Login 
 Search | |
| |
| Thread Tools |
30-Oct-2009, 08:10 PM
#31 | ||||||
| I am of the opinion that we are pretty well there with your machine but there are a couple of things make me slightly uncomfortable so I would like you to carry out one last scan before we go to cleaning away the tools we have been using. Just want to have another look to make sure that that rootkit GMER found and I think we got rid of hasn't still got parts of itself still hidden deep down there. Please download and save SysProt AntiRootkit to your Desktop.
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
| |
30-Oct-2009, 08:41 PM
#32 | ||||||
| Hello, Below is the log. SysProt AntiRootkit v1.0.1.0 by swatkat *************************************************************************** *************** *************************************************************************** *************** Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\smss.exe PID: 508 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\csrss.exe PID: 552 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\winlogon.exe PID: 576 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 620 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\lsass.exe PID: 632 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 824 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 872 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 968 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PID: 1020 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PID: 1100 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PID: 1136 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1196 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1324 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spoolsv.exe PID: 1532 Hidden: No Window Visible: No Name: C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\PCGProt.exe PID: 1584 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1612 Hidden: No Window Visible: No Name: C:\WINDOWS\explorer.exe PID: 304 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe PID: 528 Hidden: No Window Visible: No Name: C:\Program Files\Bonjour\mDNSResponder.exe PID: 548 Hidden: No Window Visible: No Name: C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\DISrv.exe PID: 960 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG8\avgrsx.exe PID: 1180 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe PID: 1220 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jqs.exe PID: 752 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PID: 1828 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PID: 1864 Hidden: No Window Visible: No Name: C:\Program Files\Apoint\Apoint.exe PID: 1912 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\hkcmd.exe PID: 1928 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\igfxpers.exe PID: 1940 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PID: 1964 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\igfxsrvc.exe PID: 1988 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PID: 1996 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\DLA\DLACTRLW.EXE PID: 2084 Hidden: No Window Visible: No Name: C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\LaunchEPHD.exe PID: 2100 Hidden: No Window Visible: No Name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe PID: 2120 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe PID: 2148 Hidden: No Window Visible: No Name: C:\Program Files\Apoint\ApntEx.exe PID: 2160 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PID: 2172 Hidden: No Window Visible: No Name: C:\Program Files\iTunes\iTunesHelper.exe PID: 2192 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe PID: 2232 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe PID: 2256 Hidden: No Window Visible: No Name: C:\Program Files\Apoint\hidfind.exe PID: 2264 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe PID: 2308 Hidden: No Window Visible: No Name: C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PID: 2352 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jusched.exe PID: 2408 Hidden: No Window Visible: No Name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PID: 2448 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PID: 2664 Hidden: No Window Visible: No Name: C:\Program Files\Digital Line Detect\DLG.exe PID: 2792 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PID: 2852 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PID: 3216 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 3252 Hidden: No Window Visible: No Name: C:\Program Files\iPod\bin\iPodService.exe PID: 3908 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wbem\wmiprvse.exe PID: 3992 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wbem\wmiprvse.exe PID: 4048 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\alg.exe PID: 1344 Hidden: No Window Visible: No Name: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe PID: 2500 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wuauclt.exe PID: 3888 Hidden: No Window Visible: No Name: C:\Program Files\Flock\flock.exe PID: 3652 Hidden: No Window Visible: No Name: G:\Skype.exe PID: 388 Hidden: No Window Visible: No Name: C:\Documents and Settings\Administrator\Desktop\SysProt\SysProt\SysProt.exe PID: 2528 Hidden: No Window Visible: Yes *************************************************************************** *************** *************************************************************************** *************** Kernel Modules: Module Name: \??\C:\Documents and Settings\Administrator\Desktop\SysProt\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: 99D44000 Module End: 99D4F000 Hidden: No Module Name: \WINDOWS\system32\ntkrnlpa.exe Service Name: --- Module Base: 804D7000 Module End: 806E4000 Hidden: No Module Name: \WINDOWS\system32\hal.dll Service Name: --- Module Base: 806E4000 Module End: 80704D00 Hidden: No Module Name: \WINDOWS\system32\KDCOM.DLL Service Name: --- Module Base: F7A70000 Module End: F7A72000 Hidden: No Module Name: \WINDOWS\system32\BOOTVID.dll Service Name: --- Module Base: F7980000 Module End: F7983000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ephdlink.sys Service Name: ephdlink Module Base: F7A72000 Module End: F7A74000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ACPI.sys Service Name: ACPI Module Base: F7441000 Module End: F746F000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS Service Name: --- Module Base: F7A74000 Module End: F7A76000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pci.sys Service Name: PCI Module Base: F7430000 Module End: F7441000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\isapnp.sys Service Name: isapnp Module Base: F7570000 Module End: F757A000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\compbatt.sys Service Name: Compbatt Module Base: F7984000 Module End: F7987000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS Service Name: BattC Module Base: F7988000 Module End: F798C000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pciide.sys Service Name: PCIIde Module Base: F7B38000 Module End: F7B39000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Service Name: --- Module Base: F77F0000 Module End: F77F7000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys Service Name: Pcmcia Module Base: F7412000 Module End: F7430000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys Service Name: MountMgr Module Base: F7580000 Module End: F758B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys Service Name: Disk Module Base: F73F3000 Module End: F7412000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmio.sys Service Name: dmio Module Base: F73CD000 Module End: F73F3000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys Service Name: PartMgr Module Base: F77F8000 Module End: F77FD000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys Service Name: VolSnap Module Base: F7590000 Module End: F759D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\atapi.sys Service Name: atapi Module Base: F73B5000 Module End: F73CD000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\disk.sys Service Name: --- Module Base: F75A0000 Module End: F75A9000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Service Name: --- Module Base: F75B0000 Module End: F75BD000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: F7395000 Module End: F73B5000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sr.sys Service Name: sr Module Base: F7383000 Module End: F7395000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS Service Name: DRVMCDB Module Base: F736D000 Module End: F7383000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\eafsprot.sys Service Name: EAFSPROT Module Base: F798C000 Module End: F798F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: F75C0000 Module End: F75C9000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\TPkd.sys Service Name: TPkd Module Base: F734F000 Module End: F736D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys Service Name: KSecDD Module Base: F7338000 Module End: F734F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys Service Name: Ntfs Module Base: F72AB000 Module End: F7338000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\NDIS.sys Service Name: NDIS Module Base: F727E000 Module End: F72AB000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys Service Name: ohci1394 Module Base: F75D0000 Module End: F75E0000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS Service Name: --- Module Base: F75E0000 Module End: F75EE000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Mup.sys Service Name: Mup Module Base: F7264000 Module End: F727E000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\EPHDXLAT.sys Service Name: EPHDXLAT Module Base: F724E000 Module End: F7264000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\DGRoot.SYS Service Name: DGRoot Module Base: F723C000 Module End: F724E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys Service Name: NIC1394 Module Base: F7770000 Module End: F7780000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: F635E000 Module End: F6367000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys Service Name: CmBatt Module Base: F69EA000 Module End: F69EE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys Service Name: ialm Module Base: F61F0000 Module End: F633E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Service Name: --- Module Base: F61DC000 Module End: F61F0000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Service Name: HDAudBus Module Base: F61B4000 Module End: F61DC000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\w39n51.sys Service Name: w39n51 Module Base: F6057000 Module End: F61B4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: F7910000 Module End: F7916000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: F6033000 Module End: F6057000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: F7918000 Module End: F7920000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys Service Name: bcm4sbxp Module Base: F634E000 Module End: F635A000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Service Name: i8042prt Module Base: F633E000 Module End: F634B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys Service Name: ApfiltrService Module Base: F6018000 Module End: F6033000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys Service Name: Mouclass Module Base: F78F0000 Module End: F78F6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Service Name: Kbdclass Module Base: F78F8000 Module End: F78FE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys Service Name: Serial Module Base: F7640000 Module End: F7650000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys Service Name: serenum Module Base: F69E2000 Module End: F69E6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys Service Name: Imapi Module Base: F7650000 Module End: F765B000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS Service Name: DLACDBHM Module Base: F7AAC000 Module End: F7AAE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys Service Name: Cdrom Module Base: F7660000 Module End: F7670000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys Service Name: redbook Module Base: F7670000 Module End: F767F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys Service Name: --- Module Base: F5FF5000 Module End: F6018000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys Service Name: GEARAspiWDM Module Base: F7900000 Module End: F7906000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys Service Name: audstub Module Base: F7BDC000 Module End: F7BDD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: F7680000 Module End: F768D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: F69DA000 Module End: F69DD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: F5FDE000 Module End: F5FF5000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: F7690000 Module End: F769B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: F76A0000 Module End: F76AC000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: F7908000 Module End: F790D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys Service Name: PSched Module Base: F5FCD000 Module End: F5FDE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys Service Name: Gpc Module Base: F76B0000 Module End: F76B9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys Service Name: Ptilink Module Base: F7920000 Module End: F7925000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys Service Name: Raspti Module Base: F7928000 Module End: F792D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: F5F9D000 Module End: F5FCD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: F76C0000 Module End: F76CA000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: F7AAE000 Module End: F7AB0000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\update.sys Service Name: Update Module Base: F5F3F000 Module End: F5F9D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: F7A1C000 Module End: F7A20000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: F76D0000 Module End: F76DA000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sthda.sys Service Name: STHDA Module Base: A9CC6000 Module End: A9DD6000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\portcls.sys Service Name: --- Module Base: A9CA2000 Module End: A9CC6000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\drmk.sys Service Name: --- Module Base: F77A0000 Module End: F77AF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys Service Name: HSXHWAZL Module Base: A9C68000 Module End: A9CA2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys Service Name: HSF_DPV Module Base: A9B71000 Module End: A9C68000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys Service Name: winachsf Module Base: A9ABB000 Module End: A9B71000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS Service Name: Modem Module Base: F7970000 Module End: F7978000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: F77E0000 Module End: F77EF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: F7AC6000 Module End: F7AC8000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Service Name: i2omgmt Module Base: F7208000 Module End: F720B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Service Name: USBSTOR Module Base: F78E8000 Module End: F78EF000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: F7AF0000 Module End: F7AF2000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Null.SYS Service Name: Null Module Base: F7BB4000 Module End: F7BB5000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS Service Name: Beep Module Base: F7AFC000 Module End: F7AFE000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS Service Name: DLARTL_N Module Base: A8FB9000 Module End: A8FBF000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\vga.sys Service Name: VgaSave Module Base: A8176000 Module End: A817C000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS Service Name: mnmdd Module Base: F7AFE000 Module End: F7B00000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: F7B00000 Module End: F7B02000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: A5D95000 Module End: A5D9A000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: A5D8D000 Module End: A5D95000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: F5F23000 Module End: F5F26000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys Service Name: IPSec Module Base: A4C26000 Module End: A4C39000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys Service Name: Tcpip Module Base: A4BCD000 Module End: A4C26000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys Service Name: AvgTdiX Module Base: A4BB4000 Module End: A4BCD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: A6C33000 Module End: A6C3C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys Service Name: IpNat Module Base: A4AEE000 Module End: A4B14000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys Service Name: NetBT Module Base: A4AC6000 Module End: A4AEE000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys Service Name: WS2IFSL Module Base: A9E07000 Module End: A9E0A000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\afd.sys Service Name: AFD Module Base: A4AA4000 Module End: A4AC6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys Service Name: Arp1394 Module Base: A6C23000 Module End: A6C32000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: A6C13000 Module End: A6C1C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys Service Name: Rdbss Module Base: A4A51000 Module End: A4A7C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Service Name: MRxSmb Module Base: A49E1000 Module End: A4A51000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS Service Name: Fips Module Base: A6C03000 Module End: A6C0E000 Hidden: No Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Service Name: eeCtrl Module Base: A4095000 Module End: A40F3000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys Service Name: AvgMfx86 Module Base: A5D4D000 Module End: A5D53000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys Service Name: AvgLdx86 Module Base: A4044000 Module End: A4095000 Hidden: No |
30-Oct-2009, 08:42 PM
#33 | ||||||
| Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS Service Name: APPDRV Module Base: 9DC94000 Module End: 9DC98000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS Service Name: Cdfs Module Base: F638E000 Module End: F639E000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS Service Name: Fastfat Module Base: 9AEEF000 Module End: 9AF13000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: 9AED7000 Module End: 9AEEF000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F7A7C000 Module End: F7A7E000 Hidden: Yes Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys Service Name: --- Module Base: 9B512000 Module End: 9B515000 Hidden: No Module Name: C:\WINDOWS\System32\watchdog.sys Service Name: --- Module Base: 9B550000 Module End: 9B555000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys Service Name: --- Module Base: F7C94000 Module End: F7C95000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS Service Name: DRVNDDM Module Base: A84ED000 Module End: A84F7000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS Service Name: DLADResN Module Base: 9B08F000 Module End: 9B090000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS Service Name: DLAIFS_M Module Base: 9AEC1000 Module End: 9AED7000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS Service Name: DLAOPIOM Module Base: A2718000 Module End: A271C000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS Service Name: DLAPoolM Module Base: 9AF27000 Module End: 9AF29000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS Service Name: DLABOIOM Module Base: 9AF85000 Module End: 9AF8C000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS Service Name: DLAUDFAM Module Base: 9AEA9000 Module End: 9AEC1000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS Service Name: DLAUDF_M Module Base: 9AE93000 Module End: 9AEA9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys Service Name: AegisP Module Base: A816E000 Module End: A8173000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\diginet.sys Service Name: DigiNet Module Base: A814E000 Module End: A8156000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys Service Name: s24trans Module Base: F5F33000 Module End: F5F37000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: A4A98000 Module End: A4A9C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Service Name: MRxDAV Module Base: 9ADEE000 Module End: 9AE1B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys Service Name: wdmaud Module Base: 9AD89000 Module End: 9AD9E000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys Service Name: sysaudio Module Base: F636E000 Module End: F637D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys Service Name: Srv Module Base: 9AB01000 Module End: 9AB53000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys Service Name: mdmxsdk Module Base: 9AC0F000 Module End: 9AC13000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys Service Name: HTTP Module Base: 9A16A000 Module End: 9A1AB000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\kmixer.sys Service Name: kmixer Module Base: 99C89000 Module End: 99CB4000 Hidden: No *************************************************************************** *************** *************************************************************************** *************** No SSDT Hooks found *************************************************************************** *************** *************************************************************************** *************** No Kernel Hooks found *************************************************************************** *************** *************************************************************************** *************** No IRP Hooks found *************************************************************************** *************** *************************************************************************** *************** Ports: Local Address: PAR3F15TB1:18080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: PAR3F15TB1:13128 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1589 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1587 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1584 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1582 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1579 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1576 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1573 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1571 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: LOCALHOST:1567 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:10080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: PAR3F15TB1:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: PAR3F15TB1:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: PAR3F15TB1:3489 Remote Address: LOCALHOST:10080 Type: TCP Process: C:\Program Files\Java\jre6\bin\jusched.exe State: CLOSE_WAIT Local Address: PAR3F15TB1:1589 Remote Address: LOCALHOST:10080 Type: TCP Process: C:\Program Files\Flock\flock.exe State: ESTABLISHED Local Address: PAR3F15TB1:1582 Remote Address: LOCALHOST:10080 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: PAR3F15TB1:1120 Remote Address: LOCALHOST:1119 Type: TCP Process: C:\Program Files\Flock\flock.exe State: ESTABLISHED Local Address: PAR3F15TB1:1119 Remote Address: LOCALHOST:1120 Type: TCP Process: C:\Program Files\Flock\flock.exe State: ESTABLISHED Local Address: PAR3F15TB1:1112 Remote Address: LOCALHOST:1111 Type: TCP Process: C:\Program Files\Flock\flock.exe State: ESTABLISHED Local Address: PAR3F15TB1:1111 Remote Address: LOCALHOST:1112 Type: TCP Process: C:\Program Files\Flock\flock.exe State: ESTABLISHED Local Address: PAR3F15TB1:1033 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: PAR3F15TB1:1028 Remote Address: LOCALHOST:1027 Type: TCP Process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe State: ESTABLISHED Local Address: PAR3F15TB1:1027 Remote Address: LOCALHOST:1028 Type: TCP Process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe State: ESTABLISHED Local Address: PAR3F15TB1:3568 Remote Address: C-76-22-34-2.HSD1.WA.COMCAST.NET:33868 Type: TCP Process: G:\Skype.exe State: ESTABLISHED Local Address: PAR3F15TB1:1590 Remote Address: CHANNEL46-09-01-SNC1.FACEBOOK.COM:HTTP Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: PAR3F15TB1:1554 Remote Address: WWW-11-01-SNC2.FACEBOOK.COM:HTTP Type: TCP Process: C:\Program Files\Flock\flock.exe State: ESTABLISHED Local Address: PAR3F15TB1:1052 Remote Address: SIP21.VOICE.RE2.YAHOO.COM:5050 Type: TCP Process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe State: ESTABLISHED Local Address: PAR3F15TB1:1042 Remote Address: CS124.MSG.AC4.YAHOO.COM:5050 Type: TCP Process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe State: ESTABLISHED Local Address: PAR3F15TB1:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: PAR3F15TB1:60406 Remote Address: 0.0.0.0:0 Type: TCP Process: G:\Skype.exe State: LISTENING Local Address: PAR3F15TB1:5101 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe State: LISTENING Local Address: PAR3F15TB1:1932 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe State: LISTENING Local Address: PAR3F15TB1:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: PAR3F15TB1:HTTPS Remote Address: 0.0.0.0:0 Type: TCP Process: G:\Skype.exe State: LISTENING Local Address: PAR3F15TB1:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: PAR3F15TB1:HTTP Remote Address: 0.0.0.0:0 Type: TCP Process: G:\Skype.exe State: LISTENING Local Address: PAR3F15TB1:3565 Remote Address: NA Type: UDP Process: G:\Skype.exe State: NA Local Address: PAR3F15TB1:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: PAR3F15TB1:1037 Remote Address: NA Type: UDP Process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe State: NA Local Address: PAR3F15TB1:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: PAR3F15TB1:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: PAR3F15TB1:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: PAR3F15TB1:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: PAR3F15TB1:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: PAR3F15TB1:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: PAR3F15TB1:62989 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: PAR3F15TB1:60406 Remote Address: NA Type: UDP Process: G:\Skype.exe State: NA Local Address: PAR3F15TB1:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: PAR3F15TB1:MS-SQL-M Remote Address: NA Type: UDP Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe State: NA Local Address: PAR3F15TB1:1025 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: PAR3F15TB1:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: PAR3F15TB1:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA Local Address: PAR3F15TB1:HTTPS Remote Address: NA Type: UDP Process: G:\Skype.exe State: NA *************************************************************************** *************** *************************************************************************** *************** No hidden files/folders found |
30-Oct-2009, 09:09 PM
#34 | ||||||
| Hello djtappin, I think your machine is clean. We have a couple of last steps to perform and then you're all set.  Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. The SysProt folder can be deleted. ------------------------------------------------------------------------------------------------------------------- A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process. ------------------------------------------------------------------------------------------------------------------- Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them: --------------------------------------------------------------------------------------------------------------------- Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:-------------------------------------------------------------------------------------------------------------------- Make Internet Explorer more secure
* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it. Firefox may be downloaded from Here NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts. ----------------------------------------------------------------------------------------------------------------------- Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed. ----------------------------------------------------------------------------------------------------------------------- To help protect your computer in the future here are some free programs you can look at: If your Microsoft Update is not working automatically. Keep your operating system up to date by visitingmonthly. It is recommended that you do set Windows to check, download and install your updates automatically.
Have a safe and happy computing day!
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
02-Nov-2009, 03:47 PM
#35 | ||||||
| Hello, Thanks for the tips, I was not aware of most of those. My computer is running great! Nice and zippy I must say. However, AVG is finding this infection, but states it can not be deleted as it is a critical file. >>>>>>>>>"C:\WINDOWS\system32\drivers\atapi.sys";"Trojan horse Rootkit-Pakes.U";"Object is white-listed (critical/system file that should not be removed)" Can you tell me if this is true or not? Thanks Desmond J Tappin |
02-Nov-2009, 04:29 PM
#36 | ||||||
| Hello djtappin, Hmm... I thought we had fixed that. We replaced the bad ones... or at least I thought we had. atapi.sys is a system file so you can't just delete it. There is an infection currently out there that does infect atapi.sys but you can also get a false positive i.e. where the anti-virus thinks it is infected but it isn't really. My thought with this one is that it is most likely a false positive particularly with the performance of your machine - usually with that infection you have all sorts of problems running your computer... further, there is a rootkit involved which didn't show with that last scan. Having said all that, let's have another look at those files and see if we missed something. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2
Also, show me that AVG report: To get the results of the latest AVG scan:
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
02-Nov-2009, 05:04 PM
#37 | ||||||
| Hello and thanks for replying back so soon. Below are results you requested. Two of the infections were fixed. I actually got those yesterday when I was looking for drivers for another laptop of mine, but AVG fixed them and I deleted the temp files as well. SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 15:49 on 02/11/2009 by Administrator (Administrator - Elevation successful) ========== filefind ========== Searching for "atapi.sys" C:\i386\atapi.sys --a--c 95360 bytes [16:28 24/10/2006] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [00:10 25/04/2009] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\ServicePackFiles\i386\atapi.sys --a--- 95360 bytes [04:09 23/04/2009] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [03:59 04/08/2004] [18:40 13/04/2008] 554DEB762F86770EF2FD7D80B4F68C0F C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys --a--c 95360 bytes [16:41 18/09/2006] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 -=End Of File=- "AVG Scan ""Scheduled scan"" was finished." "Infections";"3";"2";"1" "Warnings";"126" "Folders selected for scanning:";"Scan whole computer" "Scan started:";"Monday, November 02, 2009, 12:00:04 PM" "Scan finished:";"Monday, November 02, 2009, 1:49:02 PM (1 hour(s) 48 minute(s) 58 second(s))" "Total object scanned:";"521681" "User who launched the scan:";"SYSTEM" "Infections" "File";"Infection";"Result" "C:\WINDOWS\system32\drivers\atapi.sys";"Trojan horse Rootkit-Pakes.U";"Object is white-listed (critical/system file that should not be removed)" "C:\Documents and Settings\Administrator\Local Settings\temp\Rar$EX02.406\keygen.exe";"Trojan horse Generic11.BCIT";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Local Settings\temp\Rar$EX00.297\Driver-Detective-6-4-1-3.exe";"Trojan horse PSW.Delf.DWI";"Moved to Virus Vault" "Warnings" "File";"Infection";"Result" "C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt:\doubleclick.net.1d39bd48";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt";"Found Tracking cookie.Webtrends";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\tacoda.net.436 6831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\tacoda.net.c4f e2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\tacoda.net.593 5e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\tacoda.net.273 41d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\statse.webtren dslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\tribalfusion.c om.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.f1d14 556";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.dd15d 628";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.cef1c 7af";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.c1dd0 9f2";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.a5b6a 132";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.6a4b3 6ab";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.27f16 39b";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.17180 eac";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\stat.dealtime. com.f58c396a";"Found Tracking cookie.Dealtime";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.f7a c007f";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\zedo.com.14a38 114";"Found Tracking cookie.Zedo";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\trafficmp.com. f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.449 27ec";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\yadro.ru.c77af ad5";"Found Tracking cookie.Yadro";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\questionmarket .com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\pointroll.com. f2d5a6f6";"Found Tracking cookie.Pointroll";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\trafficmp.com. e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\trafficmp.com. ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\trafficmp.com. a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\trafficmp.com. 37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. 855b46d";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\msnportal.112. 2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\mediaplex.com. f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\smartadserver. com.c5827141";"Found Tracking cookie.Smartadserver";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\smartadserver. com.bf8b766";"Found Tracking cookie.Smartadserver";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\smartadserver. com.5550c4ed";"Found Tracking cookie.Smartadserver";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\smartadserver. com.3e749ab9";"Found Tracking cookie.Smartadserver";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\smartadserver. com.321a5cf8";"Found Tracking cookie.Smartadserver";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\searchportal.i nformation.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.e9d beb91";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.e9b 51fc6";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.864 2c85d";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.50e 13b1b";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.555 64293";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.2df 99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. 6b2e2a72";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\questionmarket .com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\pro-market.net.679dd108";"Found Tracking cookie.Pro-market";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\pro-market.net.2b0015e3";"Found Tracking cookie.Pro-market";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\pro-market.net.266912e2";"Found Tracking cookie.Pro-market";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\pointroll.com. 72c0abc9";"Found Tracking cookie.Pointroll";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\mediaplex.com. dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\mediaplex.com. 323e9a10";"Found Tracking cookie.Mediaplex";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\m.webtrends.co m.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\hitbox.com.bbf 2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\hitbox.com.2b9 5f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\fastclick.net. 8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.a5a 8b88c";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revsci.net.a58 74ce1";"Found Tracking cookie.Revsci";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\revenue.net.bc f44ea1";"Found Tracking cookie.Revenue";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. 9514c147";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\overture.com.d 727de6f";"Found Tracking cookie.Overture";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\overture.com.5 2ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. e14be39e";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. dc841856";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. cb8f36de";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com. a2b49f1a";"Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock |
02-Nov-2009, 05:04 PM
#38 | ||||||
| \Browser\Profiles\uftruf1o.default\cookies.sqlite:\realmedia.com.125a868c"; "Found Tracking cookie.Realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\questionmarket .com.767e4302";"Found Tracking cookie.Questionmarket";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\fastclick.net. 94ca190b";"Found Tracking cookie.Fastclick";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\fastclick.net. 6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\fastclick.net. 57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\fastclick.net. fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\doubleclick.ne t.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.fb62dd4b";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\bluestreak.com .bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.350339d4";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\atdmt.com.f4b8 6dca";"Found Tracking cookie.Atdmt";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.8c65eddd";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.650648e8";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.3a28db8d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\atdmt.com.b3e3 3b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\atdmt.com.7247 c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.ca97f6 e1";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.2d37ad26";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\burstnet.com.c 4fe2ebb";"Found Tracking cookie.Burstnet";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\burstbeacon.co m.c4fe2ebb";"Found Tracking cookie.Burstbeacon";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.156cbc67";"Found Tracking cookie.Casalemedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\burstnet.com.a 3218a37";"Found Tracking cookie.Burstnet";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.e31bc3 56";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.b09227 07";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.ae5b00 07";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\adbrite.com.d5 e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\adbrite.com.71 beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\adbrite.com.44 f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\ad.yieldmanage r.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.909244 a3";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.791906 2b";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.7256b8 c3";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.2dd712 8e";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\2o7.net.1c4134 04";"Found Tracking cookie.2o7";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\247realmedia.c om.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\247realmedia.c om.22701b7f";"Found Tracking cookie.247realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\247realmedia.c om.125a868c";"Found Tracking cookie.247realmedia";"Potentially dangerous object" "C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite";"Found Tracking cookie.Atdmt";"Potentially dangerous object" |
02-Nov-2009, 06:27 PM
#39 | ||||||
| Hello djtappin, It does look like one of those atapi.sys files has been patched. Let's see if we can replace it: Please download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop ---------------------------------------------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. ---------------------------------------------------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt Please post that here for further review.
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
02-Nov-2009, 07:00 PM
#40 | ||||||
| Hello, here is the log below. ComboFix 09-11-01.04 - Administrator 11/02/2009 17:41.6.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.365 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\ODCTOOLS . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 ))))))))))))))))))))))))))))))) . 2009-10-26 14:50 . 2009-10-26 14:50 4011 ----a-w- c:\windows\unins000.dat 2009-10-26 14:50 . 2009-10-26 14:49 667914 ----a-w- c:\windows\unins000.exe 2009-10-23 00:35 . 2009-10-23 00:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Flock 2009-10-23 00:35 . 2009-10-23 00:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Flock 2009-10-23 00:35 . 2009-11-02 21:31 -------- d-----w- c:\program files\Flock 2009-10-21 18:14 . 2009-10-21 18:14 -------- d-----w- c:\program files\Apple Software Update 2009-10-20 23:57 . 2009-10-21 00:10 -------- d-----w- c:\program files\Registry Easy 2009-10-20 19:25 . 2009-10-20 19:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics 2009-10-20 19:25 . 2009-10-20 19:25 -------- d-----w- c:\program files\Auslogics 2009-10-12 22:10 . 2009-10-30 03:28 -------- d-----w- c:\program files\The Logo Creator v5 2009-10-12 20:53 . 2009-10-12 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-12 20:53 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-12 20:53 . 2009-10-28 03:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-12 20:53 . 2009-10-12 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-12 20:53 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-12 06:07 . 2009-10-12 06:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2009-10-12 06:06 . 2009-11-02 17:12 -------- d-----w- C:\$AVG8.VAULT$ 2009-10-12 06:04 . 2009-10-12 06:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-12 06:04 . 2009-10-12 06:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-12 06:04 . 2009-10-12 06:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-12 06:04 . 2009-10-12 06:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-12 06:03 . 2009-11-02 14:45 -------- d-----w- c:\windows\system32\drivers\Avg 2009-10-12 06:03 . 2009-10-12 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-12 06:03 . 2009-10-12 06:03 -------- d-----w- c:\program files\AVG 2009-10-12 06:03 . 2009-10-12 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-12 05:57 . 2009-10-12 05:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8 2009-10-12 03:45 . 2009-10-12 03:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software 2009-10-11 19:53 . 2009-10-11 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Screaming Bee 2009-10-11 19:51 . 2009-10-11 19:51 -------- d-----w- c:\program files\Screaming Bee 2009-10-11 02:27 . 2009-10-11 04:31 -------- d-----w- c:\program files\IEHelper.dll Removal Tool 2009-10-09 19:14 . 2009-10-12 21:34 -------- d-----w- c:\program files\pahimw 2009-10-07 22:24 . 2009-10-07 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-10-07 22:23 . 2009-10-07 22:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-02 22:13 . 2009-04-03 21:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2009-11-02 15:18 . 2006-12-19 01:36 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-30 14:58 . 2009-08-09 02:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2009-10-30 14:58 . 2009-10-30 14:58 -------- d-----w- c:\program files\Common Files\Skype 2009-10-30 14:57 . 2009-04-03 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-10-28 22:10 . 2009-01-03 19:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-28 22:07 . 2009-08-04 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-10-28 01:28 . 2006-11-02 21:56 -------- d-----w- c:\program files\DGAGENT 2009-10-24 06:18 . 2006-10-18 14:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2009-10-23 04:01 . 2009-06-13 22:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-10-22 15:38 . 2006-12-19 01:43 69232 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-21 18:17 . 2009-02-22 19:04 -------- d-----w- c:\program files\QuickTime 2009-10-21 18:15 . 2007-09-28 01:27 -------- d-----w- c:\program files\Common Files\Apple 2009-10-20 04:36 . 2009-08-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-20 04:33 . 2009-08-11 22:44 -------- d-----w- c:\program files\Microsoft Works 2009-10-18 00:03 . 2009-08-11 22:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-10-12 05:52 . 2007-02-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-12 05:49 . 2007-02-05 20:23 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-12 05:49 . 2007-02-05 20:23 -------- d-----w- c:\program files\Symantec 2009-10-11 21:43 . 2009-08-05 13:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2009-09-21 19:18 . 2009-09-21 19:18 -------- d-----w- c:\program files\HSHSetup Utility 2009-09-21 19:08 . 2007-09-26 13:41 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-20 06:35 . 2009-09-20 06:11 -------- d-----w- c:\program files\DivX 2009-09-18 06:23 . 2009-09-18 06:21 -------- d-----w- c:\program files\iTunes 2009-09-18 06:23 . 2009-09-18 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-18 06:22 . 2009-09-18 06:22 -------- d-----w- c:\program files\iPod 2009-09-15 03:58 . 2006-09-18 16:52 -------- d-----w- c:\program files\Java 2009-09-15 03:52 . 2009-09-15 00:03 266 ----a-w- C:\CCAMigration.bat 2009-09-14 23:27 . 2009-09-14 23:27 -------- d-----w- c:\program files\PowerHost 2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 01:38 . 2009-09-09 01:38 -------- d-----w- c:\program files\Arise 2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-08-11 22:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2009-02-08 19:04 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-28 05:30 . 2009-08-28 05:31 724992 ----a-w- c:\windows\iun6002.exe 2009-08-27 21:11 . 2009-08-14 17:40 9264 ----a-w- c:\windows\system32\msqtvcap.dat 2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-09 02:00 . 2009-08-09 02:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-08-06 23:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-08-11 22:12 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2009-09-21 17:44 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2009-09-21 17:44 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 13:24 . 2009-08-05 13:23 18015723 ----a-w- C:\vlc-1.0.1-win32.exe 2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "EPHD User"="c:\program files\GuardianEdge Technologies\EP Hard Disk\User\LaunchEPHD.exe" [2006-08-02 73728] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-28 149280] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-18 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-12 06:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGAPIM on.