Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Very puzzling - am I infected or not??? Rootkit?

  1. 2006-11-17, 20:28 #1
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default Very puzzling - am I infected or not??? Rootkit?

    Environment: I am running Windows XP Media edition with Norton (ugh) Anti-virus/systemworks. I also run Windows Defender and periodically scan with Ad Aware and Spybot, and have Spybot's Teatime running.

    Symptoms/Action taken: Every 24 hours or so I get a message that process csrss.exe has crashed as memory "could not be read". And the computer just seems "off". For example, if I perform an online virus scan with Trend Micro, the scan indicates infection with ADWARE_BHO_MYWAY and then the browser closes. Norton Anti Virus, windows defender, Spybot (in safe mode), and Ad Aware find nothing wrong. Windows Malicious Software tool said a file was infected with "BACKDOOR: WIN32/HACKDEF.L" and I deleted that file. When I re-ran the tool, it said my computer was fine. I also ran SYSCLEAN from Trend Micro in safe mode and it found no infections. And I performed an online scan with Bit Defender and it said no problems, but when I tried an online scan with eTrust, it didn't seem to be scanning.

    So I think either I have something very sneaky (like a rootkit?) or else my computer is fine -- but then why the strange errors with csrss.exe? And why the strange behavior from the trend micro online scanner that used to work fine? And what about that BHO MYWAY adware warning?

    Here's my Hijack this log:
    Logfile of HijackThis v1.99.1
    Scan saved at 5:58:59 AM, on 11/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Rob\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6400 on downstairs] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P38 "Auto EPSON Stylus CX6400 on downstairs" /O18 "\\DOWNSTAIRS\epson" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127790397751
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127970221515
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    Here's the log from Rootkit revealer:
    HKLM\SECURITY\Policy\Secrets\SAC* 8/19/2004 8:25 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 8/19/2004 8:25 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\webcal\URL Protocol 8/29/2005 3:35 PM 13 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 9/17/2006 3:27 PM 0 bytes Access is denied.


    Appreciate any help!!!!!!!!!
  2. 2006-11-18, 09:44 #2
    Mr_JAk3
    Mr_JAk3 is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi goldengate and welcome to Safer Networking Forums

    Do you remember the name/path of the file that Windows Malicious Software tool removed ?

    I can't see anything bad in your HijackThis log...

    Please run a GMER Rootkit scan:

    Download GMER's application from here:
    http://www.gmer.net/gmer.zip

    Unzip it and start the GMER.exe
    Click the Rootkit tab and click the Scan button.

    Once done, click the Copy button.
    This will copy the results to your clipboard.
    Paste the results in your next reply.

    Warning ! Please, do not select the "Show all" checkbox during the scan.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006
  3. 2006-11-18, 17:36 #3
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default

    Hi there, Thank you so much for your help.... !

    The file that the malicious software removal tool said was infected was:

    c:/program files/adobe/adobe help center/browser/es262-32.dll

    I deleted it and my adobe programs still seem to work. It's still in my recycle bin just in case I need it - could it do harm there? I found the following web page which makes me wonder if I should have deleted it:

    http://www.fbmsoftware.com/spyware-n...2-32_dll/2664/

    When I try to cut and paste the GMER log to this message, I get a warning that says "The text you have entered is too long (57761 characters)...please shorten to 20000 characters" so I'll have to see how I can cut and paste it... perhaps in two posts.... (and I didn't check that show all box)....

    GMER 1.0.12.11889 - http://www.gmer.net
    Rootkit scan 2006-11-18 08:33:14
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.12 ----

    SSDT 82282790 ZwConnectPort
    SSDT sptd.sys ZwCreateKey
    SSDT sptd.sys ZwEnumerateKey
    SSDT sptd.sys ZwEnumerateValueKey
    SSDT sptd.sys ZwOpenKey
    SSDT 82230128 ZwOpenProcess
    SSDT 81DC9B98 ZwOpenThread
    SSDT sptd.sys ZwQueryKey
    SSDT sptd.sys ZwQueryValueKey
    SSDT sptd.sys ZwSetValueKey

    ---- User code sections - GMER 1.0.12 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[640] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

    ---- Devices - GMER 1.0.12 ----

    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 825D6C78
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 825D6C78
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82589590
  4. 2006-11-18, 17:40 #4
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default

    here's part 2:

    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82589590
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82589590
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 825897C8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82424A38
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82424A38
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 825897C8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8222A350
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8222A350
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 825897C8
  5. 2006-11-18, 17:41 #5
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default

    here's part 3 (I am guessing I am doing something wrong here)

    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 825897C8
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 821B8EB0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 821B8EB0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 821B8EB0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 821B8EB0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 821B8EB0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 821B8EB0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 821B8EB0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 821B8EB0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 821B8EB0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 821B8EB0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 821B8EB0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 821B8EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 825D6EB0
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 825D6EB0
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 825D6EB0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7838E6D0-46FA-4233-A7BC-6E660DB1CEF4} IRP_MJ_CREATE 821B8EB0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7838E6D0-46FA-4233-A7BC-6E660DB1CEF4} IRP_MJ_CLOSE 821B8EB0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7838E6D0-46FA-4233-A7BC-6E660DB1CEF4} IRP_MJ_DEVICE_CONTROL 821B8EB0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7838E6D0-46FA-4233-A7BC-6E660DB1CEF4} IRP_MJ_INTERNAL_DEVICE_CONTROL 821B8EB0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7838E6D0-46FA-4233-A7BC-6E660DB1CEF4} IRP_MJ_CLEANUP 821B8EB0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7838E6D0-46FA-4233-A7BC-6E660DB1CEF4} IRP_MJ_PNP 821B8EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82373958
  6. 2006-11-18, 17:43 #6
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default

    part 4:

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82373958
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82373958
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 82212EB0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 82212EB0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 825897C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 825897C8
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 8221BA98
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 8221BA98
    Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_READ 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 821AF730
    Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 821AF730
    Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible F7D131F9
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [ECCB8912] DLAIFS_M.SYS
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8243EAA8
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8243EAA8

    ---- Files - GMER 1.0.12 ----

    ADS C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563
    ADS C:\Documents and Settings\Rob\Favorites\BEFORE you POST -Preliminary Steps and scanning with SPYBOT-S&D - Safer Networking Forums.url:favicon
    ADS C:\Documents and Settings\Rob\Favorites\Links\Fidelity.url:favicon
    ADS C:\Documents and Settings\Rob\Favorites\Links\Microsoft Update.url:favicon
    ADS C:\Documents and Settings\Rob\Favorites\Links\MRQE.url:favicon
    ADS C:\Documents and Settings\Rob\Favorites\Links\SfGate.url:favicon
    ADS C:\Documents and Settings\Rob\Favorites\SWI Forums winlogon.exe - application error!!!.url:favicon
    ADS C:\Documents and Settings\Rob\Favorites\Very puzzling - am I infected or not Rootkit - Safer Networking Forums.url:favicon

    ---- EOF - GMER 1.0.12 ----
  7. 2006-11-18, 20:23 #7
    Mr_JAk3
    Mr_JAk3 is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, you posted the right log

    That WIN32/HACKDEF.L (es262-32.dll) is a false positive from Microsoft. You can restore the file to it's original location

    You have Dell's MyWay installed. Are you using this ? If you do not use this, I'll recommend that you remove it. Removal instructions here.

    The I recommend that run a scan with AVG Anti-Spyware:

    You should print these instructions or save these to a text file. Follow these instructions carefully.

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Download ATF Cleaner by Atribune to your desktop.
    Do NOT run yet.

    Restart your computer to the safe mode:
    • Restart your computer
    • Start tapping the F8 key when the computer restarts.
    • When the start menu opens, choose Safe mode
    • Press Enter. The computer then begins to start in Safe mode.


    Run ATF Cleaner
    • Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    ================

    When you're ready, please post the following logs to here:
    - AVG's report
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006
  8. 2006-11-19, 08:53 #8
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Smile

    Yes, I do believe I was infected! Can you tell me why Spybot, Windows Defender, Ad Aware and Norton did not find this infection? Very strange....

    Here's the log:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:13:35 PM 11/18/2006

    + Scan result:



    C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
    C:\Program Files\BlindWrite 5.2.9 + Copytodvd 3.0.41 + Dvd Shrink 2.3 + DivxToDvd + PhotoDVD 1.0.1, Multilangues et cracks.rar/BlindWrite 5.2.9 + Copytodvd 3.0.41 + Dvd Shrink 2.3 + DivxToDvd + PhotoDVD 1.0.1\Photodvd 0.9.7 Fr\Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    :mozilla.11:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\RECYCLER\NPROTECT\00001573.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.21:C:\RECYCLER\NPROTECT\00001344.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.21:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.21:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.21:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.2o7 : Cleaned.
    :mozilla.122:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.122:C:\RECYCLER\NPROTECT\00006915.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.123:C:\RECYCLER\NPROTECT\00004031.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.123:C:\RECYCLER\NPROTECT\00004034.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.123:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.123:C:\RECYCLER\NPROTECT\00004039.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.123:C:\RECYCLER\NPROTECT\00006915.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.124:C:\RECYCLER\NPROTECT\00004031.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.124:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.124:C:\RECYCLER\NPROTECT\00004039.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.124:C:\RECYCLER\NPROTECT\00004793.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.124:C:\RECYCLER\NPROTECT\00004794.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004031.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004039.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004793.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004794.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004795.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004796.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004807.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004811.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00004813.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00005043.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\RECYCLER\NPROTECT\00006914.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004793.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004794.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004795.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004796.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004807.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004811.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00004813.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00005043.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\RECYCLER\NPROTECT\00006914.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00004795.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00004796.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00004807.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00004811.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00004813.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00005043.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\RECYCLER\NPROTECT\00006914.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.16:C:\RECYCLER\NPROTECT\00006916.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.16:C:\RECYCLER\NPROTECT\00006917.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.17:C:\RECYCLER\NPROTECT\00006916.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.17:C:\RECYCLER\NPROTECT\00006917.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.18:C:\RECYCLER\NPROTECT\00006916.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.18:C:\RECYCLER\NPROTECT\00006917.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.34:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.35:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.37:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.37:C:\RECYCLER\NPROTECT\00001365.MOZ -> :mozilla.65:C:\RECYCLER\NPROTECT\00004811.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.65:C:\RECYCLER\NPROTECT\00004813.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.65:C:\RECYCLER\NPROTECT\00005043.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.65:C:\RECYCLER\NPROTECT\00006914.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.67:C:\RECYCLER\NPROTECT\00001344.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.67:C:\RECYCLER\NPROTECT\00006916.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.67:C:\RECYCLER\NPROTECT\00006917.MOZ -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.27:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.28:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.28:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.28:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.28:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.28:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.28:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.29:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.29:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.29:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.29:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.29:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.29:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001359.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.30:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.32:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.32:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.32:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.32:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.33:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.33:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.33:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.33:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.34:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.36:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.36:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.36:C:\RECYCLER\NPROTECT\00001573.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.37:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.37:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.37:C:\RECYCLER\NPROTECT\00001573.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.38:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.38:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.38:C:\RECYCLER\NPROTECT\00001573.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.39:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.39:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.39:C:\RECYCLER\NPROTECT\00001573.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.43:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.44:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.45:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.46:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.52:C:\RECYCLER\NPROTECT\00004034.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.53:C:\RECYCLER\NPROTECT\00004034.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.53:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.54:C:\RECYCLER\NPROTECT\00004031.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.54:C:\RECYCLER\NPROTECT\00004034.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.54:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.54:C:\RECYCLER\NPROTECT\00004039.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.54:C:\RECYCLER\NPROTECT\00006915.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00004031.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00004034.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00004039.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00004793.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00004794.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\RECYCLER\NPROTECT\00006915.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.56:C:\RECYCLER\NPROTECT\00004031.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.56:C:\RECYCLER\NPROTECT\00004038.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.56:C:\RECYCLER\NPROTECT\00004039.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.56:C:\RECYCLER\NPROTECT\00004793.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.56:C:\RECYCLER\NPROTECT\00004794.MOZ -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001365.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001366.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001367.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001411.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.31:C:\RECYCLER\NPROTECT\00001570.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.32:C:\RECYCLER\NPROTECT\00006916.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.32:C:\RECYCLER\NPROTECT\00006917.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.34:C:\RECYCLER\NPROTECT\00001347.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.34:C:\RECYCLER\NPROTECT\00001348.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.34:C:\RECYCLER\NPROTECT\00001358.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.35:C:\RECYCLER\NPROTECT\00001346.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.40:C:\RECYCLER\NPROTECT\00001571.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.40:C:\RECYCLER\NPROTECT\00001572.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.40:C:\RECYCLER\NPROTECT\00001573.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.47:C:\RECYCLER\NPROTECT\00001345.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.61:C:\RECYCLER\NPROTECT\00001344.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Program Files\VirtualDub\vdub.exe -> Trojan.Delf.sp : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP20\A0001204.exe -> Trojan.PdPinch.fo : Cleaned with backup (quarantined).


    ::Report end

    The AVG program found several trojans that no other programs found, and also found the csrss.exe trojan in a scan I performed not in safe mode while I was waiting for a program to finish up.

    Thank you so much for your help!!!! Should I give up on the other programs and only use AVG?

    Thanks again!!!!
  9. 2006-11-19, 15:42 #9
    Mr_JAk3
    Mr_JAk3 is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, it is looking good now

    Well not any scanner can find all the infections. You get best results by using multiple scanners.

    I think that the following is a false positive:

    C:\Program Files\VirtualDub\vdub.exe -> Trojan.Delf.sp : Cleaned with backup (quarantined).
    Lets find out if it is...

    Open AVG AntiSpyware
    • Infections
    • Select the following: C:\Program Files\VirtualDub\vdub.exe -> Trojan.Delf.sp : Cleaned with backup (quarantined).
    • Hit "Restore" and answer "Yes"
    • Close AVG


    Go to virustotal.com
    Click on the Browse button
    Browse to the following file: C:\Program Files\VirtualDub\vdub.exe
    Click Open and then on Send
    Wait for the scan to end.

    Copy & Paste the scan results to here.

    C:\Program Files\BlindWrite 5.2.9 + Copytodvd 3.0.41 + Dvd Shrink 2.3 + DivxToDvd + PhotoDVD 1.0.1, Multilangues et cracks.rar/BlindWrite 5.2.9 + Copytodvd 3.0.41 + Dvd Shrink 2.3 + DivxToDvd + PhotoDVD 1.0.1\Photodvd 0.9.7 Fr\Crack.exe
    The usage of cracks and pirated software is illegal and as you can see, it gets you infected.

    Let me know how the computer is running...
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006
  10. 2006-11-19, 16:49 #10
    goldengate
    goldengate is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default

    Virus Total is a very interesting website! Here are the results, what do you think...?

    AntiVir 7.2.0.39 11.19.2006 no virus found
    Authentium 4.93.8 11.17.2006 no virus found
    Avast 4.7.892.0 11.18.2006 no virus found
    AVG 386 11.18.2006 PSW.Generic2.RES
    BitDefender 7.2 11.19.2006 no virus found
    CAT-QuickHeal 8.00 11.18.2006 no virus found
    ClamAV devel-20060426 11.18.2006 no virus found
    DrWeb 4.33 11.19.2006 no virus found
    eSafe 7.0.14.0 11.19.2006 no virus found
    eTrust-InoculateIT 23.73.59 11.18.2006 no virus found
    eTrust-Vet 30.3.3197 11.17.2006 no virus found
    Ewido 4.0 11.19.2006 Trojan.Delf.sp
    Fortinet 2.82.0.0 11.19.2006 no virus found
    F-Prot 3.16f 11.17.2006 no virus found
    F-Prot4 4.2.1.29 11.17.2006 no virus found
    Ikarus 0.2.65.0 11.17.2006 no virus found
    Kaspersky 4.0.2.24 11.19.2006 no virus found
    McAfee 4899 11.18.2006 no virus found
    Microsoft 1.1609 11.19.2006 no virus found
    NOD32v2 1871 11.19.2006 no virus found
    Norman 5.80.02 11.17.2006 no virus found
    Panda 9.0.0.4 11.19.2006 no virus found
    Prevx1 V2 11.19.2006 no virus found
    Sophos 4.11.0 11.16.2006 no virus found
    TheHacker 6.0.3.122 11.18.2006 no virus found
    UNA 1.83 11.17.2006 no virus found
    VBA32 3.11.1 11.19.2006 Trojan-PSW.Win32.Delf.sp
    VirusBuster 4.3.15:9 11.18.2006 no virus found



    Also, I ran another AVG scan last night in safe mode before I went to sleep... here is the log:

    + Created at: 7:27:21 AM 11/19/2006

    + Scan result:



    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP21\A0001255.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
    C:\Documents and Settings\Rob\Cookies\rob@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Rob\Cookies\rob@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP21\A0001254.exe -> Trojan.Delf.sp : Cleaned.


    ::Report end

    Last night I didn't use the computer at all except for Itunes... is it normal for more to appear?

    Thanks again
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules