Results 1 to 2 of 2

Thread: Tracker cookiw won't go away

  1. 2012-02-08, 13:59 #1
    Ancyc1
    Ancyc1 is offline
    Junior Member
    Join Date
    Feb 2012
    Posts
    2

    Default Tracker cookiw won't go away

    I have tried to delete all the cookies from all by browsers, but on reboot the Symantec antivirus keeps telling me there is a tracker cookie (and removes it)... this has been going on for a few days.

    Thank you in advance.
    Andy

    Here are my logs

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by gcicogna at 13:17:34 on 2012-02-08
    Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3024.1113 [GMT 1:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\AirPrint\Airprint.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\Installer\MSIF8E7.tmp
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\FMAudit, LLC\FMAudit Agent\fmaagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.it/
    uInternet Settings,ProxyOverride = 1.0.7.*;5.139.99.*;192.168.1.*;127.0.0.*;172.16.11.*;169.254.1.*;*.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\gcicogna\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
    mRun: [IndexTray] "c:\program files\sharp\sharpdesk\IndexTray.exe"
    mRun: [Indexer] "c:\program files\sharp\sharpdesk\Indexer.exe"
    mRun: [TypeRegChecker] "c:\program files\sharp\sharpdesk\TypeRegChecker.exe"
    mRun: [SharpTray] "c:\program files\sharp\sharpdesk\SharpTray.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [B Register c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gestio~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: I&nvia a OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
    TCP: Interfaces\{0DE98743-8C29-4048-90A4-B2D3AD839057} : DhcpNameServer = 172.16.11.17 172.16.11.10
    TCP: Interfaces\{71B7BCDD-7154-4B65-BA3F-AD6C731358D8} : DhcpNameServer = 192.168.0.250
    TCP: Interfaces\{71B7BCDD-7154-4B65-BA3F-AD6C731358D8}\64143545755424D213D2338323239344648333543303 : DhcpNameServer = 62.101.93.101 83.103.25.250
    TCP: Interfaces\{71B7BCDD-7154-4B65-BA3F-AD6C731358D8}\8627563656074796F6E6 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{71B7BCDD-7154-4B65-BA3F-AD6C731358D8}\97F6E64616C656 : DhcpNameServer = 192.168.1.2
    TCP: Interfaces\{8F3A88DF-9453-48DB-8FD1-5DC60F8C7E1D} : NameServer = 83.224.70.93 83.224.66.134
    TCP: Interfaces\{B7CCB5CC-86A0-464D-B0DE-44F3CC707720} : NameServer = 172.16.11.10 172.16.11.17
    TCP: Interfaces\{B7CCB5CC-86A0-464D-B0DE-44F3CC707720} : DhcpNameServer = 172.16.11.17 172.16.11.10
    TCP: Interfaces\{EC6EB7C7-DE7A-4B5E-ACAF-34878DC3E084} : DhcpNameServer = 83.224.66.138 83.224.65.143
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\Airprint.exe -s [?]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
    R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2009-5-16 38688]
    R2 EMP_NSWLSV;EMP_NSWLSV;c:\program files\epson projector\emp ns connection v2\EMP_NSWLSV.exe [2010-2-2 98304]
    R2 FMAuditAgent;FMAudit Agent;c:\program files\fmaudit, llc\fmaudit agent\fmaagent.exe [2009-5-5 340992]
    R2 FwcAgent;Agente client firewall;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-2 1373576]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
    R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\installer\MSIF8E7.tmp [2010-3-30 189760]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-19 3027840]
    R2 WMCoreService;Mobile Broadband Core Service;c:\program files\dell\dell wwan\wmcore\mini_WMCore.exe [2009-9-24 430080]
    R3 acpials;Filtro sensore luce ambientale;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
    R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [2010-1-19 82984]
    R3 d557bus;Dell Wireless 5540 HSPA Mini-Card Device (Win7);c:\windows\system32\drivers\d557bus.sys [2010-2-19 285056]
    R3 d557mdfl;Dell Wireless 5540 HSPA Mini-Card Modem Filter (Win7);c:\windows\system32\drivers\d557mdfl.sys [2009-6-29 14848]
    R3 d557mdm;Dell Wireless 5540 HSPA Mini-Card Modem (Win7);c:\windows\system32\drivers\d557mdm.sys [2010-2-19 374016]
    R3 d557mgmt;Dell Wireless 5540 HSPA Mini-Card Device Management (Win7);c:\windows\system32\drivers\d557mgmt.sys [2010-2-19 357248]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-6-13 221912]
    R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\drivers\wwanuss.sys [2010-2-19 10240]
    R3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\drivers\wwanussf.sys [2010-2-19 14848]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-23 122368]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-8 40776]