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGBUSM on.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGFSMo n.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGRoot .sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGRule .sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGServ ice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Documents and Settings\\Administrator\\CCA8.0\\winvnc.exe"= "g:\\Phone\\Skype.exe"= "g:\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "g:\\Skype.exe"= R0 DGRoot;DGRoot;c:\windows\system32\drivers\DGRoot.sys [9/6/2006 9:48 PM 72960] R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [4/27/2005 12:46 PM 11456] R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [5/15/2006 5:15 PM 90016] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/12/2009 1:04 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/12/2009 1:04 AM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/12/2009 1:03 AM 297752] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/27/2009 11:47 PM 16400] R2 EphdXlatService;EphdXlatService;c:\program files\GuardianEdge Technologies\EP Hard Disk\User\DISrv.exe [8/2/2006 3:46 PM 192512] R2 MSSQL$VPINSTANCE;SQL Server (VPINSTANCE);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/14/2005 4:51 AM 28768528] R2 PCG Protect;PCG Protect;c:\program files\GuardianEdge Technologies\EP Hard Disk\User\PCGProt.exe [8/2/2006 3:47 PM 61440] S2 DGService;Usage History Monitor;c:\program files\DGAGENT\DGService.exe [9/6/2006 9:43 PM 65536] S3 DGAPIMon;DGAPIMon;c:\windows\system32\drivers\DGAPIMon.sys [9/6/2006 9:44 PM 69248] S3 DGBusMon;DGBusMon;c:\windows\system32\drivers\DGBUSMon.sys [9/6/2006 9:44 PM 22016] S3 DGFSMon;DGFSMon;c:\windows\system32\drivers\DGFSMon.sys [9/6/2006 9:44 PM 44800] S3 DGRule;DGRule;c:\windows\system32\drivers\DGRule.sys [9/6/2006 9:43 PM 63488] S3 DGTDIMon;DGTDIMon;c:\windows\system32\drivers\DGTDIMon.sys [9/6/2006 9:44 PM 106880] S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [3/13/2008 10:16 PM 27392] S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [3/13/2008 10:16 PM 41728] S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [3/13/2008 10:16 PM 39808] S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [3/13/2008 10:16 PM 5888] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\DRIVERS\pwi_bus.sys --> c:\windows\system32\DRIVERS\pwi_bus.sys [?] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\DRIVERS\pwi_mdfl.sys --> c:\windows\system32\DRIVERS\pwi_mdfl.sys [?] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\DRIVERS\pwi_mdm.sys --> c:\windows\system32\DRIVERS\pwi_mdm.sys [?] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\DRIVERS\pwi_oflt.sys --> c:\windows\system32\DRIVERS\pwi_oflt.sys [?] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\pwi_serd.sys --> c:\windows\system32\DRIVERS\pwi_serd.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 12:19 PM 23064] --- Other Services/Drivers In Memory --- *Deregistered* - ephdlink *Deregistered* - mbr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{a5ef4916-8984-11dd-95cc-0015c5ae1fba}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-11-02 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] 2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{A0D8ADA2-222F-44FA-A9F6-F1DF13D80536}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 22:36] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2312) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\Apntex.exe c:\program files\Apoint\HidFind.exe c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-11-02 17:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-02 22:56 Pre-Run: 10,079,780,864 bytes free Post-Run: 10,128,179,200 bytes free - - End Of File - - B8C008DC6839E1833E96AECCB1BB3DC0 |
02-Nov-2009, 07:44 PM
#41 | ||||||
| Looks ok, now let's just check to make sure. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
02-Nov-2009, 07:52 PM
#42 | ||||||
| Hello here is the requested log. SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 18:51 on 02/11/2009 by Administrator (Administrator - Elevation successful) ========== filefind ========== Searching for "atapi.sys" C:\i386\atapi.sys --a--c 95360 bytes [16:28 24/10/2006] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [00:10 25/04/2009] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 95360 bytes [04:09 23/04/2009] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\system32\dllcache\atapi.sys --a--- 95360 bytes [03:59 04/08/2004] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\system32\drivers\atapi.sys --a--- 95360 bytes [03:59 04/08/2004] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys --a--c 95360 bytes [16:41 18/09/2006] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51 -=End Of File=- |
02-Nov-2009, 08:00 PM
#43 | ||||||
| That looks good. Try your AVG scan now. After that come back and tell me the results. |
02-Nov-2009, 09:55 PM
#44 | ||||||
| Hello, I scanned the Windows folder only, and it found the infection and healed it or placed it in the virus vault. Please look and tell me what you think? "Scan ""Scan specific files or folders"" was finished." "Infections";"1";"1";"0" "Folders selected for scanning:";"C:\;C:\WINDOWS;G:\;" "Scan started:";"Monday, November 02, 2009, 7:23:26 PM" "Scan finished:";"Monday, November 02, 2009, 8:47:32 PM (1 hour(s) 24 minute(s) 6 second(s))" "Total object scanned:";"362791" "User who launched the scan:";"Administrator" "Infections" "File";"Infection";"Result" "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0080714.sys";"Trojan horse Rootkit-Pakes.U";"Moved to Virus Vault" |
02-Nov-2009, 10:07 PM
#45 | ||||||
| That is old infection in System Restore. It would not have harmed your computer unless you had carried out System Restore. I am intrigued though because that should have been removed when you ran combofix /u. I take it you did that? If you did, it must have come since, which makes me think we should run another scan to see if there is anything else regenerated. Let me know. 
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
|
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 03:53 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile