Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Undetectable Rootkit/spyware/virus


  • Please log in to reply
1 reply to this topic

#1 petri dish

petri dish

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 17 January 2008 - 06:03 PM

System: Windows XP SP2 + WINDOWS 98 SE (DUAL BOOT)

Fire wall: 1)COMODO Pro 3.0.13.268(uninstalled and replaced with avasts firewall)
2)AVAST(CHANGED ON THE 14TH-01-08)

Host guard: 1)WinPatrol PLUS v 12.2.2007.0:12.2.2007.0
2)HostsXpert

Anti virus: 1)Avast 4.7 home edition(updated)(REPLACED AVG ON 14-01-08)
2)Windows Defender Version: 1.1.1593.0(not updating to the last update)
Engine Version: 1.1.3007.0
Definition Version: 1.23.4241.0
Product ID: 81664-520-9293041-04832
3) AVG HOME EDITION 7.5(recently removed)

Anti spyware: 1)Spyereaser (updated,but not recognised by Comodo earlier)(UNINSTALLED)
2)SpywareBlaster 3.5.1
3)Super anti-spyware version 3,9,0,1008(updated)
4)PC TOOLS THREAT FIRE.

Online scanners: 1)windows live onecare
2)bitdefender online scan
3)house call (trend micro)
4)ESET'S online scan
5)Kaspersky online scan

Registry cleaner: Registry booster2(not recognised by Comodo)(UNINSTALLED)

Temp file cleaner:1)speed up my pc 3(UNINSTALLED)
2)cc cleaner
3)atf cleaner
4)easy cleaner
5)tracks eraser pro

Anti Root kits: 1)UNHACKME(thought was too risky to use without supervision,
(most of them never the less have it just in case u wanna use it)
are removed) 2)sophos
3)avg
4)Fsecure
5)Macafee
6)rootkit revealer
7)bitdefender rootkit
8)panda rootkit
9)rootkit un hooker
10)HELIOS
11)root kit hook analyzer

ROOTKIT HOOK ANALYZER DETECTS THE FOLLOWING 6 ENTRIES:

MODULE NAME - ADDRESS - SIZE

1. SASKUTIL.SYS - F8991000 - 49152
2. SASDIFSV.SYS - F8B79000 - 28672
3. dump_atapi.sys - EFF77000 - 98304
4. dump_WMILIB.SYS - F8D47000 - 8192
5. mchlnjDrv.sys - F8E43000 - 4096
6. SASENUM.SYS - F8B29000 - 20480

PATH : ???
PRODUCT:???
COMPANY:???
DESCRIPTION:???


GENRAL ISSUES:

1. WINDOWS UPDATE, DEFENDER,MICROSOFT UPDATE,DRIVER UPDATE DOESNT WORK
WINDOWS DEFENDER UPDATE ERROR:
Error found: Code 0x80072ee2.

2.ALWAYS SUSPECTED A KEYLOGGER INFECTION AS THERE IS A DOT NEXT TO MY CURSOR,OR CURSOR BLINKS VIGOURSLY.
ALSO ADMINISTRATOR WASNT INFECTED BEFORE I LOGGED IN FOR THE FIRST TIME,SO TRIED
INSTALLING TRENDMICRO TRANSACTION GUARD AND COMPUTER CRASHED/REBOOTED WITH A BLUE SCREEN.
P.S: HAVE SAVED
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERe701.dir00\mINI011708-01.dmp
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERe701.dir00\sysdata.xml
WHICH WERE INCLUDED IN THE ERROR REPORT ,BUT I UNDERSTAND NO ONE READS BINARY ANY MORE SO
AM NOT POSTING THEM :blink:.WILL DO SO ONLY ON REQUEST

3.ALSO WHILE MAILING OR MESSAGING/SCRAPPING ON SOCIAL NETWORKING SITES ,A DOT PLACED BEFORE/AFTER
A WORD TURNS INTO A LINK (FORTUNATELY DONT USE ANY CHAT PROGRAMS)

4.ALL UNIBLUE PRODUCTS WERE DETECTED BY THREATFIRE AS LOGGING KEY STROKES ,SO HAVE UNINSTALLED THEM ALL FOR NOW.
ALSO SPY ERASER UNCHECKS THE BLOCKLIST PROVIDED BY SPY BLASTER

5.AVAST ALSO DETECTED TWO VIRUSES 15-01-08 NAMELY a)WIN32:CTX
b)Win32:Rbot-ENT[TRJ]
......BUT WERE REMOVED

6.P.C. TAKES A VERY LONG TIME TO START UP,ALSO GRAPHICS IN SAFEMODE ARE EXPLODED TO THE MAXIMUM SIZE,WITH MINIMUM
COLOUR SETTINGS.AND SOME HOW I HAVE A FEELING ITS HAS SOMETHING TO DO WITH INFECTED DRIVERS,BECAUSE MY SOUND WASNT WORKING,
AND THE LATEST DRIVERS DOWNLOADED FROM REALTEK CANNOT INSTALL.
SO UNINSTALLED THE DRIVER. AND SET THE SETTING TO INSTALL ONLY SIGNED DRIVERS . HOWEVER THE ORIGNAL DRIVERS STILL DONT
INSTALL.HAVENT REMOVED\UNINSTALLED DISPLAY DRIVERS ,WILL DO SO ON REQUEST

7.THREE TEMPORARY FILES WHICH CCLEANER CANNOT DELETE AND ONLY MARKS FOR DELETION
a)Document settings\Administrator\LocalSettings\History\History.IE5\index.dat
b)Document settings\Administrator\LocalSettings\TemporaryInternetFiles\Content.IE5\index.dat
c)Document settings\History\History.IE5\MSHist 012008011720080118\index.dat

8.TWO ISSUES ARE REPEATEDLY FOUND BY CCLEANER:
PROBLEM - DATA - REGISTRY KEY
Missing MUI Refrence - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SSUPDATE.EXE - HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Refrence - d:\docume~1\admini~1\locals~1\temp\TFUD.exe - HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

9.ALSO CANT COPY WHILE COPY PASTING,AND EVEN GUI'S LIKE KASPERSKY'S SUBMIT FILES SCREEN, CANNOT SIMPLY SELECT ANY OF THE
OPTIONS. ALSO ERRORS WHILE MOVING MOUSE OR SELECTING.

10.REPEATED REGISTRY ERRORS ON SYSTEM REBOOT(LIVE ONE CARE ONLINE SCANNER)

11. ALSO GET A RAM BEEP,DURING VIRUS SCANS ,ETC WHICH I THINK REFERS TO A BUFFER OVERFLOW

12.WASNT ABLE TO LOG INTO MY MSN/HOTMAIL ACCOUNTS ,HOWEVER THAT SEEMS TO BE RESOLVED FOR NOW.

P.S: 13. also a an odd tmp/temporary file appears at times during disk cleanup on D: drive,which stalls the cleanup process,
and nothing happens until you hit cancle . it has a odd ASCI symbol which looks like a capital A with a bar on top ,and
two standing rectangles on either sides . have taken a screen shot ,could upload it after a virus total scan on request.



THANX , AND HAPPY VIRUS HUNTING :thumbsup:.


LOGS:

NOTE:LATEST HJT (FRM TREND SECURE), COMBOFIX AND SMITFRAUD FIX (BLEEPING COMPUTERS)WERE USED ,AND RESPECTIVE
QUARENTINES/FOLDERS HAVE BEEN DELETED SINCE
___________________________________________________________________________________________________________________
TREND MICRO HOUSE CALL FOUND THE FOLLOWING TWO VUNERABLITIES
1.MS07-064
2.MS07-069
HAVE APPLIED THE NECESSARY PATCHES AN REINSTALLED THE LATEST DIRECTX TOO. BUT HAVENT TAKEN THE SCAN AGAIN.
___________________________________________________________________________________________________________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:42 AM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ThreatFire\TFService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Microsoft IntelliType Pro\itype.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [itype] "d:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "d:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Task Catcher] D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer = 203.94.227.70,203.94.243.70
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe

--
End of file - 5099 bytes
_____________________________________________________________________________________________
ComboFix 08-01-17.5 - Administrator 2008-01-17 17:20:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.277 [GMT 5.5:30]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 17:19 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Program Files\Windows Live
2008-01-16 23:44 . 2008-01-16 23:48 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 19:17 . 2008-01-16 19:17 <DIR> d-------- D:\Documents and Settings\Administrator\SecurityScans
2008-01-16 19:11 . 2008-01-16 19:11 <DIR> d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-16 17:18 . 2007-10-30 04:13 1,287,680 -----c--- D:\WINDOWS\system32\dllcache\quartz.dll
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Program Files\ThreatFire
2008-01-15 14:32 . 2008-01-17 17:32 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-15 14:32 . 2007-12-20 11:24 52,032 --a------ D:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-15 14:32 . 2007-12-20 11:24 41,792 --a------ D:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 33,600 --a------ D:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 12,608 --a------ D:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-15 05:05 . 2007-10-10 03:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-14 17:36 . 2005-06-21 16:43 163,840 --a------ D:\WINDOWS\system32\igfxres.dll
2008-01-14 13:18 . 2008-01-16 15:31 <DIR> d-------- D:\Program Files\Uniblue
2008-01-14 13:18 . 2008-01-14 13:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-14 13:18 . 2008-01-14 14:21 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-13 22:10 . 2008-01-13 23:05 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Facebook
2008-01-13 22:02 . 2008-01-13 22:02 <DIR> d-------- D:\Program Files\Dargan Development
2008-01-12 17:39 . 2008-01-16 15:24 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 17:37 . 2008-01-12 17:37 <DIR> d-------- D:\Program Files\Windows Defender
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 10:51 . 2007-12-04 20:21 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 10:51 . 2007-12-04 20:19 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 10:51 . 2007-12-04 20:23 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 10:50 . 2008-01-11 10:50 <DIR> d-------- D:\Program Files\Alwil Software
2008-01-11 10:50 . 2007-12-04 18:34 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-01-11 10:50 . 2004-01-09 14:43 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-01-11 10:50 . 2007-12-04 18:24 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-01-11 10:50 . 2007-12-04 20:25 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 10:50 . 2007-12-04 20:26 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 15:07 . 2008-01-05 15:07 326 --a------ D:\WINDOWS\wininit.ini
2007-12-23 13:42 . 2007-11-24 09:45 139,008 --a------ D:\WINDOWS\system32\guard32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:17 --------- d-----w D:\Program Files\RootKit Hook Analyzer
2008-01-16 09:55 --------- d-----w D:\Program Files\SpywareBlaster
2008-01-12 12:09 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 08:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 06:11 --------- d-----w D:\Program Files\Sophos
2008-01-11 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Comodo
2007-12-31 11:15 --------- d-----w D:\Program Files\Common Files\Real
2007-12-21 01:34 --------- d-----w D:\Program Files\Windows Live Safety Center
2007-12-16 12:33 --------- d-----w D:\Program Files\VirusTotalUploader
2007-12-15 12:14 --------- d-----w D:\Program Files\epson
2007-12-15 12:03 --------- d-----w D:\Program Files\Paint.NET
2007-12-09 15:38 --------- d-----w D:\Documents and Settings\Administrator\Application Data\EPSON
2007-12-09 01:13 --------- d-----w D:\Program Files\CCleaner
2007-12-08 13:21 --------- d-----w D:\Program Files\Lavalys
2007-12-08 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-08 11:13 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-08 11:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2007-12-08 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-12-08 07:49 --------- d-----w D:\Program Files\Common Files\Canon
2007-11-29 16:26 --------- d-----w D:\Program Files\Photo Story 3 for Windows
2007-11-27 19:05 --------- d-----w D:\Program Files\FLV Player
2007-11-26 10:08 --------- d-----w D:\Program Files\EsetOnlineScanner
2007-11-26 06:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 22:29 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-19 16:06 --------- d-----w D:\Program Files\Real
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 21:36 292152]
"itype"="d:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 05:38 813912]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:20 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 13:41 132496]
"IntelliPoint"="d:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 04:22 849280]
"Task Catcher"="D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe" [2005-11-15 01:35 136760]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"ThreatFire"="D:\Program Files\ThreatFire\TFTray.exe" [2007-12-20 11:13 1238336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R0 phooks;phooks;D:\WINDOWS\system32\drivers\phooks.sys [2007-10-11 01:06]
R0 TfFsMon;TfFsMon;D:\WINDOWS\system32\drivers\TfFsMon.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;D:\WINDOWS\system32\drivers\TfSysMon.sys [2007-12-20 11:24]
R2 dmsmbios;dmsmbios;D:\WINDOWS\System32\dmsmbios.sys [2000-05-03 07:42]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:26]
R2 ThreatFire;ThreatFire;D:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;D:\WINDOWS\system32\drivers\TfNetMon.sys [2007-12-20 11:13]
S1 vcdrom;Virtual CD-ROM Device Driver;F:\inst\games\AGE OF MYTHOLOGY + THE TITANS EXPANSION DVD\Age of Mythology + The Titans Expansion DVD.iso [2007-09-17 07:28]
S3 06d11;06d11;D:\WINDOWS\system32\06d11.sys [2007-10-10 02:37]
S3 1f32;1f32;D:\WINDOWS\system32\1f32.sys [2007-10-11 01:03]
S3 5b42;5b42;D:\WINDOWS\system32\5b42.sys [2007-10-18 10:12]
S3 ca317;ca317;D:\WINDOWS\system32\ca317.sys [2007-10-10 00:22]
S3 f3a3;f3a3;D:\WINDOWS\system32\f3a3.sys [2007-10-10 15:08]
S3 f4a1B;f4a1B;D:\WINDOWS\system32\f4a1B.sys [2007-12-14 01:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\390.tmp []
S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 17:40:49 D:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- d:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-17 12:02:09 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-15 09:10:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:32:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 17:39:44 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-17 12:05:53
.
2007-11-11 15:11:30 --- E O F ---
_________________________________________________________________________________________________
COMBOFIX (SAFE MODE):

ComboFix 08-01-17.5 - Administrator 2008-01-17 18:03:15.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.327 [GMT 5.5:30]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 17:46 . 2008-01-17 17:47 2,450 --a------ D:\WINDOWS\system32\tmp.reg
2008-01-17 17:19 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Program Files\Windows Live
2008-01-16 23:44 . 2008-01-16 23:48 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 19:17 . 2008-01-16 19:17 <DIR> d-------- D:\Documents and Settings\Administrator\SecurityScans
2008-01-16 19:11 . 2008-01-16 19:11 <DIR> d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-16 17:18 . 2007-10-30 04:13 1,287,680 -----c--- D:\WINDOWS\system32\dllcache\quartz.dll
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Program Files\ThreatFire
2008-01-15 14:32 . 2008-01-17 18:13 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-15 14:32 . 2007-12-20 11:24 52,032 --a------ D:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-15 14:32 . 2007-12-20 11:24 41,792 --a------ D:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 33,600 --a------ D:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 12,608 --a------ D:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-15 05:05 . 2007-10-10 03:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-14 17:36 . 2005-06-21 16:43 163,840 --a------ D:\WINDOWS\system32\igfxres.dll
2008-01-14 13:18 . 2008-01-16 15:31 <DIR> d-------- D:\Program Files\Uniblue
2008-01-14 13:18 . 2008-01-14 13:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-14 13:18 . 2008-01-14 14:21 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-13 22:10 . 2008-01-13 23:05 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Facebook
2008-01-13 22:02 . 2008-01-13 22:02 <DIR> d-------- D:\Program Files\Dargan Development
2008-01-12 17:39 . 2008-01-16 15:24 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 17:37 . 2008-01-12 17:37 <DIR> d-------- D:\Program Files\Windows Defender
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 10:51 . 2007-12-04 20:21 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 10:51 . 2007-12-04 20:19 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 10:51 . 2007-12-04 20:23 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 10:50 . 2008-01-11 10:50 <DIR> d-------- D:\Program Files\Alwil Software
2008-01-11 10:50 . 2007-12-04 18:34 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-01-11 10:50 . 2004-01-09 14:43 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-01-11 10:50 . 2007-12-04 18:24 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-01-11 10:50 . 2007-12-04 20:25 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 10:50 . 2007-12-04 20:26 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 15:07 . 2008-01-05 15:07 326 --a------ D:\WINDOWS\wininit.ini
2007-12-23 13:42 . 2007-11-24 09:45 139,008 --a------ D:\WINDOWS\system32\guard32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:17 --------- d-----w D:\Program Files\RootKit Hook Analyzer
2008-01-16 09:55 --------- d-----w D:\Program Files\SpywareBlaster
2008-01-12 12:09 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 08:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 06:11 --------- d-----w D:\Program Files\Sophos
2008-01-11 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Comodo
2007-12-31 11:15 --------- d-----w D:\Program Files\Common Files\Real
2007-12-21 01:34 --------- d-----w D:\Program Files\Windows Live Safety Center
2007-12-16 12:33 --------- d-----w D:\Program Files\VirusTotalUploader
2007-12-15 12:14 --------- d-----w D:\Program Files\epson
2007-12-15 12:03 --------- d-----w D:\Program Files\Paint.NET
2007-12-09 15:38 --------- d-----w D:\Documents and Settings\Administrator\Application Data\EPSON
2007-12-09 01:13 --------- d-----w D:\Program Files\CCleaner
2007-12-08 13:21 --------- d-----w D:\Program Files\Lavalys
2007-12-08 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-08 11:13 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-08 11:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2007-12-08 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-12-08 07:49 --------- d-----w D:\Program Files\Common Files\Canon
2007-11-29 16:26 --------- d-----w D:\Program Files\Photo Story 3 for Windows
2007-11-27 19:05 --------- d-----w D:\Program Files\FLV Player
2007-11-26 10:08 --------- d-----w D:\Program Files\EsetOnlineScanner
2007-11-26 06:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 22:29 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-19 16:06 --------- d-----w D:\Program Files\Real
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_17.34.36.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 12:03:16 214,494 ----a-w D:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-17 12:41:03 214,485 ----a-w D:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-12-03 19:30:42 136,704 ----a-w D:\WINDOWS\system32\swsc.exe
+ 2000-08-31 02:30:00 136,704 ----a-w D:\WINDOWS\system32\swsc.exe
- 2006-11-30 23:50:32 212,480 ----a-w D:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 02:30:00 212,480 ----a-w D:\WINDOWS\system32\swxcacls.exe
+ 2008-01-17 12:40:45 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_34c.dat
+ 2008-01-17 12:41:01 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 21:36 292152]
"itype"="d:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 05:38 813912]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:20 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 13:41 132496]
"IntelliPoint"="d:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 04:22 849280]
"Task Catcher"="D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe" [2005-11-15 01:35 136760]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"ThreatFire"="D:\Program Files\ThreatFire\TFTray.exe" [2007-12-20 11:13 1238336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R0 phooks;phooks;D:\WINDOWS\system32\drivers\phooks.sys [2007-10-11 01:06]
R0 TfFsMon;TfFsMon;D:\WINDOWS\system32\drivers\TfFsMon.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;D:\WINDOWS\system32\drivers\TfSysMon.sys [2007-12-20 11:24]
R2 dmsmbios;dmsmbios;D:\WINDOWS\System32\dmsmbios.sys [2000-05-03 07:42]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:26]
R2 ThreatFire;ThreatFire;D:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;D:\WINDOWS\system32\drivers\TfNetMon.sys [2007-12-20 11:13]
S1 vcdrom;Virtual CD-ROM Device Driver;F:\inst\games\AGE OF MYTHOLOGY + THE TITANS EXPANSION DVD\Age of Mythology + The Titans Expansion DVD.iso [2007-09-17 07:28]
S3 06d11;06d11;D:\WINDOWS\system32\06d11.sys [2007-10-10 02:37]
S3 1f32;1f32;D:\WINDOWS\system32\1f32.sys [2007-10-11 01:03]
S3 5b42;5b42;D:\WINDOWS\system32\5b42.sys [2007-10-18 10:12]
S3 ca317;ca317;D:\WINDOWS\system32\ca317.sys [2007-10-10 00:22]
S3 f3a3;f3a3;D:\WINDOWS\system32\f3a3.sys [2007-10-10 15:08]
S3 f4a1B;f4a1B;D:\WINDOWS\system32\f4a1B.sys [2007-12-14 01:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\390.tmp []
S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 17:40:49 D:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- d:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-17 12:43:43 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-15 09:10:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 18:13:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 18:17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 12:47:06
ComboFix2.txt 2008-01-17 12:09:45
.
2007-11-11 15:11:30 --- E O F ---
_________________________________________________________________________________________________

SmitFraudFix v2.274

Scan done at 17:47:07.14, Thu 01/17/2008
Run from D:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix.exe by S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer=203.94.227.70,203.94.243.70
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer=203.94.227.70,203.94.243.70


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

__________________________________________________________________________________________________
LOST THE COMPLETE SCAN LOG , BUT HERES ONE OF THE CRITICAL AREAS FOR A START : )



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-17 17:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/01/2008
Kaspersky Anti-Virus database records: 513742
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
D:\WINDOWS
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 20594
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:17:46

Infected Object Name / Virus Name / Last Action
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{56D1DA21-EE33-404B-A540-264DCC4BD54C}.bin Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_400.dat Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped
D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79D7.tmp Object is locked skipped
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79DE.tmp Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:21 AM

Posted 04 February 2008 - 11:40 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users