    R3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link per Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-6-3 144672]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277440]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\drivers\WwanUsbMp.sys [2010-2-19 216616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-22 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-23 29472]
    S3 EP_NSDG;EP_NSDG;c:\windows\system32\drivers\EP_NSDG.sys [2010-1-29 3600]
    S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2008-9-5 59648]
    S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2008-9-8 105984]
    S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2008-9-8 18816]
    S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2008-7-17 8064]
    S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-22 135664]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 OA001Srv;Creative OA001 RunApp Service;c:\windows\system32\OA001Srv.exe [2008-8-20 24576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-12-4 131888]
    S3 StorSvc;Servizio di archiviazione;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-11-30 25088]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-12 52224]
    S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-26 1343400]
    S3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
    .
    =============== Created Last 30 ================
    .
    2012-02-08 11:09:39 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-08 10:29:04 -------- d-----w- C:\FyK
    2012-02-08 10:24:47 -------- d-----w- c:\users\gcicogna\appdata\roaming\Malwarebytes
    2012-02-08 10:24:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-08 10:24:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-08 10:24:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-07 17:06:11 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-02-06 17:03:02 -------- d-----w- c:\program files\AZPR
    2012-02-05 13:37:46 -------- d-----w- c:\program files\Microsoft Money Plus
    2012-01-31 10:36:05 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-31 10:36:05 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-31 10:36:05 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-31 10:36:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-31 10:36:04 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-31 10:36:04 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-31 10:36:04 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-31 10:36:04 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-31 10:36:04 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-31 10:36:04 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-30 20:01:28 -------- d-----w- c:\program files\SpeedFan
    2012-01-26 14:43:14 -------- d-----w- c:\program files\iPod
    2012-01-26 14:43:13 -------- d-----w- c:\program files\iTunes
    2012-01-11 13:56:22 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 13:56:21 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 13:56:19 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 13:56:19 1328128 ----a-w- c:\windows\system32\quartz.dll
    .
    ==================== Find3M ====================
    .
    2011-11-28 08:07:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: SAMSUNG_ rev.VBM2 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x82E00000]<< >>UNKNOWN [0x8BCB3000]<< >>UNKNOWN [0x8BCA2000]<< >>UNKNOWN [0x8B61D000]<< >>UNKNOWN [0x842A9000]<< >>UNKNOWN [0x83212000]<< >>UNKNOWN [0x85B10938]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x82E3752A] -> \Device\Harddisk0\DR0[0x86B27948]
    \Driver\Disk[0x86B264F8] -> IRP_MJ_CREATE -> 0x8BCB739F
    3 [0x8BCB759E] -> ntkrnlpa!IofCallDriver[0x82E3752A] -> \Device\Ide\IAAStorageDevice-1[0x86111028]
    \Driver\iaStor[0x86090BD0] -> IRP_MJ_CREATE -> 0x8B667390
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user & kernel MBR OK
    copy of MBR has been found in sector 19 !
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 13:18:06,91 ===============
  2. 2012-02-15, 17:06 #2
    Ancyc1
    Ancyc1 is offline
    Junior Member
    Join Date
    Feb 2012
    Posts
    2

    Default

    Please, anyone ?


    Edit
    Ancyc1, FYI for the next time if you start another topic: The Waiting Room: Post here if waiting for help four days
    Last edited by tashi; 2012-03-26 at 20:48. Reason: Added info
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules