Author Topic: Win32 Virus - Boot-time Scan Failure  (Read 36688 times)

0 Members and 1 Guest are viewing this topic.

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #30 on: August 14, 2009, 02:48:12 AM »
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WED669~1.RES
Status: Locked to the Windows API!

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #31 on: August 14, 2009, 02:48:39 AM »
Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.18096_none_ada2ec92b42bf87e\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #32 on: August 14, 2009, 02:49:08 AM »
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6002.18005_none_a247400ed5fa688d\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18000_none_beb38cd34d56a01d\$$DeleteMe.WSDApi.dll.01ca1c3caf379788.0046
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none_31e03b2fbc06d9a0\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.22208_none_340b5a85b8f92847\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6002.18005_none_356532909d048bea\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6000.16708_none_ac1fffb2b6ba9be9\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6000.20864_none_ac64bbcdd00c7dfd\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6002.18005_none_cca9032f8a7fd6e4\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6002.18005_none_cca9032f8a7fd6e4\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.22208_none_416e7466091f7c7c\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6002.18005_none_42c84c70ed2ae01f\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.16708_none_c7595a2aa4b56e63\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.20864_none_c79e1645be075077\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.18096_none_c8dc470aa226caf8\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.22208_none_c9c9359bbaf99f1e\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6002.18005_none_cb230da69f0502c1\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.16708_none_3efe98f4f2db4bc1\WINFXL~1.XML
Status: Locked to the Windows API!

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #33 on: August 14, 2009, 02:49:33 AM »
Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.20864_none_3f4355100c2d2dd5\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6002.18005_none_83a8694719af9b52\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_4180b46a5c473b6d\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_41c5708575991d81\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_4303a14a59b89802\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_43f08fdb728b6c28\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_325856a50f01ab0d\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_329d12c028538d21\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.16708_none_080e70cf835a2dc3\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.20864_none_08532cea9cac0fd7\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.18096_none_09915daf80cb8a58\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.22208_none_0a7e4c40999e5e7e\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6002.18005_none_0bd8244b7da9c221\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.22208_none_a0ed6803f1ef04ea\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.22208_none_ae8fdb23ccfecca4\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\$$DeleteMe.ieframe.dll.01ca1c3caf992fe8.0051
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\$$DeleteMe.iertutil.dll.01ca1c3cb01c1b88.0056
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\$$DeleteMe.WmiPrvSD.dll.01ca1c3cb8923ec8.00bf
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\$$DeleteMe.WmiPrvSE.exe.01ca1c3cb82be3a8.00b8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.0.6001.18000_none_7e41b9e130eb1f1b\$$DeleteMe.repdrvfs.dll.01ca1c3cb8970188.00c0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\$$DeleteMe.win32spl.dll.01ca1c3cae048628.002d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18071_none_b67ee04bd42814da\$$DeleteMe.urlmon.dll.01ca1c3ea5a27fa9.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\$$DeleteMe.wscapi.dll.01ca1c3caec092c8.003c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6001.18000_none_4e777d79f985fac8\$$DeleteMe.SLsvc.exe.01ca1c3cae4269e8.0035
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\$$DeleteMe.slwga.dll.01ca1c3cb0091088.0053
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\$$DeleteMe.netlogon.dll.01ca1c3cad83fbe8.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsasrv.dll.01ca1c3ca71e49e8.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsass.exe.01ca1c3ca71be888.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.secur32.dll.01ca1c3ca727cf68.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01ca1c3caf437e68.004b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\$$DeleteMe.rpcss.dll.01ca1c3cb3cd1d68.0090
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\$$DeleteMe.msxml6.dll.01ca1c3cb7534688.00b5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.0.6000.16386_none_9196a743555429b0\$$DeleteMe.davclnt.dll.01ca1c3cb49e9668.009e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine.resources_31bf3856ad364e35_7.0.6001.16503_en-us_8098ad9eb2e68e7c\$$DeleteMe.tquery.dll.mui.01ca1c3cbdb1d468.00c4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.msscb.dll.01ca1c3cb3b2ee48.008d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.mssprxy.dll.01ca1c3cb37047c8.007c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.mssrch.dll.01ca1c3cb379cd48.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.SearchIndexer.exe.01ca1c3cb36460e8.0079
Status: Locked to the Windows API!

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #34 on: August 14, 2009, 02:49:56 AM »
Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.tquery.dll.01ca1c3cb380f168.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\$$DeleteMe.rpcrt4.dll.01ca1c3cb5029028.00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\$$DeleteMe.wevtapi.dll.01ca1c3cab35a6e8.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01ca1c3cb0a16888.005c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef70\$$DeleteMe.winhttp.dll.01ca1c3cadc1dfa8.0028
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.20864_none_c2d84ebb9c4922b1\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18096_none_c4167f8080689d32\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.22208_none_c5036e11993b7158\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6002.18005_none_c65d461c7d46d4fb\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_9e7d8c92dbaad42f\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_9ec248adf4fcb643\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_a0007972d91c30c4\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a945c1d1\$$DeleteMe.locale.nls.01ca1c3cb643e9c8.00b1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01ca1c3cadf17b28.0029
Status: Locked to the Windows API!

Path: C:\Windows\inf\MSDTC Bridge 3.0.0.0\0000\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\ServiceModelService 3.0.0.0\0000\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\ServiceModelEndpoint 3.0.0.0\0000\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAR
Status: Locked to the Windows API!

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.001
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 491520, Raw: 0)

Path: C:\Windows\winsxs\Temp\PendingDeletes\lpk.dll
Status: Locked to the Windows API!

Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Users\John\AppData\Local\Temp\UAC6add.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_TRANS~1.REG
Status: Locked to the Windows API!

Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\users\john\appdata\roaming\mozilla\firefox\profiles\yeictqiv.default\cookies.sqlite-journal
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: C:\Users\John\AppData\Local\Apps\2.0\3E24BYAM.KH2\3CJ340RY.9ZV\manifests\GamParse.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\John\AppData\Local\Apps\2.0\3E24BYAM.KH2\3CJ340RY.9ZV\manifests\GamParse.exe.manifest
Status: Locked to the Windows API!

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #35 on: August 14, 2009, 02:51:46 AM »
Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K322BZ4\UACA41MG8XCABD9P61CAM082T7CAL3XEZ4CA3AL40ZCAZGXDP3CADQO3PUCAHB03RECACUQ17ICAVIJS2FCA9X39Q0CAMQP81TCA67ODIYCAAAPOV9CAD1LSXDCABADRTOCADF37NOCAICYTJECAXLKWZLCAOM9YP4
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K322BZ4\UACAAHAQD0CAV5GWHYCA4K2AS6CADR02F6CASTTS00CAKUIBSFCA45HH61CAAGSU39CA9VFY23CAQTKNNZCAFC122TCAKPSP6VCADOLJXXCAK8ZZ7ICAI1TOICCAML4N4LCALLD3XBCA1NNV02CAI6VZK9CAFF9LEQ
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K322BZ4\UACAY396N4CAMG9BJFCAFLN2M0CAW51Z2KCACCQSVDCAFWFINUCAR1N1BBCAIKKHRLCAX53NB1CA11OD4TCA9ZXJLECAUCCLBZCAMQPKQXCAVYZWRQCAGTBSLPCAHYCOQDCAKU9OGUCAA8RVBQCAOK00YDCA0W6C13
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMLLZETS\UACAC86WCKCAOLD63UCA5K85QSCAN10B0DCAQSZ7A9CAGM7878CAVIFG64CASQ01WZCA3P8J30CANRVNHCCANNK66GCAU8UGM4CAWZCKHVCA0IDUGMCAOCBV35CALBXGFVCA195QFNCA2QWM09CAGKLKDPCA6MPHZB
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMLLZETS\UACAR4YTSACA6HU6BSCAUB5SQ8CA14OMSLCAZA7XZ4CAAI1KOJCARS4FLACAXM5QSQCABG7M3ACAAE0X7VCAIPFW7JCAIYLHE2CAXLCKTDCACB2NLRCAB0EYKACA17LC4ACASFG75RCAT9BB3TCA1ZOLXXCABZNJUR
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0Q0KSPN\UACAFT97EBCAOK3Q4UCA1O7KJHCAJCYZS3CAXF871CCA5BNE3BCAR0QS3FCAE4WIXLCA2XI4LNCAE8IV8KCAJWXXUOCA93DGTQCAM89A1PCA9PU7I2CAVLJBU4CAISPPCHCAFINQU7CAPTEDABCANDIKTKCAAZXPWS
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0Q0KSPN\UACAMFKKK0CAMHJW2QCAYUESKDCA6EZ5B4CAVKO4MRCABH41OOCA9HO3H1CAQ9LTEYCAR1QVQUCAIU62F8CAEQ8Q68CA06K7PXCAXA05R6CAWVD2C8CAQB38XVCAWR0W0LCAZD314LCAEUVR7OCAZ8G41JCAAQGF85
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T58QDZB6\UACAGV2RDNCAQRCN79CA75NK0QCADRR111CAUHRV8ZCAXF8ZWNCA1V1BR5CATTPG3FCAX70HL8CAN44RJMCA1D5X1PCAYHN89MCA6AJLMCCA2D6DDVCAN490DPCAETNUDUCAD8ZKGDCA4XV3P0CA2TCVG7CAXLG1ZI
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T58QDZB6\UACAEAE08DCAGLHBU2CAY1KX1LCAY11X26CA12JZYUCA2WEJPNCAZ1O5FMCANG8SIXCAVYKLEICA0GD5IGCA6NHMFRCASGJ1ODCAJGFEX1CAE3Q66CCA0V6U0LCAYB3D3KCA1G0FBZCAUDI46UCA332DH3CAUUEPQ7
Status: Invisible to the Windows API!

Path: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T58QDZB6\UACAFLVNRCCAMNALT6CAUZSJO7CA8WHK4TCAIDAMLOCAIUEGG0CAYP8S67CAY41RB0CAXFLX29CARMP00GCAI0ZLCVCA1TOUZ9CATAK2XSCAJKRILMCAZ92060CAPPJ8TZCAAA2HOVCAAM343LCAND1HVPCA9OA4GH
Status: Invisible to the Windows API!

Path: c:\users\john\appdata\local\mozilla\firefox\profiles\yeictqiv.default\cache\_cache_001_
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\users\john\appdata\local\mozilla\firefox\profiles\yeictqiv.default\cache\_cache_002_
Status: Allocation size mismatch (API: 131072, Raw: 0)

Path: c:\users\john\appdata\local\mozilla\firefox\profiles\yeictqiv.default\cache\_cache_003_
Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\users\john\appdata\local\mozilla\firefox\profiles\yeictqiv.default\cache\_cache_map_
Status: Allocation size mismatch (API: 280, Raw: 0)

And thats the last of it! I was trying to maximize characters per post to minimize posts at first, but that was rather time consuming.

-BlackRoseBaron

Offline mathboyx215

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 449
Re: Win32 Virus - Boot-time Scan Failure
« Reply #36 on: August 14, 2009, 03:03:50 AM »
Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\Windows\System32\UAChhfeuusppy.dll
C:\Windows\System32\uacinit.dll
C:\Windows\System32\UACniakiftpcn.dll
C:\Windows\System32\UACnqumyvyqil.dll
C:\Windows\System32\UACrhttajeqxc.dll
C:\Windows\System32\drivers\UACwusrmodctc.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

After you have rebooted,post back and I will tell you what to do next
It is not possible to divide anything by zero

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: Win32 Virus - Boot-time Scan Failure
« Reply #37 on: August 14, 2009, 03:24:28 AM »
After having removed those mentioned by mathboyx215 and rebooted, you can also clear all the uac9999.tmp (where 9999 are random alpha numeric characters) files in windows\temp folder, easiest probably to clear out the contents of the Windows\Temp folder.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #38 on: August 14, 2009, 03:29:21 AM »
It's been done, not the temp files yet, but the .dll and .sys have been wiped and reboot completed.

Offline mathboyx215

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 449
Re: Win32 Virus - Boot-time Scan Failure
« Reply #39 on: August 14, 2009, 03:35:23 AM »
After you have clear the temp files,I would like you to run another quick scan from malwarebytes and post back a log
It is not possible to divide anything by zero

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #40 on: August 14, 2009, 04:03:52 AM »
Oddly, when I re-ran RootRepeal again, I got no UAC in the results.

I went ahead and did MB quick scan, and here is the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2616
Windows 6.0.6002 Service Pack 2 (Safe Mode)

8/13/2009 8:57:42 PM
mbam-log-2009-08-13 (20-57-34).txt

Scan type: Quick Scan
Objects scanned: 76139
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\UACcb0b.tmp (Rogue.Agent) -> No action taken.
C:\Windows\Temp\UACe204.tmp (Rogue.Agent) -> No action taken.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACepqvcdeymm.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\UAChhfeuusppy.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACniakiftpcn.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACnqumyvyqil.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACrhttajeqxc.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\UACwusrmodctc.sys (Trojan.Agent) -> No action taken.

I hit repair, and then rebooted. I'm going to re-scan with RR and MB to see what remains.

-BlackRoseBaron

Edit: MB Quickscan was clean, re-running RR.
« Last Edit: August 14, 2009, 04:08:28 AM by BlackRoseBaron »

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #41 on: August 14, 2009, 04:15:26 AM »
Update: Security Center Symptom has been slain!



Score!

I'm going to try Combofix next along with other scans which had frozen before, unless there is something else specific that would be advised.

All of you have been extremely helpful.

-BlackRoseBaron

Edit: RR appears clear, trying MalwareBytes full scan -> Avast boot-time scan -> Superantispyware -> Combofix to see whats left behind.
« Last Edit: August 14, 2009, 04:24:05 AM by BlackRoseBaron »

Offline mathboyx215

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 449
Re: Win32 Virus - Boot-time Scan Failure
« Reply #42 on: August 14, 2009, 04:36:24 AM »
One advice.
When running combofix,make sure you have no other programs running.
Also,don't click on the combofix window or type anything as that will cause combofix to stall
It is not possible to divide anything by zero

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: Win32 Virus - Boot-time Scan Failure
« Reply #43 on: August 14, 2009, 03:14:01 PM »
Having cleaned the protection processes with RR the underlying malware id revealed and it is that which is picked up by MBAM, you should have allowed MABM to deal with them.

If you haven't already run combofix you can clean up first with MBAM - Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BlackRoseBaron

  • Guest
Re: Win32 Virus - Boot-time Scan Failure
« Reply #44 on: August 14, 2009, 08:20:40 PM »
I got a clean scan without infections with Malwarebytes complete scan and Avast complete scan (2nd run).

However, Superantispyware reported 5 rootkit which were not removed after rebooting and rescanning twice.



Following this, I ran Combofix. I'll copy / paste log in following posts.

I'll now be checking if Superantispyware still picks up those 5 rootkits unless something else is advised.

-BlackRoseBaron