24.04.2019
Winpatrol 12.2.2007.0 WORK serial key or number
Winpatrol 12.2.2007.0 WORK serial key or number
Undetectable Rootkit/spyware/virus
System: Windows XP SP2 + WINDOWS 98 SE (DUAL BOOT)
Fire wall: 1)COMODO Pro 3.0.13.268(uninstalled and replaced with avasts firewall)
2)AVAST(CHANGED ON THE 14TH-01-08)
Host guard: 1)WinPatrol PLUS v 12.2.2007.0:12.2.2007.0
2)HostsXpert
Anti virus: 1)Avast 4.7 home edition(updated)(REPLACED AVG ON 14-01-08)
2)Windows Defender Version: 1.1.1593.0(not updating to the last update)
Engine Version: 1.1.3007.0
Definition Version: 1.23.4241.0
Product ID: 81664-520-9293041-04832
3) AVG HOME EDITION 7.5(recently removed)
Anti spyware: 1)Spyereaser (updated,but not recognised by Comodo earlier)(UNINSTALLED)
2)SpywareBlaster 3.5.1
3)Super anti-spyware version 3,9,0,1008(updated)
4)PC TOOLS THREAT FIRE.
Online scanners: 1)windows live onecare
2)bitdefender online scan
3)house call (trend micro)
4)ESET'S online scan
5)Kaspersky online scan
Registry cleaner: Registry booster2(not recognised by Comodo)(UNINSTALLED)
Temp file cleaner:1)speed up my pc 3(UNINSTALLED)
2)cc cleaner
3)atf cleaner
4)easy cleaner
5)tracks eraser pro
Anti Root kits: 1)UNHACKME(thought was too risky to use without supervision,
(most of them never the less have it just in case u wanna use it)
are removed) 2)sophos
3)avg
4)Fsecure
5)Macafee
6)rootkit revealer
7)bitdefender rootkit
8)panda rootkit
9)rootkit un hooker
10)HELIOS
11)root kit hook analyzer
ROOTKIT HOOK ANALYZER DETECTS THE FOLLOWING 6 ENTRIES:
MODULE NAME - ADDRESS - SIZE
1. SASKUTIL.SYS - F8991000 - 49152
2. SASDIFSV.SYS - F8B79000 - 28672
3. dump_atapi.sys - EFF77000 - 98304
4. dump_WMILIB.SYS - F8D47000 - 8192
5. mchlnjDrv.sys - F8E43000 - 4096
6. SASENUM.SYS - F8B29000 - 20480
PATH : ???
PRODUCT:???
COMPANY:???
DESCRIPTION:???
GENRAL ISSUES:
1. WINDOWS UPDATE, DEFENDER,MICROSOFT UPDATE,DRIVER UPDATE DOESNT WORK
WINDOWS DEFENDER UPDATE ERROR:
Error found: Code 0x80072ee2.
2.ALWAYS SUSPECTED A KEYLOGGER INFECTION AS THERE IS A DOT NEXT TO MY CURSOR,OR CURSOR BLINKS VIGOURSLY.
ALSO ADMINISTRATOR WASNT INFECTED BEFORE I LOGGED IN FOR THE FIRST TIME,SO TRIED
INSTALLING TRENDMICRO TRANSACTION GUARD AND COMPUTER CRASHED/REBOOTED WITH A BLUE SCREEN.
P.S: HAVE SAVED
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERe701.dir00\mINI011708-01.dmp
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERe701.dir00\sysdata.xml
WHICH WERE INCLUDED IN THE ERROR REPORT ,BUT I UNDERSTAND NO ONE READS BINARY ANY MORE SO
AM NOT POSTING THEM
.WILL DO SO ONLY ON REQUEST
3.ALSO WHILE MAILING OR MESSAGING/SCRAPPING ON SOCIAL NETWORKING SITES ,A DOT PLACED BEFORE/AFTER
A WORD TURNS INTO A LINK (FORTUNATELY DONT USE ANY CHAT PROGRAMS)
4.ALL UNIBLUE PRODUCTS WERE DETECTED BY THREATFIRE AS LOGGING KEY STROKES ,SO HAVE UNINSTALLED THEM ALL FOR NOW.
ALSO SPY ERASER UNCHECKS THE BLOCKLIST PROVIDED BY SPY BLASTER
5.AVAST ALSO DETECTED TWO VIRUSES 15-01-08 NAMELY a)WIN32:CTX
b)Win32:Rbot-ENT[TRJ]
......BUT WERE REMOVED
6.P.C. TAKES A VERY LONG TIME TO START UP,ALSO GRAPHICS IN SAFEMODE ARE EXPLODED TO THE MAXIMUM SIZE,WITH MINIMUM
COLOUR SETTINGS.AND SOME HOW I HAVE A FEELING ITS HAS SOMETHING TO DO WITH INFECTED DRIVERS,BECAUSE MY SOUND WASNT WORKING,
AND THE LATEST DRIVERS DOWNLOADED FROM REALTEK CANNOT INSTALL.
SO UNINSTALLED THE DRIVER. AND SET THE SETTING TO INSTALL ONLY SIGNED DRIVERS . HOWEVER THE ORIGNAL DRIVERS STILL DONT
INSTALL.HAVENT REMOVED\UNINSTALLED DISPLAY DRIVERS ,WILL DO SO ON REQUEST
7.THREE TEMPORARY FILES WHICH CCLEANER CANNOT DELETE AND ONLY MARKS FOR DELETION
a)Document settings\Administrator\LocalSettings\History\History.IE5\index.dat
b)Document settings\Administrator\LocalSettings\TemporaryInternetFiles\Content.IE5\index.dat
c)Document settings\History\History.IE5\MSHist 012008011720080118\index.dat
8.TWO ISSUES ARE REPEATEDLY FOUND BY CCLEANER:
PROBLEM - DATA - REGISTRY KEY
Missing MUI Refrence - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SSUPDATE.EXE - HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Refrence - d:\docume~1\admini~1\locals~1\temp\TFUD.exe - HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
9.ALSO CANT COPY WHILE COPY PASTING,AND EVEN GUI'S LIKE KASPERSKY'S SUBMIT FILES SCREEN, CANNOT SIMPLY SELECT ANY OF THE
OPTIONS. ALSO ERRORS WHILE MOVING MOUSE OR SELECTING.
10.REPEATED REGISTRY ERRORS ON SYSTEM REBOOT(LIVE ONE CARE ONLINE SCANNER)
11. ALSO GET A RAM BEEP,DURING VIRUS SCANS ,ETC WHICH I THINK REFERS TO A BUFFER OVERFLOW
12.WASNT ABLE TO LOG INTO MY MSN/HOTMAIL ACCOUNTS ,HOWEVER THAT SEEMS TO BE RESOLVED FOR NOW.
P.S: 13. also a an odd tmp/temporary file appears at times during disk cleanup on D: drive,which stalls the cleanup process,
and nothing happens until you hit cancle . it has a odd ASCI symbol which looks like a capital A with a bar on top ,and
two standing rectangles on either sides . have taken a screen shot ,could upload it after a virus total scan on request.
THANX , AND HAPPY VIRUS HUNTING
.
LOGS:
NOTE:LATEST HJT (FRM TREND SECURE), COMBOFIX AND SMITFRAUD FIX (BLEEPING COMPUTERS)WERE USED ,AND RESPECTIVE
QUARENTINES/FOLDERS HAVE BEEN DELETED SINCE
___________________________________________________________________________________________________________________
TREND MICRO HOUSE CALL FOUND THE FOLLOWING TWO VUNERABLITIES
1.MS07-064
2.MS07-069
HAVE APPLIED THE NECESSARY PATCHES AN REINSTALLED THE LATEST DIRECTX TOO. BUT HAVENT TAKEN THE SCAN AGAIN.
___________________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:42 AM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ThreatFire\TFService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Microsoft IntelliType Pro\itype.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [itype] "d:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "d:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Task Catcher] D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer = 203.94.227.70,203.94.243.70
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
--
End of file - 5099 bytes
_____________________________________________________________________________________________
ComboFix 08-01-17.5 - Administrator 2008-01-17 17:20:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.277 [GMT 5.5:30]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-17 17:19 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Program Files\Windows Live
2008-01-16 23:44 . 2008-01-16 23:48 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 19:17 . 2008-01-16 19:17 <DIR> d-------- D:\Documents and Settings\Administrator\SecurityScans
2008-01-16 19:11 . 2008-01-16 19:11 <DIR> d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-16 17:18 . 2007-10-30 04:13 1,287,680 -----c--- D:\WINDOWS\system32\dllcache\quartz.dll
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Program Files\ThreatFire
2008-01-15 14:32 . 2008-01-17 17:32 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-15 14:32 . 2007-12-20 11:24 52,032 --a------ D:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-15 14:32 . 2007-12-20 11:24 41,792 --a------ D:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 33,600 --a------ D:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 12,608 --a------ D:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-15 05:05 . 2007-10-10 03:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-14 17:36 . 2005-06-21 16:43 163,840 --a------ D:\WINDOWS\system32\igfxres.dll
2008-01-14 13:18 . 2008-01-16 15:31 <DIR> d-------- D:\Program Files\Uniblue
2008-01-14 13:18 . 2008-01-14 13:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-14 13:18 . 2008-01-14 14:21 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-13 22:10 . 2008-01-13 23:05 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Facebook
2008-01-13 22:02 . 2008-01-13 22:02 <DIR> d-------- D:\Program Files\Dargan Development
2008-01-12 17:39 . 2008-01-16 15:24 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 17:37 . 2008-01-12 17:37 <DIR> d-------- D:\Program Files\Windows Defender
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 10:51 . 2007-12-04 20:21 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 10:51 . 2007-12-04 20:19 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 10:51 . 2007-12-04 20:23 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 10:50 . 2008-01-11 10:50 <DIR> d-------- D:\Program Files\Alwil Software
2008-01-11 10:50 . 2007-12-04 18:34 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-01-11 10:50 . 2004-01-09 14:43 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-01-11 10:50 . 2007-12-04 18:24 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-01-11 10:50 . 2007-12-04 20:25 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 10:50 . 2007-12-04 20:26 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 15:07 . 2008-01-05 15:07 326 --a------ D:\WINDOWS\wininit.ini
2007-12-23 13:42 . 2007-11-24 09:45 139,008 --a------ D:\WINDOWS\system32\guard32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:17 --------- d-----w D:\Program Files\RootKit Hook Analyzer
2008-01-16 09:55 --------- d-----w D:\Program Files\SpywareBlaster
2008-01-12 12:09 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 08:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 06:11 --------- d-----w D:\Program Files\Sophos
2008-01-11 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Comodo
2007-12-31 11:15 --------- d-----w D:\Program Files\Common Files\Real
2007-12-21 01:34 --------- d-----w D:\Program Files\Windows Live Safety Center
2007-12-16 12:33 --------- d-----w D:\Program Files\VirusTotalUploader
2007-12-15 12:14 --------- d-----w D:\Program Files\epson
2007-12-15 12:03 --------- d-----w D:\Program Files\Paint.NET
2007-12-09 15:38 --------- d-----w D:\Documents and Settings\Administrator\Application Data\EPSON
2007-12-09 01:13 --------- d-----w D:\Program Files\CCleaner
2007-12-08 13:21 --------- d-----w D:\Program Files\Lavalys
2007-12-08 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-08 11:13 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-08 11:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2007-12-08 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-12-08 07:49 --------- d-----w D:\Program Files\Common Files\Canon
2007-11-29 16:26 --------- d-----w D:\Program Files\Photo Story 3 for Windows
2007-11-27 19:05 --------- d-----w D:\Program Files\FLV Player
2007-11-26 10:08 --------- d-----w D:\Program Files\EsetOnlineScanner
2007-11-26 06:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 22:29 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-19 16:06 --------- d-----w D:\Program Files\Real
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 21:36 292152]
"itype"="d:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 05:38 813912]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:20 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 13:41 132496]
"IntelliPoint"="d:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 04:22 849280]
"Task Catcher"="D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe" [2005-11-15 01:35 136760]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"ThreatFire"="D:\Program Files\ThreatFire\TFTray.exe" [2007-12-20 11:13 1238336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
R0 phooks;phooks;D:\WINDOWS\system32\drivers\phooks.sys [2007-10-11 01:06]
R0 TfFsMon;TfFsMon;D:\WINDOWS\system32\drivers\TfFsMon.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;D:\WINDOWS\system32\drivers\TfSysMon.sys [2007-12-20 11:24]
R2 dmsmbios;dmsmbios;D:\WINDOWS\System32\dmsmbios.sys [2000-05-03 07:42]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:26]
R2 ThreatFire;ThreatFire;D:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;D:\WINDOWS\system32\drivers\TfNetMon.sys [2007-12-20 11:13]
S1 vcdrom;Virtual CD-ROM Device Driver;F:\inst\games\AGE OF MYTHOLOGY + THE TITANS EXPANSION DVD\Age of Mythology + The Titans Expansion DVD.iso [2007-09-17 07:28]
S3 06d11;06d11;D:\WINDOWS\system32\06d11.sys [2007-10-10 02:37]
S3 1f32;1f32;D:\WINDOWS\system32\1f32.sys [2007-10-11 01:03]
S3 5b42;5b42;D:\WINDOWS\system32\5b42.sys [2007-10-18 10:12]
S3 ca317;ca317;D:\WINDOWS\system32\ca317.sys [2007-10-10 00:22]
S3 f3a3;f3a3;D:\WINDOWS\system32\f3a3.sys [2007-10-10 15:08]
S3 f4a1B;f4a1B;D:\WINDOWS\system32\f4a1B.sys [2007-12-14 01:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\390.tmp []
S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 17:40:49 D:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- d:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-17 12:02:09 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-15 09:10:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:32:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 17:39:44 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-17 12:05:53
.
2007-11-11 15:11:30 --- E O F ---
_________________________________________________________________________________________________
COMBOFIX (SAFE MODE):
ComboFix 08-01-17.5 - Administrator 2008-01-17 18:03:15.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.327 [GMT 5.5:30]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-17 17:46 . 2008-01-17 17:47 2,450 --a------ D:\WINDOWS\system32\tmp.reg
2008-01-17 17:19 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Program Files\Windows Live
2008-01-16 23:44 . 2008-01-16 23:48 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 19:17 . 2008-01-16 19:17 <DIR> d-------- D:\Documents and Settings\Administrator\SecurityScans
2008-01-16 19:11 . 2008-01-16 19:11 <DIR> d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-16 17:18 . 2007-10-30 04:13 1,287,680 -----c--- D:\WINDOWS\system32\dllcache\quartz.dll
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Program Files\ThreatFire
2008-01-15 14:32 . 2008-01-17 18:13 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-15 14:32 . 2007-12-20 11:24 52,032 --a------ D:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-15 14:32 . 2007-12-20 11:24 41,792 --a------ D:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 33,600 --a------ D:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 12,608 --a------ D:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-15 05:05 . 2007-10-10 03:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-14 17:36 . 2005-06-21 16:43 163,840 --a------ D:\WINDOWS\system32\igfxres.dll
2008-01-14 13:18 . 2008-01-16 15:31 <DIR> d-------- D:\Program Files\Uniblue
2008-01-14 13:18 . 2008-01-14 13:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-14 13:18 . 2008-01-14 14:21 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-13 22:10 . 2008-01-13 23:05 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Facebook
2008-01-13 22:02 . 2008-01-13 22:02 <DIR> d-------- D:\Program Files\Dargan Development
2008-01-12 17:39 . 2008-01-16 15:24 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 17:37 . 2008-01-12 17:37 <DIR> d-------- D:\Program Files\Windows Defender
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 10:51 . 2007-12-04 20:21 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 10:51 . 2007-12-04 20:19 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 10:51 . 2007-12-04 20:23 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 10:50 . 2008-01-11 10:50 <DIR> d-------- D:\Program Files\Alwil Software
2008-01-11 10:50 . 2007-12-04 18:34 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-01-11 10:50 . 2004-01-09 14:43 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-01-11 10:50 . 2007-12-04 18:24 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-01-11 10:50 . 2007-12-04 20:25 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 10:50 . 2007-12-04 20:26 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 15:07 . 2008-01-05 15:07 326 --a------ D:\WINDOWS\wininit.ini
2007-12-23 13:42 . 2007-11-24 09:45 139,008 --a------ D:\WINDOWS\system32\guard32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:17 --------- d-----w D:\Program Files\RootKit Hook Analyzer
2008-01-16 09:55 --------- d-----w D:\Program Files\SpywareBlaster
2008-01-12 12:09 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 08:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 06:11 --------- d-----w D:\Program Files\Sophos
2008-01-11 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Comodo
2007-12-31 11:15 --------- d-----w D:\Program Files\Common Files\Real
2007-12-21 01:34 --------- d-----w D:\Program Files\Windows Live Safety Center
2007-12-16 12:33 --------- d-----w D:\Program Files\VirusTotalUploader
2007-12-15 12:14 --------- d-----w D:\Program Files\epson
2007-12-15 12:03 --------- d-----w D:\Program Files\Paint.NET
2007-12-09 15:38 --------- d-----w D:\Documents and Settings\Administrator\Application Data\EPSON
2007-12-09 01:13 --------- d-----w D:\Program Files\CCleaner
2007-12-08 13:21 --------- d-----w D:\Program Files\Lavalys
2007-12-08 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-08 11:13 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-08 11:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2007-12-08 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-12-08 07:49 --------- d-----w D:\Program Files\Common Files\Canon
2007-11-29 16:26 --------- d-----w D:\Program Files\Photo Story 3 for Windows
2007-11-27 19:05 --------- d-----w D:\Program Files\FLV Player
2007-11-26 10:08 --------- d-----w D:\Program Files\EsetOnlineScanner
2007-11-26 06:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 22:29 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-19 16:06 --------- d-----w D:\Program Files\Real
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_17.34.36.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 12:03:16 214,494 ----a-w D:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-17 12:41:03 214,485 ----a-w D:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-12-03 19:30:42 136,704 ----a-w D:\WINDOWS\system32\swsc.exe
+ 2000-08-31 02:30:00 136,704 ----a-w D:\WINDOWS\system32\swsc.exe
- 2006-11-30 23:50:32 212,480 ----a-w D:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 02:30:00 212,480 ----a-w D:\WINDOWS\system32\swxcacls.exe
+ 2008-01-17 12:40:45 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_34c.dat
+ 2008-01-17 12:41:01 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 21:36 292152]
"itype"="d:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 05:38 813912]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:20 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 13:41 132496]
"IntelliPoint"="d:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 04:22 849280]
"Task Catcher"="D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe" [2005-11-15 01:35 136760]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"ThreatFire"="D:\Program Files\ThreatFire\TFTray.exe" [2007-12-20 11:13 1238336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
R0 phooks;phooks;D:\WINDOWS\system32\drivers\phooks.sys [2007-10-11 01:06]
R0 TfFsMon;TfFsMon;D:\WINDOWS\system32\drivers\TfFsMon.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;D:\WINDOWS\system32\drivers\TfSysMon.sys [2007-12-20 11:24]
R2 dmsmbios;dmsmbios;D:\WINDOWS\System32\dmsmbios.sys [2000-05-03 07:42]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:26]
R2 ThreatFire;ThreatFire;D:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;D:\WINDOWS\system32\drivers\TfNetMon.sys [2007-12-20 11:13]
S1 vcdrom;Virtual CD-ROM Device Driver;F:\inst\games\AGE OF MYTHOLOGY + THE TITANS EXPANSION DVD\Age of Mythology + The Titans Expansion DVD.iso [2007-09-17 07:28]
S3 06d11;06d11;D:\WINDOWS\system32\06d11.sys [2007-10-10 02:37]
S3 1f32;1f32;D:\WINDOWS\system32\1f32.sys [2007-10-11 01:03]
S3 5b42;5b42;D:\WINDOWS\system32\5b42.sys [2007-10-18 10:12]
S3 ca317;ca317;D:\WINDOWS\system32\ca317.sys [2007-10-10 00:22]
S3 f3a3;f3a3;D:\WINDOWS\system32\f3a3.sys [2007-10-10 15:08]
S3 f4a1B;f4a1B;D:\WINDOWS\system32\f4a1B.sys [2007-12-14 01:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\390.tmp []
S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 17:40:49 D:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- d:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-17 12:43:43 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-15 09:10:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 18:13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 18:17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 12:47:06
ComboFix2.txt 2008-01-17 12:09:45
.
2007-11-11 15:11:30 --- E O F ---
_________________________________________________________________________________________________
SmitFraudFix v2.274
Scan done at 17:47:07.14, Thu 01/17/2008
Run from D:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer=203.94.227.70,203.94.243.70
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer=203.94.227.70,203.94.243.70
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
__________________________________________________________________________________________________
LOST THE COMPLETE SCAN LOG , BUT HERES ONE OF THE CRITICAL AREAS FOR A START : )
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-17 17:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/01/2008
Kaspersky Anti-Virus database records: 513742
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
D:\WINDOWS
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Scan Statistics:
Total number of scanned objects: 20594
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:17:46
Infected Object Name / Virus Name / Last Action
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{56D1DA21-EE33-404B-A540-264DCC4BD54C}.bin Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_400.dat Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped
D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79D7.tmp Object is locked skipped
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79DE.tmp Object is locked skipped
Scan process completed.
Источник: [https://torrent-igruha.org/3551-portal.html]Fire wall: 1)COMODO Pro 3.0.13.268(uninstalled and replaced with avasts firewall)
2)AVAST(CHANGED ON THE 14TH-01-08)
Host guard: 1)WinPatrol PLUS v 12.2.2007.0:12.2.2007.0
2)HostsXpert
Anti virus: 1)Avast 4.7 home edition(updated)(REPLACED AVG ON 14-01-08)
2)Windows Defender Version: 1.1.1593.0(not updating to the last update)
Engine Version: 1.1.3007.0
Definition Version: 1.23.4241.0
Product ID: 81664-520-9293041-04832
3) AVG HOME EDITION 7.5(recently removed)
Anti spyware: 1)Spyereaser (updated,but not recognised by Comodo earlier)(UNINSTALLED)
2)SpywareBlaster 3.5.1
3)Super anti-spyware version 3,9,0,1008(updated)
4)PC TOOLS THREAT FIRE.
Online scanners: 1)windows live onecare
2)bitdefender online scan
3)house call (trend micro)
4)ESET'S online scan
5)Kaspersky online scan
Registry cleaner: Registry booster2(not recognised by Comodo)(UNINSTALLED)
Temp file cleaner:1)speed up my pc 3(UNINSTALLED)
2)cc cleaner
3)atf cleaner
4)easy cleaner
5)tracks eraser pro
Anti Root kits: 1)UNHACKME(thought was too risky to use without supervision,
(most of them never the less have it just in case u wanna use it)
are removed) 2)sophos
3)avg
4)Fsecure
5)Macafee
6)rootkit revealer
7)bitdefender rootkit
8)panda rootkit
9)rootkit un hooker
10)HELIOS
11)root kit hook analyzer
ROOTKIT HOOK ANALYZER DETECTS THE FOLLOWING 6 ENTRIES:
MODULE NAME - ADDRESS - SIZE
1. SASKUTIL.SYS - F8991000 - 49152
2. SASDIFSV.SYS - F8B79000 - 28672
3. dump_atapi.sys - EFF77000 - 98304
4. dump_WMILIB.SYS - F8D47000 - 8192
5. mchlnjDrv.sys - F8E43000 - 4096
6. SASENUM.SYS - F8B29000 - 20480
PATH : ???
PRODUCT:???
COMPANY:???
DESCRIPTION:???
GENRAL ISSUES:
1. WINDOWS UPDATE, DEFENDER,MICROSOFT UPDATE,DRIVER UPDATE DOESNT WORK
WINDOWS DEFENDER UPDATE ERROR:
Error found: Code 0x80072ee2.
2.ALWAYS SUSPECTED A KEYLOGGER INFECTION AS THERE IS A DOT NEXT TO MY CURSOR,OR CURSOR BLINKS VIGOURSLY.
ALSO ADMINISTRATOR WASNT INFECTED BEFORE I LOGGED IN FOR THE FIRST TIME,SO TRIED
INSTALLING TRENDMICRO TRANSACTION GUARD AND COMPUTER CRASHED/REBOOTED WITH A BLUE SCREEN.
P.S: HAVE SAVED
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERe701.dir00\mINI011708-01.dmp
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERe701.dir00\sysdata.xml
WHICH WERE INCLUDED IN THE ERROR REPORT ,BUT I UNDERSTAND NO ONE READS BINARY ANY MORE SO
AM NOT POSTING THEM
.WILL DO SO ONLY ON REQUEST3.ALSO WHILE MAILING OR MESSAGING/SCRAPPING ON SOCIAL NETWORKING SITES ,A DOT PLACED BEFORE/AFTER
A WORD TURNS INTO A LINK (FORTUNATELY DONT USE ANY CHAT PROGRAMS)
4.ALL UNIBLUE PRODUCTS WERE DETECTED BY THREATFIRE AS LOGGING KEY STROKES ,SO HAVE UNINSTALLED THEM ALL FOR NOW.
ALSO SPY ERASER UNCHECKS THE BLOCKLIST PROVIDED BY SPY BLASTER
5.AVAST ALSO DETECTED TWO VIRUSES 15-01-08 NAMELY a)WIN32:CTX
b)Win32:Rbot-ENT[TRJ]
......BUT WERE REMOVED
6.P.C. TAKES A VERY LONG TIME TO START UP,ALSO GRAPHICS IN SAFEMODE ARE EXPLODED TO THE MAXIMUM SIZE,WITH MINIMUM
COLOUR SETTINGS.AND SOME HOW I HAVE A FEELING ITS HAS SOMETHING TO DO WITH INFECTED DRIVERS,BECAUSE MY SOUND WASNT WORKING,
AND THE LATEST DRIVERS DOWNLOADED FROM REALTEK CANNOT INSTALL.
SO UNINSTALLED THE DRIVER. AND SET THE SETTING TO INSTALL ONLY SIGNED DRIVERS . HOWEVER THE ORIGNAL DRIVERS STILL DONT
INSTALL.HAVENT REMOVED\UNINSTALLED DISPLAY DRIVERS ,WILL DO SO ON REQUEST
7.THREE TEMPORARY FILES WHICH CCLEANER CANNOT DELETE AND ONLY MARKS FOR DELETION
a)Document settings\Administrator\LocalSettings\History\History.IE5\index.dat
b)Document settings\Administrator\LocalSettings\TemporaryInternetFiles\Content.IE5\index.dat
c)Document settings\History\History.IE5\MSHist 012008011720080118\index.dat
8.TWO ISSUES ARE REPEATEDLY FOUND BY CCLEANER:
PROBLEM - DATA - REGISTRY KEY
Missing MUI Refrence - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SSUPDATE.EXE - HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Refrence - d:\docume~1\admini~1\locals~1\temp\TFUD.exe - HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
9.ALSO CANT COPY WHILE COPY PASTING,AND EVEN GUI'S LIKE KASPERSKY'S SUBMIT FILES SCREEN, CANNOT SIMPLY SELECT ANY OF THE
OPTIONS. ALSO ERRORS WHILE MOVING MOUSE OR SELECTING.
10.REPEATED REGISTRY ERRORS ON SYSTEM REBOOT(LIVE ONE CARE ONLINE SCANNER)
11. ALSO GET A RAM BEEP,DURING VIRUS SCANS ,ETC WHICH I THINK REFERS TO A BUFFER OVERFLOW
12.WASNT ABLE TO LOG INTO MY MSN/HOTMAIL ACCOUNTS ,HOWEVER THAT SEEMS TO BE RESOLVED FOR NOW.
P.S: 13. also a an odd tmp/temporary file appears at times during disk cleanup on D: drive,which stalls the cleanup process,
and nothing happens until you hit cancle . it has a odd ASCI symbol which looks like a capital A with a bar on top ,and
two standing rectangles on either sides . have taken a screen shot ,could upload it after a virus total scan on request.
THANX , AND HAPPY VIRUS HUNTING
.LOGS:
NOTE:LATEST HJT (FRM TREND SECURE), COMBOFIX AND SMITFRAUD FIX (BLEEPING COMPUTERS)WERE USED ,AND RESPECTIVE
QUARENTINES/FOLDERS HAVE BEEN DELETED SINCE
___________________________________________________________________________________________________________________
TREND MICRO HOUSE CALL FOUND THE FOLLOWING TWO VUNERABLITIES
1.MS07-064
2.MS07-069
HAVE APPLIED THE NECESSARY PATCHES AN REINSTALLED THE LATEST DIRECTX TOO. BUT HAVENT TAKEN THE SCAN AGAIN.
___________________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:42 AM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ThreatFire\TFService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Microsoft IntelliType Pro\itype.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [itype] "d:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "d:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Task Catcher] D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer = 203.94.227.70,203.94.243.70
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
--
End of file - 5099 bytes
_____________________________________________________________________________________________
ComboFix 08-01-17.5 - Administrator 2008-01-17 17:20:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.277 [GMT 5.5:30]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-17 17:19 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Program Files\Windows Live
2008-01-16 23:44 . 2008-01-16 23:48 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 19:17 . 2008-01-16 19:17 <DIR> d-------- D:\Documents and Settings\Administrator\SecurityScans
2008-01-16 19:11 . 2008-01-16 19:11 <DIR> d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-16 17:18 . 2007-10-30 04:13 1,287,680 -----c--- D:\WINDOWS\system32\dllcache\quartz.dll
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Program Files\ThreatFire
2008-01-15 14:32 . 2008-01-17 17:32 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-15 14:32 . 2007-12-20 11:24 52,032 --a------ D:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-15 14:32 . 2007-12-20 11:24 41,792 --a------ D:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 33,600 --a------ D:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 12,608 --a------ D:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-15 05:05 . 2007-10-10 03:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-14 17:36 . 2005-06-21 16:43 163,840 --a------ D:\WINDOWS\system32\igfxres.dll
2008-01-14 13:18 . 2008-01-16 15:31 <DIR> d-------- D:\Program Files\Uniblue
2008-01-14 13:18 . 2008-01-14 13:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-14 13:18 . 2008-01-14 14:21 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-13 22:10 . 2008-01-13 23:05 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Facebook
2008-01-13 22:02 . 2008-01-13 22:02 <DIR> d-------- D:\Program Files\Dargan Development
2008-01-12 17:39 . 2008-01-16 15:24 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 17:37 . 2008-01-12 17:37 <DIR> d-------- D:\Program Files\Windows Defender
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 10:51 . 2007-12-04 20:21 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 10:51 . 2007-12-04 20:19 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 10:51 . 2007-12-04 20:23 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 10:50 . 2008-01-11 10:50 <DIR> d-------- D:\Program Files\Alwil Software
2008-01-11 10:50 . 2007-12-04 18:34 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-01-11 10:50 . 2004-01-09 14:43 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-01-11 10:50 . 2007-12-04 18:24 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-01-11 10:50 . 2007-12-04 20:25 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 10:50 . 2007-12-04 20:26 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 15:07 . 2008-01-05 15:07 326 --a------ D:\WINDOWS\wininit.ini
2007-12-23 13:42 . 2007-11-24 09:45 139,008 --a------ D:\WINDOWS\system32\guard32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:17 --------- d-----w D:\Program Files\RootKit Hook Analyzer
2008-01-16 09:55 --------- d-----w D:\Program Files\SpywareBlaster
2008-01-12 12:09 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 08:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 06:11 --------- d-----w D:\Program Files\Sophos
2008-01-11 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Comodo
2007-12-31 11:15 --------- d-----w D:\Program Files\Common Files\Real
2007-12-21 01:34 --------- d-----w D:\Program Files\Windows Live Safety Center
2007-12-16 12:33 --------- d-----w D:\Program Files\VirusTotalUploader
2007-12-15 12:14 --------- d-----w D:\Program Files\epson
2007-12-15 12:03 --------- d-----w D:\Program Files\Paint.NET
2007-12-09 15:38 --------- d-----w D:\Documents and Settings\Administrator\Application Data\EPSON
2007-12-09 01:13 --------- d-----w D:\Program Files\CCleaner
2007-12-08 13:21 --------- d-----w D:\Program Files\Lavalys
2007-12-08 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-08 11:13 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-08 11:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2007-12-08 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-12-08 07:49 --------- d-----w D:\Program Files\Common Files\Canon
2007-11-29 16:26 --------- d-----w D:\Program Files\Photo Story 3 for Windows
2007-11-27 19:05 --------- d-----w D:\Program Files\FLV Player
2007-11-26 10:08 --------- d-----w D:\Program Files\EsetOnlineScanner
2007-11-26 06:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 22:29 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-19 16:06 --------- d-----w D:\Program Files\Real
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 21:36 292152]
"itype"="d:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 05:38 813912]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:20 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 13:41 132496]
"IntelliPoint"="d:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 04:22 849280]
"Task Catcher"="D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe" [2005-11-15 01:35 136760]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"ThreatFire"="D:\Program Files\ThreatFire\TFTray.exe" [2007-12-20 11:13 1238336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
R0 phooks;phooks;D:\WINDOWS\system32\drivers\phooks.sys [2007-10-11 01:06]
R0 TfFsMon;TfFsMon;D:\WINDOWS\system32\drivers\TfFsMon.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;D:\WINDOWS\system32\drivers\TfSysMon.sys [2007-12-20 11:24]
R2 dmsmbios;dmsmbios;D:\WINDOWS\System32\dmsmbios.sys [2000-05-03 07:42]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:26]
R2 ThreatFire;ThreatFire;D:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;D:\WINDOWS\system32\drivers\TfNetMon.sys [2007-12-20 11:13]
S1 vcdrom;Virtual CD-ROM Device Driver;F:\inst\games\AGE OF MYTHOLOGY + THE TITANS EXPANSION DVD\Age of Mythology + The Titans Expansion DVD.iso [2007-09-17 07:28]
S3 06d11;06d11;D:\WINDOWS\system32\06d11.sys [2007-10-10 02:37]
S3 1f32;1f32;D:\WINDOWS\system32\1f32.sys [2007-10-11 01:03]
S3 5b42;5b42;D:\WINDOWS\system32\5b42.sys [2007-10-18 10:12]
S3 ca317;ca317;D:\WINDOWS\system32\ca317.sys [2007-10-10 00:22]
S3 f3a3;f3a3;D:\WINDOWS\system32\f3a3.sys [2007-10-10 15:08]
S3 f4a1B;f4a1B;D:\WINDOWS\system32\f4a1B.sys [2007-12-14 01:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\390.tmp []
S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 17:40:49 D:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- d:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-17 12:02:09 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-15 09:10:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:32:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 17:39:44 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-17 12:05:53
.
2007-11-11 15:11:30 --- E O F ---
_________________________________________________________________________________________________
COMBOFIX (SAFE MODE):
ComboFix 08-01-17.5 - Administrator 2008-01-17 18:03:15.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.327 [GMT 5.5:30]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-17 17:46 . 2008-01-17 17:47 2,450 --a------ D:\WINDOWS\system32\tmp.reg
2008-01-17 17:19 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Program Files\Windows Live
2008-01-16 23:44 . 2008-01-16 23:48 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:44 . 2008-01-16 23:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 19:17 . 2008-01-16 19:17 <DIR> d-------- D:\Documents and Settings\Administrator\SecurityScans
2008-01-16 19:11 . 2008-01-16 19:11 <DIR> d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-16 17:18 . 2007-10-30 04:13 1,287,680 -----c--- D:\WINDOWS\system32\dllcache\quartz.dll
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Program Files\ThreatFire
2008-01-15 14:32 . 2008-01-17 18:13 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 14:32 . 2008-01-15 14:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-15 14:32 . 2007-12-20 11:24 52,032 --a------ D:\WINDOWS\system32\drivers\TfFsMon.sys
2008-01-15 14:32 . 2007-12-20 11:24 41,792 --a------ D:\WINDOWS\system32\drivers\TfSysMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 33,600 --a------ D:\WINDOWS\system32\drivers\TfNetMon.sys
2008-01-15 14:32 . 2007-12-20 11:13 12,608 --a------ D:\WINDOWS\system32\drivers\TfKbMon.sys
2008-01-15 05:05 . 2007-10-10 03:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-14 17:36 . 2005-06-21 16:43 163,840 --a------ D:\WINDOWS\system32\igfxres.dll
2008-01-14 13:18 . 2008-01-16 15:31 <DIR> d-------- D:\Program Files\Uniblue
2008-01-14 13:18 . 2008-01-14 13:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-14 13:18 . 2008-01-14 14:21 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-13 22:10 . 2008-01-13 23:05 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Facebook
2008-01-13 22:02 . 2008-01-13 22:02 <DIR> d-------- D:\Program Files\Dargan Development
2008-01-12 17:39 . 2008-01-16 15:24 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 17:39 . 2008-01-12 17:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 17:37 . 2008-01-12 17:37 <DIR> d-------- D:\Program Files\Windows Defender
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 10:51 . 2007-12-04 20:21 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 10:51 . 2007-12-04 20:19 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 10:51 . 2007-12-04 20:23 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 10:50 . 2008-01-11 10:50 <DIR> d-------- D:\Program Files\Alwil Software
2008-01-11 10:50 . 2007-12-04 18:34 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-01-11 10:50 . 2004-01-09 14:43 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-01-11 10:50 . 2007-12-04 18:24 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-01-11 10:50 . 2007-12-04 20:25 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 10:50 . 2007-12-04 20:26 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 15:07 . 2008-01-05 15:07 326 --a------ D:\WINDOWS\wininit.ini
2007-12-23 13:42 . 2007-11-24 09:45 139,008 --a------ D:\WINDOWS\system32\guard32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:17 --------- d-----w D:\Program Files\RootKit Hook Analyzer
2008-01-16 09:55 --------- d-----w D:\Program Files\SpywareBlaster
2008-01-12 12:09 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 08:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 06:11 --------- d-----w D:\Program Files\Sophos
2008-01-11 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Comodo
2007-12-31 11:15 --------- d-----w D:\Program Files\Common Files\Real
2007-12-21 01:34 --------- d-----w D:\Program Files\Windows Live Safety Center
2007-12-16 12:33 --------- d-----w D:\Program Files\VirusTotalUploader
2007-12-15 12:14 --------- d-----w D:\Program Files\epson
2007-12-15 12:03 --------- d-----w D:\Program Files\Paint.NET
2007-12-09 15:38 --------- d-----w D:\Documents and Settings\Administrator\Application Data\EPSON
2007-12-09 01:13 --------- d-----w D:\Program Files\CCleaner
2007-12-08 13:21 --------- d-----w D:\Program Files\Lavalys
2007-12-08 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-08 11:13 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-08 11:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2007-12-08 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-12-08 07:49 --------- d-----w D:\Program Files\Common Files\Canon
2007-11-29 16:26 --------- d-----w D:\Program Files\Photo Story 3 for Windows
2007-11-27 19:05 --------- d-----w D:\Program Files\FLV Player
2007-11-26 10:08 --------- d-----w D:\Program Files\EsetOnlineScanner
2007-11-26 06:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 22:29 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-19 16:06 --------- d-----w D:\Program Files\Real
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_17.34.36.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 12:03:16 214,494 ----a-w D:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-17 12:41:03 214,485 ----a-w D:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-12-03 19:30:42 136,704 ----a-w D:\WINDOWS\system32\swsc.exe
+ 2000-08-31 02:30:00 136,704 ----a-w D:\WINDOWS\system32\swsc.exe
- 2006-11-30 23:50:32 212,480 ----a-w D:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 02:30:00 212,480 ----a-w D:\WINDOWS\system32\swxcacls.exe
+ 2008-01-17 12:40:45 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_34c.dat
+ 2008-01-17 12:41:01 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 21:36 292152]
"itype"="d:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 05:38 813912]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:20 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 13:41 132496]
"IntelliPoint"="d:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 04:22 849280]
"Task Catcher"="D:\Program Files\BillP Studios\Task Catcher\tasktrap.exe" [2005-11-15 01:35 136760]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"ThreatFire"="D:\Program Files\ThreatFire\TFTray.exe" [2007-12-20 11:13 1238336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
R0 phooks;phooks;D:\WINDOWS\system32\drivers\phooks.sys [2007-10-11 01:06]
R0 TfFsMon;TfFsMon;D:\WINDOWS\system32\drivers\TfFsMon.sys [2007-12-20 11:24]
R0 TfSysMon;TfSysMon;D:\WINDOWS\system32\drivers\TfSysMon.sys [2007-12-20 11:24]
R2 dmsmbios;dmsmbios;D:\WINDOWS\System32\dmsmbios.sys [2000-05-03 07:42]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:26]
R2 ThreatFire;ThreatFire;D:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;D:\WINDOWS\system32\drivers\TfNetMon.sys [2007-12-20 11:13]
S1 vcdrom;Virtual CD-ROM Device Driver;F:\inst\games\AGE OF MYTHOLOGY + THE TITANS EXPANSION DVD\Age of Mythology + The Titans Expansion DVD.iso [2007-09-17 07:28]
S3 06d11;06d11;D:\WINDOWS\system32\06d11.sys [2007-10-10 02:37]
S3 1f32;1f32;D:\WINDOWS\system32\1f32.sys [2007-10-11 01:03]
S3 5b42;5b42;D:\WINDOWS\system32\5b42.sys [2007-10-18 10:12]
S3 ca317;ca317;D:\WINDOWS\system32\ca317.sys [2007-10-10 00:22]
S3 f3a3;f3a3;D:\WINDOWS\system32\f3a3.sys [2007-10-10 15:08]
S3 f4a1B;f4a1B;D:\WINDOWS\system32\f4a1B.sys [2007-12-14 01:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\390.tmp []
S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 17:40:49 D:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- d:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-17 12:43:43 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-15 09:10:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 18:13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 18:17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 12:47:06
ComboFix2.txt 2008-01-17 12:09:45
.
2007-11-11 15:11:30 --- E O F ---
_________________________________________________________________________________________________
SmitFraudFix v2.274
Scan done at 17:47:07.14, Thu 01/17/2008
Run from D:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer=203.94.227.70,203.94.243.70
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C472BC8B-ACE3-4CFB-94C7-632B9840FD20}: NameServer=203.94.227.70,203.94.243.70
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
__________________________________________________________________________________________________
LOST THE COMPLETE SCAN LOG , BUT HERES ONE OF THE CRITICAL AREAS FOR A START : )
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-17 17:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/01/2008
Kaspersky Anti-Virus database records: 513742
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
D:\WINDOWS
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Scan Statistics:
Total number of scanned objects: 20594
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:17:46
Infected Object Name / Virus Name / Last Action
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{56D1DA21-EE33-404B-A540-264DCC4BD54C}.bin Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_400.dat Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped
D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79D7.tmp Object is locked skipped
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79DE.tmp Object is locked skipped
Scan process completed.
WinPatrol 2017.5.1010.0
WinPatrol uses a heuristic behavioral approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others prepare to update their definition/signiture data files.
Overview
WinPatrol is a Freeware software in the category Internet developed by BillP Studios.
It was checked for updates 188 times by the users of our client application UpdateStar during the last month.
The latest version of WinPatrol is 2017.5.1010.0 , released on 05/04/2017. It was initially added to our database on 09/27/2007.
WinPatrol runs on the following operating systems: Windows.
Users of WinPatrol gave it a rating of 5 out of 5 stars.
PdivdivdivtdtdtddivИсточник: [https:torrent-igruha. org3551-portal. html]div divh2April 2020 Calendarh2divView the month calendar of April 2020 including week numbers.
brbrdivpCitynbsp; pdivtabletheadtrthDateththSunriseththSunsetththLength of daythtrtheadtbodytrtdApril 1, 2020tdtd6:38tdtd19:22tdtd12h 44mtdtrtrtdApril 2, 2020tdtd6:37tdtd19:23tdtd12h 46mtdtrtrtdApril 3, 2020tdtd6:35tdtd19:24tdtd12h 49mtdtrtrtdApril 4, 2020tdtd6:34tdtd19:25tdtd12h 51mtdtrtrtdApril 5, 2020tdtd6:32tdtd19:26tdtd12h 54mtdtrtrtdApril 6, 2020tdtd6:30tdtd19:27tdtd12h 57mtdtrtrtdApril 7, 2020tdtd6:29tdtd19:28tdtd12h 59mtdtrtrtdApril 8, 2020tdtd6:27tdtd19:29tdtd13h 2mtdtrtrtdApril 9, 2020tdtd6:26tdtd19:30tdtd13h 4mtdtrtrtdApril 10, 2020tdtd6:24tdtd19:31tdtd13h 7mtdtrtrtdApril 11, 2020tdtd6:22tdtd19:32tdtd13h 10mtdtrtrtdApril 12, 2020tdtd6:21tdtd19:33tdtd13h 12mtdtrtrtdApril 13, 2020tdtd6:19tdtd19:34tdtd13h 15mtdtrtrtdApril 14, 2020tdtd6:18tdtd19:35tdtd13h 17mtdtrtrtdApril 15, 2020tdtd6:16tdtd19:36tdtd13h 20mtdtrtrtdApril 16, 2020tdtd6:15tdtd19:37tdtd13h 22mtdtrtrtdApril 17, 2020tdtd6:13tdtd19:38tdtd13h 25mtdtrtrtdApril 18, 2020tdtd6:12tdtd19:39tdtd13h 27mtdtrtrtdApril 19, 2020tdtd6:10tdtd19:40tdtd13h 30mtdtrtrtdApril 20, 2020tdtd6:09tdtd19:41tdtd13h 32mtdtrtrtdApril 21, 2020tdtd6:07tdtd19:43tdtd13h 36mtdtrtrtdApril 22, 2020tdtd6:06tdtd19:44tdtd13h 38mtdtrtrtdApril 23, 2020tdtd6:04tdtd19:45tdtd13h 41mtdtrtrtdApril 24, 2020tdtd6:03tdtd19:46tdtd13h 43mtdtrtrtdApril 25, 2020tdtd6:02tdtd19:47tdtd13h 45mtdtrtrtdApril 26, 2020tdtd6:00tdtd19:48tdtd13h 48mtdtrtrtdApril 27, 2020tdtd5:59tdtd19:49tdtd13h 50mtdtrtrtdApril 28, 2020tdtd5:58tdtd19:50tdtd13h 52mtdtrtrtdApril 29, 2020tdtd5:56tdtd19:51tdtd13h 55mtdtrtrtdApril 30, 2020tdtd5:55tdtd19:52tdtd13h 57mtdtrtbodytablebrpThe sunrise and sunset are calculated from New York.
All the times in the April 2020 calendar may differ when you eg live east or west in the United States.
.What’s New in the Winpatrol 12.2.2007.0 WORK serial key or number?
Screen Shot
System Requirements for Winpatrol 12.2.2007.0 WORK serial key or number
- First, download the Winpatrol 12.2.2007.0 WORK serial key or number
-
You can download its setup from given links:
Winpatrol 12.2.2007.0 WORK serial key or number & Free Download
Winpatrol 12.2.2007.0 WORK serial key or number& Kali Software Crack
Winpatrol 12.2.2007.0 WORK serial key or number
About Author
