Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rootkits and whatnot

Started by metaslob , Aug 28 2006 11:47 PM

  • Please log in to reply

#1
metaslob
Posted 28 August 2006 - 11:47 PM

metaslob

    Member

  • Member
  • PipPip
  • 55 posts
so, it seems I suddenly couldn't run my weekly trend micro scan, because my computer could not connect - or something. I downloaded spybot, and these files kept coming up and wouldn't be removed
Spybot result.

Then I used AVG (free Edition), but it's not showing anything.

I download Spy Sweeper (as instructed before) and this is the result from the sweep:

07:43: Removal process completed. Elapsed time 00:01:42
07:43: A reboot was required but declined.
07:43: Quarantining All Traces: toplist cookie
07:43: Quarantining All Traces: 2o7.net cookie
07:43: Quarantining All Traces: ccbill cookie
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=hamburger%20lady&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=death%20threats&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=sun%20ra&track=adventure-equation&album=cosmic%20tones%20for%20mental%20therapy%2fart%20forms%20of%20dimensions%20tomorrow is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=venetian%20snares&track=winnie%20the%20dog%20pooh%20%28not%20half%20remix%29&album=winnipeg%20is%20a%20frozen%20shithole is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=coil&track=black%20antlers%20%28where%27s%20your%20child-%29%20%28vers%201%29%20%28bam%20bam%29&album=black%20antlers is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=acid%20mothers%20temple%20%26%20the%20melting%20paraiso%20u.f.o.&track=l%27%20ambition%20dans%20le%20miroir&album=mantra%20of%20love is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=blood%20on%20the%20floor&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=ulver&track=plates%2021-22&album=themes%20from%20william%20blake%27s%20the%20marriage%20of%20heaven%20and%20hell%20%28cd%202%29 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=muslimgauze&track=jaccouzzi%20of%20tears%20%28part%202%29&album=box%20of%20silk%20and%20dogs%20%28disc%209%3a%20hafaz%20al%20assad%29 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=current%2093&track=a%20song%20for%20douglas%20after%20he%27s%20dead%20%28rebirth%29&album=the%20thunder%3a%20perfect%20mind is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=walls%20of%20sound&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=sun%20ra&track=the%20outer%20heavens&album=cosmic%20tones%20for%20mental%20therapy%2fart%20forms%20of%20dimensions%20tomorrow is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=einst%c3%bcrzende%20neubauten&track=keine%20schoenheit%20ohne%20gefahr&album=musterhaus%20%234%3a%20redux%20orchestra%20vs.%20einst%c3%bcrzende%20neubauten is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=cliff%20martinez&track=we%20don%27t%20have%20to%20think%20like%20that%20anymore&album=solaris%20%28original%20soundtrack%29 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=venetian%20snares&track=cruel%20whole%20%28abelcain%20remix%29&album=printf%3c%22shiver%20in%20eternal%20darkness%2fn%22%3e%3b is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=65daysofstatic&track=install%20a%20beak%20in%20the%20heart%20that%20clucks%20time%20in%20arabic&album=the%20fall%20of%20math is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=a%20silver%20mt.%20zion&track=take%20these%20hands%20and%20throw%20them%20in%20the%20river&album=live%20at%20la%20sala%20rossa is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=a%20silver%20mt.%20zion&track=ring%20them%20bells%20%28freedom%20has%20come%20and%20gone%29&album=live%20at%20la%20sala%20rossa is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=black%20sabbath&track=wicked%20world&album=black%20box%3a%20the%20complete%20original%20black%20sabbath%20%281970-1978%29%20%28disc%201%3a%20black%20sabbath%29 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=gabriel%20faur%c3%a9&track=agnus%20dei&album=requiem%20%26%20cantique%20de%20jean%20racine%20-%20cambridge%20singers%20city%20of%20london%20sinfonia%20john%20rutter is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=%e5%a4%a7%e5%8f%8b%e8%89%af%e8%8b%b1&track=misty&album=guitar%20solo%2012th%20octorber%202004%20%40%20shinjuku%20pit%20inn%2c%20tokyo%20%2b%201 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=%e5%a4%a7%e5%8f%8b%e8%89%af%e8%8b%b1&track=rig&album=guitar%20solo%2012th%20octorber%202004%20%40%20shinjuku%20pit%20inn%2c%20tokyo%20%2b%201 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=ordo%20rosarius%20equilibrio&track=beloved%20kitty%20and%20the%20piercing%20bolts%20of%20amor&album=make%20love%2c%20and%20war%3a%20the%20wedlock%20of%20roses is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=the%20hafler%20trio&track=the%20last%20extant%20recording%20from%20%27the%20guard%20bridge%27%20--%20403.34&album=walk%20gently%20through%20the%20gates%20of%20joy is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=a%20silver%20mt.%20zion&track=sisters%21%20brothers%21%20small%20boats%20of%20fire%20are%20falling%20from%20the%20sky%21&album=born%20into%20trouble%20as%20the%20sparks%20fly%20upward is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=venetian%20snares&track=winnipeg%20is%20a%20boiling%20pot%20of%20cranberries%20%28fanny%20remix%29&album=winnipeg%20is%20a%20frozen%20shithole is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=jethro%20tull&track=scenario&album=nightcap%3a%20the%20unreleased%20masters%201973-1991%20%28disc%201%3a%20the%20chateau%20d%27isaster%20tapes%29 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=godspeed%20you%21%20black%20emperor&track=static&album=lift%20yr.%20skinny%20fists%20like%20antennas%20to%20heaven%21%20%28disc%201%29 is in use. It will be removed on reboot.
07:43: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=acid%20mothers%20temple%20%26%20the%20melting%20paraiso%20u.f.o.&track=creation%20of%20the%20human%20race&album=41st%20century%20splendid%20man is in use. It will be removed on reboot.
07:43: potentially rootkit-masked files is in use. It will be removed on reboot.
07:41: Quarantining All Traces: potentially rootkit-masked files
07:41: Removal process initiated
07:35: Traces Found: 32
07:35: Full Sweep has completed. Elapsed time 00:08:05
07:35: File Sweep Complete, Elapsed Time: 00:06:53
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=hamburger%20lady&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=death%20threats&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=sun%20ra&track=adventure-equation&album=cosmic%20tones%20for%20mental%20therapy%2fart%20forms%20of%20dimensions%20tomorrow (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=venetian%20snares&track=winnie%20the%20dog%20pooh%20%28not%20half%20remix%29&album=winnipeg%20is%20a%20frozen%20shithole (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=coil&track=black%20antlers%20%28where%27s%20your%20child-%29%20%28vers%201%29%20%28bam%20bam%29&album=black%20antlers (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=acid%20mothers%20temple%20%26%20the%20melting%20paraiso%20u.f.o.&track=l%27%20ambition%20dans%20le%20miroir&album=mantra%20of%20love (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=blood%20on%20the%20floor&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=ulver&track=plates%2021-22&album=themes%20from%20william%20blake%27s%20the%20marriage%20of%20heaven%20and%20hell%20%28cd%202%29 (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=muslimgauze&track=jaccouzzi%20of%20tears%20%28part%202%29&album=box%20of%20silk%20and%20dogs%20%28disc%209%3a%20hafaz%20al%20assad%29 (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=current%2093&track=a%20song%20for%20douglas%20after%20he%27s%20dead%20%28rebirth%29&album=the%20thunder%3a%20perfect%20mind (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=throbbing%20gristle&track=walls%20of%20sound&album=d.o.a.%3a%20the%20third%20and%20final%20report%20of%20throbbing%20gristle (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=sun%20ra&track=the%20outer%20heavens&album=cosmic%20tones%20for%20mental%20therapy%2fart%20forms%20of%20dimensions%20tomorrow (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=einst%c3%bcrzende%20neubauten&track=keine%20schoenheit%20ohne%20gefahr&album=musterhaus%20%234%3a%20redux%20orchestra%20vs.%20einst%c3%bcrzende%20neubauten (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=cliff%20martinez&track=we%20don%27t%20have%20to%20think%20like%20that%20anymore&album=solaris%20%28original%20soundtrack%29 (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=venetian%20snares&track=cruel%20whole%20%28abelcain%20remix%29&album=printf%3c%22shiver%20in%20eternal%20darkness%2fn%22%3e%3b (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=65daysofstatic&track=install%20a%20beak%20in%20the%20heart%20that%20clucks%20time%20in%20arabic&album=the%20fall%20of%20math (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=a%20silver%20mt.%20zion&track=take%20these%20hands%20and%20throw%20them%20in%20the%20river&album=live%20at%20la%20sala%20rossa (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=a%20silver%20mt.%20zion&track=ring%20them%20bells%20%28freedom%20has%20come%20and%20gone%29&album=live%20at%20la%20sala%20rossa (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=black%20sabbath&track=wicked%20world&album=black%20box%3a%20the%20complete%20original%20black%20sabbath%20%281970-1978%29%20%28disc%201%3a%20black%20sabbath%29 (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=gabriel%20faur%c3%a9&track=agnus%20dei&album=requiem%20%26%20cantique%20de%20jean%20racine%20-%20cambridge%20singers%20city%20of%20london%20sinfonia%20john%20rutter (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=%e5%a4%a7%e5%8f%8b%e8%89%af%e8%8b%b1&track=misty&album=guitar%20solo%2012th%20octorber%202004%20%40%20shinjuku%20pit%20inn%2c%20tokyo%20%2b%201 (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=%e5%a4%a7%e5%8f%8b%e8%89%af%e8%8b%b1&track=rig&album=guitar%20solo%2012th%20octorber%202004%20%40%20shinjuku%20pit%20inn%2c%20tokyo%20%2b%201 (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=ordo%20rosarius%20equilibrio&track=beloved%20kitty%20and%20the%20piercing%20bolts%20of%20amor&album=make%20love%2c%20and%20war%3a%20the%20wedlock%20of%20roses (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=the%20hafler%20trio&track=the%20last%20extant%20recording%20from%20%27the%20guard%20bridge%27%20--%20403.34&album=walk%20gently%20through%20the%20gates%20of%20joy (ID = 0)
07:35: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=a%20silver%20mt.%20zion&track=sisters%21%20brothers%21%20small%20boats%20of%20fire%20are%20falling%20from%20the%20sky%21&album=born%20into%20trouble%20as%20the%20sparks%20fly%20upward (ID = 0)
07:34: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=venetian%20snares&track=winnipeg%20is%20a%20boiling%20pot%20of%20cranberries%20%28fanny%20remix%29&album=winnipeg%20is%20a%20frozen%20shithole (ID = 0)
07:34: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=jethro%20tull&track=scenario&album=nightcap%3a%20the%20unreleased%20masters%201973-1991%20%28disc%201%3a%20the%20chateau%20d%27isaster%20tapes%29 (ID = 0)
07:34: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=godspeed%20you%21%20black%20emperor&track=static&album=lift%20yr.%20skinny%20fists%20like%20antennas%20to%20heaven%21%20%28disc%201%29 (ID = 0)
07:34: c:\documents and settings\andreas mostervik\lokale innstillinger\programdata\last.fm\client\cache\ws.audioscrobbler.com_ass_metadata.php_artist=acid%20mothers%20temple%20%26%20the%20melting%20paraiso%20u.f.o.&track=creation%20of%20the%20human%20race&album=41st%20century%20splendid%20man (ID = 0)
07:34: Found System Monitor: potentially rootkit-masked files
07:34: Warning: Failed to access drive I:
07:34: Warning: Failed to access drive H:
07:34: Warning: Failed to access drive G:
07:34: Warning: Failed to access drive F:
07:34: Warning: Failed to access drive D:
07:34: Warning: Failed to open file "c:\documents and settings\andreas mostervik\programdata\mozilla\firefox\profiles\7zr9iwch.default\parent.lock". Operasjonen er utført
07:28: Starting File Sweep
07:28: Cookie Sweep Complete, Elapsed Time: 00:00:00
07:28: c:\documents and settings\andreas mostervik\cookies\andreas mostervik@toplist[1].txt (ID = 3557)
07:28: Found Spy Cookie: toplist cookie
07:28: c:\documents and settings\andreas mostervik\cookies\andreas [email protected][1].txt (ID = 1958)
07:28: Found Spy Cookie: 2o7.net cookie
07:28: c:\documents and settings\andreas mostervik\cookies\andreas mostervik@ccbill[1].txt (ID = 2369)
07:28: Found Spy Cookie: ccbill cookie
07:28: Starting Cookie Sweep
07:28: Registry Sweep Complete, Elapsed Time:00:00:06
07:28: Starting Registry Sweep
07:28: Memory Sweep Complete, Elapsed Time: 00:01:05
07:27: Starting Memory Sweep
07:27: Sweep initiated using definitions version 750
07:27: Spy Sweeper 5.0.5.1286 started
07:27: | Start of Session, 29. august 2006 |
********
07:27: | End of Session, 29. august 2006 |
07:26: Your spyware definitions have been updated.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
07:22: Shield States
07:22: Spyware Definitions: 691
07:22: Spy Sweeper 5.0.5.1286 started
07:22: Spy Sweeper 5.0.5.1286 started
07:22: | Start of Session, 29. august 2006 |
********

This the the hijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 07:46:09, on 29.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\MSI\Live Update 3\LMonitor.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\MSI\DigiCell\DigiCell.exe
C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe
C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Andreas Mostervik\Mine dokumenter\filer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LiveMonitor] "C:\Programfiler\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Programfiler\MSI\DigiCell\DigiCell.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

Advertisements

#2
Metallica
Posted 26 September 2006 - 08:12 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
SpySweeper seems to have a problem with your internet radiostation.
Maybe the same applies to Trend.

Did you check if Trends definitions were still up-to-date.
Have you tried scanning in safe mode?

I assume you installed AVG after the problems with trend started.
And is that working properly?

Regards,
  • 0

#3
metaslob
Posted 26 September 2006 - 08:39 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
hm. the problem with trend extends to the other computer with internet connection in the house as well, a laptop, meaning it does the same thing there, disconnects and shut down the browser after a few min.

I installed AVG first thing when I got the computer, Trend worked fine up until 29th of August.

AVG works fine, although it has yet to dected anything, whatever that may mean.

Haven't tried to safe mode scan yet.
  • 0

#4
Metallica
Posted 26 September 2006 - 09:04 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
There's no problem in checking for rootkits.

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Did I understand correctly that you were referring to the online scanner by Trend that is giving you problems?
In that case try this one as well: http://www.kaspersky.com/virusscanner

Regards,
  • 0

#5
metaslob
Posted 26 September 2006 - 12:19 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
blacklight:
09/26/06 20:18:12 [Info]: BlackLight Engine 1.0.46 initialized
09/26/06 20:18:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/26/06 20:18:12 [Note]: 7019 4
09/26/06 20:18:12 [Note]: 7005 0
09/26/06 20:18:14 [Note]: 7006 0
09/26/06 20:18:14 [Note]: 7011 1540
09/26/06 20:18:14 [Note]: 7026 0
09/26/06 20:18:14 [Note]: 7026 0
09/26/06 20:18:15 [Note]: FSRAW library version 1.7.1019
09/26/06 20:19:02 [Note]: 2000 1006
09/26/06 20:19:02 [Note]: 2000 1006
09/26/06 20:19:05 [Note]: 7007 0

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 26, 2006 8:17:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/09/2006
Kaspersky Anti-Virus database records: 226591
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 70639
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:35:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Programdata\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Logg\History.IE5\MSHist012006092620060927\index.dat Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm\Client\container.log Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm\Client\httpinput.log Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm\Client\metadata.log Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm\Client\playback.log Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm\Client\transcode.log Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm\Client\webservice.log Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Temp\~DFC9CB.tmp Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Programdata\Mozilla\Firefox\Profiles\7zr9iwch.default\cert8.db Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Programdata\Mozilla\Firefox\Profiles\7zr9iwch.default\history.dat Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Programdata\Mozilla\Firefox\Profiles\7zr9iwch.default\key3.db Object is locked skipped
C:\Documents and Settings\Andreas Mostervik\Programdata\Mozilla\Firefox\Profiles\7zr9iwch.default\parent.lock Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5A9BADE4-801E-4F33-A3AF-8970215FD13D}\RP97\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#6
Metallica
Posted 26 September 2006 - 01:19 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Your Rootkit scan came up clean. :whistling:

But I don't like the behaviour this folder is displaying.
C:\Documents and Settings\Andreas Mostervik\Lokale innstillinger\Programdata\Last.fm
Call me over-sensitive but my gut feeling says to get rid of it.
It shows up in all your scans as untouchable, where it has no right to be.

Can you try if you can either empty or delete that folder completely?
It may be necessary for the proper function of the program, so emptying it would be my first try, unless you plan to ditch it anyway.

Regards,
  • 0

#7
metaslob
Posted 26 September 2006 - 02:08 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
it's a plugin for winamp, iTunes and media player to this site: www.last.fm . It collects data from whatever I'm playing and adds it up on a site, but, since that appears to be the point where Trend Micros online scan crashes I think I might agree on removing it.
  • 0

#8
Metallica
Posted 27 September 2006 - 12:33 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
It could be just one file stuck in that folder, so it may not be necessary to uninstall the software.

Let me know. It may come up more often.

Regards,
  • 0

#9
metaslob
Posted 07 October 2006 - 07:04 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Uninstalled the files, and deleted the folder. Did a Trend Mirco search (it worked, although it said it couldn't connect some files :whistling: ) all it found were some HTML trackers.

Tried to reinstall the plugin and see if the same thing happens now, and it does... Should I just stay clear of this and not have this on my computer or?
  • 0

#10
Metallica
Posted 08 October 2006 - 03:41 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
If it's only Spybot that has a problem with the files, you will have to choose between the two programs.

I will bring the matter to the attention of Team Spybot.
Check back here in case they need you to do some tests.
It may help them improve their product.

Regards,
  • 0

Advertisements

#11
metaslob
Posted 08 October 2006 - 05:50 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
It's not only spybot, as I've said before the Only scan at Trend Mirco closes down when I have this folder installed on my machine. But sure, I'll keep an eye on this thread.
  • 0

#12
Metallica
Posted 08 October 2006 - 06:08 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I can contact Trend, but I don't have the kind of contacts there that might make a difference. :whistling:
If Team Spybot can pinpoint the problem, I'm sure the solution will work for Trend as well.

Regards,
  • 0

#13
metaslob
Posted 08 October 2006 - 08:05 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
just a little update as I'm neurotic when it comes to these things.

Started the computer in safe mode, tried to do a AVG scan, but got an "MBR reading error". Trend Micros online scan closes down even in safe mode and all Spybot found was a webtrend cookie!

Edited by metaslob, 10 October 2006 - 10:51 AM.

  • 0

#14
Metallica
Posted 12 October 2006 - 12:43 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi metaslob,

Team Spybot ran some tests and asked for extra information.

Can you please run a GMER Rootkit scan:

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

If you're having problems with running GMER.exe, try when you get to the Rootkit tab unchecking "Devices" from the list on the right.

Regards,
  • 0

#15
metaslob
Posted 14 October 2006 - 10:39 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-14 18:39:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86543D10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86246588
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F2EA485A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F2EA485A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 862E08E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862E08E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8632AC48
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8619A2D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F2EA485A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F2EA485A] avgtdi.sys
Device \Driver\nvata \Device\0000006a IRP_MJ_CREATE 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_CREATE_NAMED_PIPE 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_CLOSE 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_READ 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_WRITE 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_QUERY_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SET_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_QUERY_EA 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SET_EA 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_FLUSH_BUFFERS 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_QUERY_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SET_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_DIRECTORY_CONTROL 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_FILE_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_INTERNAL_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SHUTDOWN 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_LOCK_CONTROL 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_CLEANUP 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_CREATE_MAILSLOT 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_QUERY_SECURITY 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SET_SECURITY 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_POWER 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_DEVICE_CHANGE 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_QUERY_QUOTA 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_SET_QUOTA 86117A08
Device \Driver\nvata \Device\0000006a IRP_MJ_PNP 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_CREATE 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_CREATE_NAMED_PIPE 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_CLOSE 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_READ 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_WRITE 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_EA 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_EA 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_FLUSH_BUFFERS 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_DIRECTORY_CONTROL 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_FILE_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_INTERNAL_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SHUTDOWN 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_LOCK_CONTROL 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_CLEANUP 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_CREATE_MAILSLOT 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_SECURITY 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_SECURITY 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_POWER 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_DEVICE_CHANGE 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_QUOTA 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_QUOTA 86117A08
Device \Driver\nvata \Device\0000006c IRP_MJ_PNP 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 86117A08
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 86117A08
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8632CAB8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F2EA485A] avgtdi.sys
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 86117A08
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 86117A08
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8632CAB8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 86117A08
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 86117A08
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8632D2F8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8632CCE8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86246588
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 85CCF680
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 85CCF680
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 85CCF680
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 85CCF680
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 85CCF680
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 863025F0

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP