and settings\compact owner\software: the process cannot access the file because it is being used by another process.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Compaq_Owner at 15:20:32 on 2011-10-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.422 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [KB547127.exe] "c:\documents and settings\compaq_owner\application data\KB547127.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{D0912472-23AF-4F3F-9325-2F5A3F85C9A4} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\kyagiu9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-1 2214504]
S0 56102c3b403bbda8;56102c3b403bbda8;\SystemRoot\\SystemRoot\System32\Drivers\56102c3b403bbda8.sys --> \SystemRoot\\SystemRoot\System32\Drivers\56102c3b403bbda8.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-9-29 532224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-05 20:03:02 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2011-10-05 18:50:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-05 18:50:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 18:50:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-05 16:25:28 -------- d-sh--w- c:\documents and settings\compaq_owner\application data\6EB936A6
2011-10-05 16:22:36 43776 ----a-w- c:\windows\system32\drivers\125f52191ec10b9b.sys
2011-10-05 15:17:25 -------- d-----w- c:\program files\VideoLAN
2011-10-03 13:23:25 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\SkinSoft
2011-10-03 05:55:40 -------- d-----w- c:\program files\common files\L&H
2011-10-03 05:55:29 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-10-03 05:55:04 -------- d-----w- c:\windows\SHELLNEW
2011-10-02 19:45:38 -------- d-----w- c:\program files\Call of Duty
2011-10-02 12:24:30 -------- d-----w- c:\program files\Activision Value
2011-10-01 09:39:15 -------- d-----w- c:\program files\The Saboteur
2011-10-01 07:26:58 -------- d-----w- c:\program files\SystemRequirementsLab
2011-10-01 07:09:55 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-10-01 07:09:34 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-01 07:08:47 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-01 07:08:47 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-01 07:08:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-01 07:08:29 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-01 06:54:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-01 06:54:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 05:21:41 -------- d-----w- c:\documents and settings\compaq_owner\application data\HPQ
2011-10-01 04:50:39 -------- d-----w- c:\program files\Max Payne 2 (WBB Edition)
2011-09-30 23:49:02 -------- d-----w- c:\program files\Yahoo!
2011-09-30 08:20:44 -------- d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
2011-09-30 08:17:53 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\ESET
2011-09-30 06:04:15 -------- d-----w- c:\program files\ESET
2011-09-30 06:01:51 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-30 06:01:03 -------- d-----w- c:\documents and settings\compaq_owner\application data\DAEMON Tools Lite
2011-09-30 06:00:50 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-09-30 05:14:42 -------- d-----w- c:\documents and settings\compaq_owner\application data\SUPERAntiSpyware.com
2011-09-30 05:14:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-30 05:14:13 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-30 04:00:08 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Adobe
2011-09-30 03:03:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-09-30 03:00:23 -------- d--h--w- c:\windows\msdownld.tmp
2011-09-30 03:00:10 -------- d-----w- c:\windows\Logs
2011-09-30 02:50:14 -------- d-sh--w- c:\documents and settings\compaq_owner\IETldCache
2011-09-30 02:32:41 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-09-30 02:32:25 -------- d-----w- c:\windows\ie8updates
2011-09-30 02:31:26 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-09-30 02:31:25 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-30 02:31:25 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-30 02:31:25 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-30 02:31:25 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-09-30 02:31:24 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-30 02:31:24 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-09-30 02:29:45 -------- dc-h--w- c:\windows\ie8
2011-09-30 02:19:33 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-30 02:19:10 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-30 02:18:53 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-09-30 02:18:53 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-30 02:18:53 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-09-30 02:18:53 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-09-30 02:18:53 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-09-30 02:18:53 117760 ------w- c:\windows\system32\prntvpt.dll
2011-09-30 02:18:52 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-09-30 02:18:52 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-09-30 02:18:52 -------- d-----w- C:\4f68f34a7c85c71966679c4ea4498ed1
2011-09-30 01:37:43 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-30 01:37:37 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-30 01:36:44 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
2011-09-30 01:36:09 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-09-30 01:34:15 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-30 01:34:07 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-09-30 01:33:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-09-30 01:33:33 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-30 01:33:11 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-09-30 01:31:56 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2011-09-30 01:31:56 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-09-30 01:31:56 420864 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-09-30 01:31:56 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2011-09-30 01:31:56 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2011-09-30 01:31:56 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2011-09-30 01:31:56 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2011-09-30 01:12:12 -------- d-sh--w- c:\documents and settings\compaq_owner\UserData
2011-09-30 00:52:23 -------- d-----w- c:\windows\system32\scripting
2011-09-30 00:52:22 -------- d-----w- c:\windows\l2schemas
2011-09-30 00:52:21 -------- d-----w- c:\windows\system32\en
2011-09-30 00:52:21 -------- d-----w- c:\windows\system32\bits
2011-09-30 00:48:26 -------- d-----w- c:\windows\network diagnostic
2011-09-30 00:44:00 -------- d-----w- c:\windows\EHome
2011-09-30 00:20:54 -------- d-----w- c:\windows\ServicePackFiles
2011-09-30 00:20:26 -------- d-----w- c:\documents and settings\compaq_owner\application data\HpUpdate
2011-09-30 00:20:21 -------- d-----w- c:\windows\Hewlett-Packard
2011-09-30 00:18:43 -------- d-----w- c:\program files\MSXML 4.0
2011-09-30 00:15:43 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-30 00:15:43 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-30 00:12:25 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-09-29 23:59:36 -------- d-----w- c:\program files\Zone Labs
2011-09-29 23:59:21 -------- d-----w- c:\windows\Internet Logs
2011-09-29 23:56:02 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Mozilla
2011-09-29 23:54:58 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-09-29 23:54:58 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-09-29 23:54:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-09-29 23:54:11 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-29 23:51:15 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-09-29 23:49:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-29 23:49:35 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-09-29 23:49:03 -------- d-----w- c:\windows\system32\PreInstall
2011-09-29 23:47:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 23:44:26 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-09-29 23:04:29 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-09-29 23:04:29 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-09-29 23:04:29 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-09-29 23:04:11 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-09-29 23:02:31 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-09-29 23:00:38 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-09-29 23:00:38 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-09-29 23:00:38 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-09-29 23:00:38 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-09-29 23:00:37 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2011-09-29 23:00:37 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2011-09-29 23:00:36 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-29 23:00:32 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-29 22:59:45 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2011-09-29 22:59:44 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-29 22:58:43 -------- d-sh--r- C:\cmdcons
2011-09-29 22:58:38 -------- d-----w- c:\windows\setup.pss
2011-09-29 16:08:22 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-29 16:08:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-29 16:08:19 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-09-29 16:08:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-29 16:08:14 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-29 16:08:11 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-29 05:22:09 -------- d-----r- c:\documents and settings\all users\Documents
2011-09-29 05:21:36 -------- d-----r- c:\windows\Offline Web Pages
2011-09-29 05:18:57 -------- d-sh--r- c:\windows\system32\dllcache
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-30 00:54:40 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2011-09-30 00:54:39 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2011-09-30 00:54:38 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2011-09-30 00:54:38 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2011-09-30 00:54:38 341048 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2011-09-30 00:54:38 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2011-09-30 00:54:38 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2011-09-30 00:54:38 217088 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2011-09-30 00:54:38 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 15:21:03.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 08 October 2011 - 04:50 PM

Hello and welcome to the forum. :welcome:

I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.

If you have since resolved the original problem you were having, we would appreciate you letting us know.

If you still do need our help, please note the following:
  • While working we us, please refrain from running tools or applying updates other than those we suggest while we are cleaning your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please also include a clear description of the problems you're having.
  • After 5 days if your topic is not replied I will assume it has been abandoned and will close it.

Please be patient while I analyze your logs. All of my fixes are checked by higher level forum members before posting.

Thank you.

DR


#3 azelo

azelo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 08 October 2011 - 05:06 PM

Hi rigacci,
thanks for taking the time to help me. No I have not fixed my problem and I will wait for your instructions.

#4 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 09 October 2011 - 05:56 AM

Hi azelo! :wink:

Let's start with the following..

Please Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable Security Programs

•Double click on ComboFix.exe & follow the prompts.

Notes: ComboFix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Posted Image

If running XP, Click on YES and allow the Recovery Console to install. If running Vista or 7, click on NO to continue the scanning for malware.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy/Paste in your next reply.

Notes:

1.Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. ComboFix disconnects your machine from the internet. The connection is automatically restored before ComboFix completes its run.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from ComboFix. Use copy/paste.

Also, please describe how your computer behaves at the moment.

Thanks.

Dave

#5 azelo

azelo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 09 October 2011 - 01:10 PM

Hi Dave,
Here is the combofix log. The pc seems to be running fine now, eset and windows update are both working again. When combofix rebooted my pc a prg.called "pev.3XE" wanted internet access. I disconnected from the internet and denied it because the "3XE" extension seemed suspicious to me. ZoneAlarm shows a number of prgs.that have the same extension and they seem to be related to combofix. I wanted to check with you before I let my pc go back online.

ComboFix 11-10-09.01 - Compaq_Owner 10/09/2011 9:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.624 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\UpdatusUser\WINDOWS
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\125f52191ec10b9b.sys
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_125f52191ec10b9b
-------\Service_125f52191ec10b9b
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-06 03:45 . 2011-10-06 05:23 -------- d-----w- c:\program files\Terrorist Takedown - War in Columbia
2011-10-06 03:20 . 2011-10-06 03:22 -------- d-----w- c:\program files\ARM
2011-10-05 18:50 . 2011-10-05 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-05 18:50 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 16:55 . 2011-10-05 17:06 -------- d-----w- c:\documents and settings\Administrator
2011-10-05 15:17 . 2011-10-05 15:17 -------- d-----w- c:\program files\VideoLAN
2011-10-04 07:01 . 2011-10-04 07:01 -------- d-----w- c:\program files\7-Zip
2011-10-03 05:55 . 2011-10-03 05:55 -------- d-----w- c:\program files\Common Files\L&H
2011-10-03 05:55 . 2011-10-03 05:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-10-03 05:55 . 2011-10-03 05:55 -------- d-----w- c:\windows\SHELLNEW
2011-10-03 05:18 . 2011-10-03 05:18 -------- d-----r- C:\MSOCache
2011-10-02 19:45 . 2011-10-04 03:30 -------- d-----w- c:\program files\Call of Duty
2011-10-02 12:24 . 2011-10-02 12:24 -------- d-----w- c:\program files\Activision Value
2011-10-01 18:34 . 2011-10-01 18:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-10-01 09:39 . 2011-10-04 07:09 -------- d-----w- c:\program files\The Saboteur
2011-10-01 07:26 . 2011-10-01 07:26 -------- d-----w- c:\program files\SystemRequirementsLab
2011-10-01 07:26 . 2011-10-01 07:26 -------- d-----w- c:\windows\Sun
2011-10-01 07:10 . 2011-10-09 16:34 -------- d-----w- c:\documents and settings\UpdatusUser
2011-10-01 07:09 . 2011-05-21 13:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-01 07:08 . 2011-10-01 07:10 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-01 07:08 . 2011-10-01 07:10 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-01 07:08 . 2011-10-01 07:08 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-01 07:08 . 2011-10-01 07:09 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-01 06:54 . 2011-10-01 06:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-01 06:54 . 2011-10-01 06:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 04:50 . 2011-10-03 02:04 -------- d-----w- c:\program files\Max Payne 2 (WBB Edition)
2011-09-30 23:49 . 2011-09-30 23:51 -------- d-----w- c:\program files\Yahoo!
2011-09-30 06:04 . 2011-09-30 06:04 -------- d-----w- c:\program files\ESET
2011-09-30 06:01 . 2011-09-30 06:01 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-30 05:14 . 2011-09-30 05:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-30 03:03 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-09-30 03:00 . 2011-10-01 05:47 -------- d--h--w- c:\windows\msdownld.tmp
2011-09-30 03:00 . 2011-09-30 03:00 -------- d-----w- c:\windows\Logs
2011-09-30 02:55 . 2011-09-30 02:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-30 02:29 . 2011-09-30 02:31 -------- dc-h--w- c:\windows\ie8
2011-09-30 02:19 . 2011-09-30 02:19 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-30 02:19 . 2011-09-30 02:19 -------- d-----w- c:\program files\MSBuild
2011-09-30 02:19 . 2011-09-30 02:19 -------- d-----w- c:\program files\Reference Assemblies
2011-09-30 02:19 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-30 02:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-09-30 02:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-09-30 02:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-30 02:18 . 2011-09-30 02:19 -------- d-----w- C:\4f68f34a7c85c71966679c4ea4498ed1
2011-09-30 02:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\system32\scripting
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\l2schemas
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\system32\en
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\system32\bits
2011-09-30 00:44 . 2011-09-30 00:44 -------- d-----w- c:\windows\EHome
2011-09-30 00:20 . 2011-09-30 00:50 -------- d-----w- c:\windows\ServicePackFiles
2011-09-30 00:20 . 2011-09-30 00:20 -------- d-----w- c:\windows\Hewlett-Packard
2011-09-30 00:18 . 2011-09-30 00:18 -------- d-----w- c:\program files\MSXML 4.0
2011-09-30 00:15 . 2011-03-18 08:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-09-30 00:15 . 2011-03-18 08:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-09-30 00:15 . 2011-09-30 00:15 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-30 00:15 . 2011-03-18 08:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-30 00:12 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-09-29 23:59 . 2011-09-29 23:59 -------- d-----w- c:\program files\Zone Labs
2011-09-29 23:59 . 2011-10-09 16:36 -------- d-----w- c:\windows\Internet Logs
2011-09-29 23:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-09-29 23:49 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-29 23:47 . 2011-09-30 02:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 23:04 . 2003-12-11 18:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-09-29 23:04 . 2003-12-11 18:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-09-29 23:04 . 2003-12-11 18:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-09-29 23:04 . 2011-09-29 23:04 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-09-29 23:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-09-29 23:00 . 2004-02-26 06:18 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-09-29 23:00 . 2004-02-26 06:18 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-09-29 23:00 . 2004-02-26 06:18 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-09-29 23:00 . 2004-02-26 06:18 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-09-29 23:00 . 2004-02-26 06:18 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2011-09-29 23:00 . 2004-02-26 06:18 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2011-09-29 23:00 . 2009-08-27 05:41 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-29 23:00 . 2009-08-27 05:41 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-29 22:59 . 2004-02-26 06:17 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2011-09-29 22:59 . 2009-08-27 05:40 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-29 16:12 . 2011-10-09 16:34 -------- d-----w- c:\documents and settings\Compaq_Owner
2011-09-29 16:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-29 16:08 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-29 16:08 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-09-29 16:08 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-29 16:08 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-29 16:08 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-29 05:22 . 2011-09-30 05:24 -------- d-----r- c:\documents and settings\All Users\Documents
2011-09-29 05:18 . 2011-10-01 07:08 -------- d-sh--r- c:\windows\system32\dllcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 00:54 . 2011-09-30 00:54 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-09-30 00:54 . 2011-09-30 00:54 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-09-30 00:54 . 2011-09-30 00:54 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2011-09-30 00:54 . 2011-09-30 00:54 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2011-09-30 00:54 . 2011-09-30 00:54 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2011-09-30 00:54 . 2011-09-30 00:54 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2011-09-30 00:54 . 2011-09-30 00:54 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2011-09-30 00:54 . 2011-09-30 00:54 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2011-09-30 00:54 . 2011-09-30 00:54 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-04 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 06:53 . 2011-09-29 23:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]
.
c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/1/2011 12:09 AM 2214504]
S0 56102c3b403bbda8;56102c3b403bbda8;\SystemRoot\\SystemRoot\System32\Drivers\56102c3b403bbda8.sys --> \SystemRoot\\SystemRoot\System32\Drivers\56102c3b403bbda8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\kyagiu9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KB547127.exe - c:\documents and settings\Compaq_Owner\Application Data\KB547127.exe
HKLM-Run-PCDrProfiler - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\NOD7.tmp 0 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{A66242A1-9101-425D-9BE5-D19A50E1D0D8}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="000CB8784E855BFB"
"ScannerBuild"=dword:0000273f
"ScannerVersionId"=dword:0000196b
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000009
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system\hpsysdrv.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-10-09 09:49:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 16:49
.
Pre-Run: 142,535,495,680 bytes free
Post-Run: 143,163,580,416 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
.
- - End Of File - - 81935F72C4F3AF0B76702EAD63134D11

#6 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 10 October 2011 - 06:38 AM

Hi azelo!

Yes, that file was a ComboFix file but denying it access shouldn't be a problem.

Let's now:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\Drivers\56102c3b403bbda8.sys

Driver::
56102c3b403bbda8

Save this as CFScript.txt, on your Desktop.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Thanks.

DR

#7 azelo

azelo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 10 October 2011 - 06:46 PM

ok here is the 2nd ComboFix log.

ComboFix 11-10-09.01 - Compaq_Owner 10/10/2011 7:17.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.481 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\System32\Drivers\56102c3b403bbda8.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_56102c3b403bbda8
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-06 03:45 . 2011-10-10 02:05 -------- d-----w- c:\program files\Terrorist Takedown - War in Columbia
2011-10-06 03:20 . 2011-10-06 03:22 -------- d-----w- c:\program files\ARM
2011-10-05 16:55 . 2011-10-05 17:06 -------- d-----w- c:\documents and settings\Administrator
2011-10-05 15:17 . 2011-10-05 15:17 -------- d-----w- c:\program files\VideoLAN
2011-10-04 07:01 . 2011-10-04 07:01 -------- d-----w- c:\program files\7-Zip
2011-10-03 05:55 . 2011-10-03 05:55 -------- d-----w- c:\program files\Common Files\L&H
2011-10-03 05:55 . 2011-10-03 05:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-10-03 05:55 . 2011-10-03 05:55 -------- d-----w- c:\windows\SHELLNEW
2011-10-03 05:18 . 2011-10-03 05:18 -------- d-----r- C:\MSOCache
2011-10-02 19:45 . 2011-10-04 03:30 -------- d-----w- c:\program files\Call of Duty
2011-10-02 12:24 . 2011-10-02 12:24 -------- d-----w- c:\program files\Activision Value
2011-10-01 18:34 . 2011-10-01 18:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-10-01 09:39 . 2011-10-04 07:09 -------- d-----w- c:\program files\The Saboteur
2011-10-01 07:26 . 2011-10-01 07:26 -------- d-----w- c:\program files\SystemRequirementsLab
2011-10-01 07:26 . 2011-10-01 07:26 -------- d-----w- c:\windows\Sun
2011-10-01 07:10 . 2011-10-09 16:34 -------- d-----w- c:\documents and settings\UpdatusUser
2011-10-01 07:09 . 2011-05-21 13:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-01 07:08 . 2011-10-10 02:02 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-01 07:08 . 2011-10-10 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-01 07:08 . 2011-10-01 07:10 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-01 07:08 . 2011-10-01 07:09 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-01 06:54 . 2011-10-01 06:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-01 06:54 . 2011-10-01 06:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 04:50 . 2011-10-03 02:04 -------- d-----w- c:\program files\Max Payne 2 (WBB Edition)
2011-09-30 23:49 . 2011-09-30 23:51 -------- d-----w- c:\program files\Yahoo!
2011-09-30 06:04 . 2011-09-30 06:04 -------- d-----w- c:\program files\ESET
2011-09-30 06:01 . 2011-09-30 06:01 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-30 03:03 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-09-30 03:00 . 2011-10-01 05:47 -------- d--h--w- c:\windows\msdownld.tmp
2011-09-30 03:00 . 2011-09-30 03:00 -------- d-----w- c:\windows\Logs
2011-09-30 02:55 . 2011-09-30 02:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-30 02:29 . 2011-09-30 02:31 -------- dc-h--w- c:\windows\ie8
2011-09-30 02:19 . 2011-09-30 02:19 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-30 02:19 . 2011-09-30 02:19 -------- d-----w- c:\program files\MSBuild
2011-09-30 02:19 . 2011-09-30 02:19 -------- d-----w- c:\program files\Reference Assemblies
2011-09-30 02:19 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-30 02:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-09-30 02:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-09-30 02:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-30 02:18 . 2011-09-30 02:19 -------- d-----w- C:\4f68f34a7c85c71966679c4ea4498ed1
2011-09-30 02:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\system32\scripting
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\l2schemas
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\system32\en
2011-09-30 00:52 . 2011-09-30 00:52 -------- d-----w- c:\windows\system32\bits
2011-09-30 00:44 . 2011-09-30 00:44 -------- d-----w- c:\windows\EHome
2011-09-30 00:20 . 2011-09-30 00:50 -------- d-----w- c:\windows\ServicePackFiles
2011-09-30 00:20 . 2011-09-30 00:20 -------- d-----w- c:\windows\Hewlett-Packard
2011-09-30 00:18 . 2011-09-30 00:18 -------- d-----w- c:\program files\MSXML 4.0
2011-09-30 00:15 . 2011-03-18 08:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-09-30 00:15 . 2011-03-18 08:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-09-30 00:15 . 2011-09-30 00:15 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-30 00:15 . 2011-03-18 08:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-30 00:12 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-09-29 23:59 . 2011-09-29 23:59 -------- d-----w- c:\program files\Zone Labs
2011-09-29 23:59 . 2011-10-10 14:30 -------- d-----w- c:\windows\Internet Logs
2011-09-29 23:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-09-29 23:49 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-29 23:47 . 2011-09-30 02:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 23:04 . 2003-12-11 18:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-09-29 23:04 . 2003-12-11 18:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-09-29 23:04 . 2003-12-11 18:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-09-29 23:04 . 2011-09-29 23:04 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-09-29 23:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-09-29 23:00 . 2004-02-26 06:18 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-09-29 23:00 . 2004-02-26 06:18 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-09-29 23:00 . 2004-02-26 06:18 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-09-29 23:00 . 2004-02-26 06:18 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-09-29 23:00 . 2004-02-26 06:18 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2011-09-29 23:00 . 2004-02-26 06:18 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2011-09-29 23:00 . 2009-08-27 05:41 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-29 23:00 . 2009-08-27 05:41 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-29 22:59 . 2004-02-26 06:17 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2011-09-29 22:59 . 2009-08-27 05:40 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-29 16:12 . 2011-10-09 16:34 -------- d-----w- c:\documents and settings\Compaq_Owner
2011-09-29 16:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-29 16:08 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-29 16:08 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-09-29 16:08 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-29 16:08 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-29 16:08 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-29 05:22 . 2011-09-30 05:24 -------- d-----r- c:\documents and settings\All Users\Documents
2011-09-29 05:18 . 2011-10-01 07:08 -------- d-sh--r- c:\windows\system32\dllcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 00:54 . 2011-09-30 00:54 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-09-30 00:54 . 2011-09-30 00:54 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-09-30 00:54 . 2011-09-30 00:54 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2011-09-30 00:54 . 2011-09-30 00:54 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2011-09-30 00:54 . 2011-09-30 00:54 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2011-09-30 00:54 . 2011-09-30 00:54 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2011-09-30 00:54 . 2011-09-30 00:54 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2011-09-30 00:54 . 2011-09-30 00:54 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2011-09-30 00:54 . 2011-09-30 00:54 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-04 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 06:53 . 2011-09-29 23:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_16.36.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-10 14:28 . 2011-10-10 14:28 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat
+ 2011-10-10 13:50 . 2011-10-10 13:50 109056 c:\windows\Installer\48ecaec.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2011-10-10 22486]
.
c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/1/2011 12:09 AM 2214504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\kyagiu9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 07:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{A66242A1-9101-425D-9BE5-D19A50E1D0D8}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="000CB8784E855BFB"
"ScannerBuild"=dword:0000273f
"ScannerVersionId"=dword:0000196b
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000009
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2011-10-10 07:37:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 14:36
ComboFix2.txt 2011-10-09 16:49
.
Pre-Run: 144,856,485,888 bytes free
Post-Run: 144,821,231,616 bytes free
.
- - End Of File - - 8FD3487FE5162F73EED5EEA84DEADCC4

#8 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 11 October 2011 - 06:13 AM

Hi azelo! That looks good!

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial: How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!



Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • This page should check your installed version and determine if you need an update.
  • Look for "JDK 6 Update 27 (JDK or JRE)" (may not be necessary if it does it automatically).
  • Click the "Download JRE".
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u27-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Now I'd like you to scan your machine with your ESET

Please open ESET, update it with the latest definitions and run a scan.
When the scan completes, save the report to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


Thanks.

Dave

#9 azelo

azelo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 12 October 2011 - 06:48 PM

Hi Dave,
OK I did the updates that you suggested and I ran a full scan with Eset and it found one infection. I told Eset to delete it and it shows that it did but to be safe I deleted the whole file it was in and am currently running another scan.
FYI... drives F,G,H,I,J are just USB ports

ESETScan
Version of virus signature database: 6536 (20111012)
Date: 10/12/2011 Time: 5:40:57 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\;I:\Boot sector;I:\;J:\Boot sector;J:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\admin\Application Data\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\admin\Application Data\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\admin\Application Data\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\admin\Application Data\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\admin\Application Data\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Administrator\My Documents\Downloads\mbam-setup.exe » INNO » files.info - file is not an archive
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\kyagiu9g.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Desktop\cod\UO_2.iso » ISO » DEMO32.EXE - archive damaged
C:\Documents and Settings\Compaq_Owner\Desktop\cod1\COD1.iso » ISO » DEV_COD.EXE - probably a variant of Win32/Agent.FICVLEB trojan
C:\Documents and Settings\Compaq_Owner\Desktop\doom\Doom 3\base\pak003.pk4 » ZIP » sound/map_comm1.sndshd » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\AutoPlay\autorun.cdd » ZIP » _detect.dat - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\AutoPlay\autorun.cdd » ZIP » _proj.dat - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\AutoPlay\autorun.cdd » ZIP » _fonts.dat - error - password-protected file
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\Terrorist Takedown - Covert Ops\ops_install.exe » INNO » file3091.bin » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\Terrorist Takedown - Covert Ops\ops_install.exe » INNO » file3093.bin » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\Terrorist Takedown - Covert Ops\ops_install.exe » INNO » file3094.bin » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\Rar$EX38.904\antiterror\Terrorist Takedown - Covert Ops\ops_install.exe » INNO » file7604.bin » QUICKBATCH - error - unknown compression method
C:\Documents and Settings\Compaq_Owner\My Documents\antiterror.part1.rar » RAR » antiterror\Army Ranger Mogadishu\setup.exe » INNO - error - unknown compression method
C:\Documents and Settings\Compaq_Owner\My Documents\Doom 3.part1.rar » RAR » Doom 3\base\pak003.pk4 » ZIP » sound/levels/hell/st_thundersting_8s.ogg - archive damaged
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\monsterleech.eu_Old.Master-Call_Of_Duty_1-United_Offensive-ISO-CD2.rar » RAR » UO_2.iso - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\monsterleech.eu_Old.Master-Call_Of_Duty_I-ISO-CD2.rar » RAR » CoD2.iso - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Old.Master-Call_Of_Duty_1-United_Offensive-CRACK.rar » RAR » CoDUOSP.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Old.Master-Call_Of_Duty_1-United_Offensive-CRACK.rar » RAR » Install.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Old.Master-Call_Of_Duty_1-United_Offensive-CRACK.rar » RAR » Serials.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Old.Master-Call_Of_Duty_1-United_Offensive-ISO-CD1.rar » RAR » UO_1.iso - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Old.Master-Call_Of_Duty_2-ISO.part1.rar » RAR » - next archive volume not found
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Old.Master-Call_Of_Duty_I-ISO-CD1.rar » RAR » COD1.iso - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zaSetup_92_106_000_en.exe » WISE » Windows6.0-KB929547-v2-x64.msu » CAB » WSUSSCAN.cab - archive damaged - the file could not be extracted.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zaSetup_92_106_000_en.exe » WISE » Windows6.0-KB929547-v2-x64.msu » CAB » Windows6.0-KB929547-v2-x64.cab - archive damaged - the file could not be extracted.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zaSetup_92_106_000_en.exe » WISE » Windows6.0-KB929547-v2-x64.msu » CAB » Windows6.0-KB929547-v2-x64-pkgProperties.txt - archive damaged - the file could not be extracted.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zaSetup_92_106_000_en.exe » WISE » Windows6.0-KB929547-v2-x64.msu » CAB » Windows6.0-KB929547-v2-x64.xml - archive damaged - the file could not be extracted.
C:\hp\bin\Python-2.2.3.exe » WISE » visitor.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_01.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_02.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_03.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_04.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_05.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_06.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_07.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_08.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_09.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_10.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_11.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_12.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_13.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_14.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_15.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_16.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_17.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_18.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_20.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_21.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_22.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_23.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_24.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_25.txt » MBOX - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_26.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_27.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_28.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_29.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_30.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_31.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_34.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_35.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » whatsound.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » FrameViewer.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » MultiStatusBar.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » OutputWindow.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » Percolator.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » ScrolledList.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » SearchDialog.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » Separator.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » WidgetRedirector.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » WindowList.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » dutree.doc » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » double_const.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test___all__.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_bisect.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_bufio.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_cgi.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_compile.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_complex.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_contains.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_extcall.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_format.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_funcattrs.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_future3.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_gc.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_generators.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_gzip.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_httplib.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_import.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_linuxaudiodev.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_locale.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_long.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_long_future.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_marshal.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_mimetools.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_mmap.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_mutants.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_new.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_nis.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_profilehooks.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_pwd.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_regex.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_scope.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_string.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_struct.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_structseq.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_sunaudiodev.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_symtable.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_timing.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_tokenize.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_unpack.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_urllib2.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_wave.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » test_xreadline.py » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_01.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_02.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_03.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_04.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_05.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_06.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_07.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_08.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_09.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_10.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_11.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_12.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_13.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_14.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_15.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_16.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_17.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_18.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_20.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_21.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_22.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python-2.2.3.exe » WISE » msg_23.txt » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561401.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\OFFICE11\1033\VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Quicken\certs\f73e89fd.0 » MIME - is OK (internal scanning not performed)
C:\Program Files\WildTangent\compaq\onplay.exe » NSIS » oemeula.exe » NSIS - unsupported option
C:\Python22\Lib\compiler\visitor.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_01.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_02.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_03.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_04.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_05.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_06.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_07.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_08.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_09.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_10.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_11.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_12.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_13.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_14.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_15.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_16.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_17.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_18.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_20.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_21.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_22.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_23.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_24.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_25.txt » MBOX - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_26.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_27.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_28.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_29.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_30.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_31.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_34.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\email\test\data\msg_35.txt » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\lib-old\whatsound.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\pythonwin\pywin\debugger\configui.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\pythonwin\pywin\dialogs\list.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\pythonwin\pywin\framework\editor\configui.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\pythonwin\pywin\scintilla\configui.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32\Demos\security\query_information.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32\test\test_win32inet.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32com\test\testADOEvents.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32com\test\testIterators.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32com\test\testStorage.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32com\test\testWMI.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32comext\adsi\demos\search.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32comext\shell\demos\shellexecuteex.py » MIME - is OK (internal scanning not performed)
C:\Python22\Lib\site-packages\win32comext\shell\test\testShellFolder.py » MIME - is OK (internal scanning not performed)
C:\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Sun\Java\jre1.6.0_27\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP13\A0006608.rbf » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP18\A0009694.exe » NSIS » installed-chrome.txt » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011178.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011178.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011178.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011178.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011178.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011181.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011181.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011181.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011181.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0011181.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP25\A0011958.exe » NSIS - unsupported option
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP25\A0011960.exe » NSIS - unsupported option
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP25\A0012124.exe » NSIS - unpack error
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP25\A0012175.EXE » NSIS - unpack error
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP25\A0012208.exe » NSIS - unpack error
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP39\A0015999.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP39\A0016102.rbf » MIME - is OK (internal scanning not performed)
C:\WINDOWS\I386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
D:\Games\doom\Doom 3.part1.rar » RAR » Doom 3\base\pak003.pk4 » ZIP » sound/levels/hell/st_thundersting_8s.ogg - archive damaged
D:\Games\iron\Iron.Storm.Portable.part1.rar » RAR » Iron.Storm.Portable\Movies\XX0CINE002.4xm - next archive volume not found
D:\Games\max\NO_MP2.part1.rar » RAR » Max Payne 2\setup.exe - next archive volume not found
D:\Games\sniper\0624_sgw.part1.rar » RAR » - next archive volume not found
D:\Work Space\crackers\CForce\redircheck.txt » MIME - is OK (internal scanning not performed)
D:\Work Space\Proxies\ProxyFire.Master.Suite.Professional.v1.23.Incl.Keygen-NGEN\proxyfire.xpi » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
D:\Work Space\proxy list\combos 2\All-079.txt » MIME - is OK (internal scanning not performed)
D:\Work Space\proxy list\combos 2\ccbill7.txt » MIME - is OK (internal scanning not performed)
D:\Work Space\proxy list\login info\SN\sn login data good.txt » MIME - is OK (internal scanning not performed)
D:\Work Space\proxy list\passwords\common password list.txt » MIME - is OK (internal scanning not performed)
E:\I386\APPS\APP02106\src\IE\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTML.DLL - next archive volume not found
E:\I386\APPS\APP02106\src\IE\IE_S1.CAB » CAB » IE_1.CAB » CAB » MSHTML.TLB - next archive volume not found
E:\I386\APPS\APP27260\src\DISK1\Data1.cab » CAB » f73e89fd.0 » MIME - is OK (internal scanning not performed)
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\alienoutbreak2-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\alienoutbreak2-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\ancientsudoku-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\ancientsudoku-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bejeweled2deluxe-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bejeweled2deluxe-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bigkahunareef-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bigkahunareef-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blackhawkstriker2-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blackhawkstriker2-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blackhawkstriker2-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blasterball2drm3-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blasterball2drm3-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blasterball2drm3-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blasterball2remix-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blasterball2remix-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\blasterball2remix-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bookwormdeluxe-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bookwormdeluxe-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bounce-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bounce-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\bounce-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\chuzzledeluxe-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\chuzzledeluxe-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\dinerdash-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\dinerdash-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\fairies-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\fairies-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\familyfeud-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\familyfeud-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\fate-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\fate-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\fate-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\flipwords-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\flipwords-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\insaniquariumdeluxe-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\insaniquariumdeluxe-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\jewelquest-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\jewelquest-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\mahjongquest-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\mahjongquest-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\mysterycasefiles-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\mysterycasefiles-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\pokersuperstars-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\pokersuperstars-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\polarbowler-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\polarbowler-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\polarbowler-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\polargolfer-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\polargolfer-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\polargolfer-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\ricochetlostworlds-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\ricochetlostworlds-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\scrabble-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\scrabble-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\SetupTornadoJockey.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\SetupTornadoJockey.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\slingodeluxe-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\slingodeluxe-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\snowythebearsadventure-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\snowythebearsadventure-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\supergranny-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\supergranny-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\supergranny-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\tennistitans-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\tennistitans-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\tradewinds-setup.exe » NSIS » Webd4_1_1Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\tradewinds-setup.exe » NSIS » DRM0302Setup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\games\tradewinds-setup.exe » NSIS » WireControlSetup.exe » NSIS - unsupported option
E:\I386\APPS\APP27847\src\install\Worldwide-Compaq\progfiles\compaq\onplay.exe » NSIS » oemeula.exe » NSIS - unsupported option
E:\I386\DRV\APP12813\src\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht » MIME - is OK (internal scanning not performed)
E:\I386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
F:\ - error opening [4]
G:\ - error opening [4]
H:\ - error opening [4]
I:\ - error opening [4]
J:\ - error opening [4]
C:\Documents and Settings\Compaq_Owner\Desktop\cod1\COD1.iso » ISO » DEV_COD.EXE - probably a variant of Win32/Agent.FICVLEB trojan
Number of scanned objects: 706901
Number of threats found: 1
Number of cleaned objects: 1
Time of completion: 4:28:25 PM Total scanning time: 38848 sec (10:47:28)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

Edited by azelo, 12 October 2011 - 06:56 PM.


#10 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 13 October 2011 - 07:54 AM

OK azelo, things look good! :thumbsup:

Click Start>Run on the taskbar and then type Combofix /uninstall.
This should start ComboFix running and uninstall it.



Please read the following, in order to prevent reinfecting your PC:

1.Install and update the following programs regularly:
  • an outbound firewall
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • an Anti-Spyware program
    Malware Byte's Anti Malware
    is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. The commercial version provides automatic updating.
  • MVPs hosts file
    A tutorial for MVPs hosts file can be found here. For more information on the hosts file, and what it can do for you, please consult the Tutorial on the Hosts file
2.Keep Windows (and your other Microsoft software) up to date!
This is EXTREMELY important. Holes are often found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

3.Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure.

4.Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead.



Safe surfing! :thumbup2:

DR

#11 azelo

azelo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 13 October 2011 - 03:43 PM

Dave,
Thank you so much. I could of never done this without your help and guidance. :thumbsup: To anybody needing help. You have come to the right place, BUT you must be patient . It took 2 or 3 days after I asked for help to get a response, but I know these guys and gals that are helping everyone are swamped and they can only do one at a time. I don't know of any other place that will help you like they do here. You won't have multiple people telling you different things. You will get one person that will walk you through every step,answer any question and will stay with you until your pc is clean. Try going to your local pc store and see how much their help will be. :woot:
Thanks again Dave

#12 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 13 October 2011 - 07:42 PM

Thanks for the good words! :thumbsup:

And there is so much more than just virus removal here.

DR

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 14 October 2011 - 07:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users