Tech Support Forum - View Single Post - general clean-up

spyne · 09-02-2006, 02:44 AM

Blacklight log:
--------------------
09/02/06 18:16:50 [Info]: BlackLight Engine 1.0.46 initialized
09/02/06 18:16:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/02/06 18:16:50 [Note]: 7019 4
09/02/06 18:16:50 [Note]: 7005 0
09/02/06 18:17:00 [Note]: 7006 0
09/02/06 18:17:00 [Note]: 7011 1488
09/02/06 18:17:00 [Note]: 7026 0
09/02/06 18:17:00 [Note]: 7026 0
09/02/06 18:17:08 [Note]: FSRAW library version 1.7.1019
09/02/06 18:34:37 [Note]: 7007 0
--------------------------------------

--------------------------------------
GMER log:
-----------------
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-02 18:36:28
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \Driver\nvatabus \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys
Device \Driver\nvatabus \Device\00000067 IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys
Device \Driver\nvatabus \Device\00000068 IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys
Device \Driver\nvatabus \Device\00000068 IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys
Device \Driver\nvatabus \Device\00000069 IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys
Device \Driver\nvatabus \Device\00000069 IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys
Device \Driver\nvatabus \Device\0000006a IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys
Device \Driver\nvatabus \Device\0000006a IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys

---- Files - GMER 1.0.10 ----

File G:\System Volume Information\MountPointManagerRemoteDatabase
File G:\System Volume Information\tracking.log
File G:\System Volume Information\_restore{AEBC63CC-838A-49B6-89BC-C1E79DA80958}

---- EOF - GMER 1.0.10 ----
-------------------------------------------------

In safe mode, niether of the files u mentioned could be found - i tried both a windows search (start menu) and also typing the location of each file into the windows explorer address bar - nothing.
the blacklight scan was very quick, should it have been?

09-02-2006, 02:44 AM	#10 (permalink)
spyne Registered User Join Date: Oct 2004 Posts: 21 OS: WinXP	Blacklight log: -------------------- 09/02/06 18:16:50 [Info]: BlackLight Engine 1.0.46 initialized 09/02/06 18:16:50 [Info]: OS: 5.1 build 2600 (Service Pack 2) 09/02/06 18:16:50 [Note]: 7019 4 09/02/06 18:16:50 [Note]: 7005 0 09/02/06 18:17:00 [Note]: 7006 0 09/02/06 18:17:00 [Note]: 7011 1488 09/02/06 18:17:00 [Note]: 7026 0 09/02/06 18:17:00 [Note]: 7026 0 09/02/06 18:17:08 [Note]: FSRAW library version 1.7.1019 09/02/06 18:34:37 [Note]: 7007 0 -------------------------------------- -------------------------------------- GMER log: ----------------- GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-09-02 18:36:28 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess ---- Devices - GMER 1.0.10 ---- Device \Driver\nvatabus \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys Device \Driver\nvatabus \Device\00000067 IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys Device \Driver\nvatabus \Device\00000068 IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys Device \Driver\nvatabus \Device\00000068 IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys Device \Driver\nvatabus \Device\00000069 IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys Device \Driver\nvatabus \Device\00000069 IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys Device \Driver\nvatabus \Device\0000006a IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F5228] AnyDVD.sys Device \Driver\nvatabus \Device\0000006a IRP_MJ_SHUTDOWN [F78F5450] AnyDVD.sys ---- Files - GMER 1.0.10 ---- File G:\System Volume Information\MountPointManagerRemoteDatabase File G:\System Volume Information\tracking.log File G:\System Volume Information\_restore{AEBC63CC-838A-49B6-89BC-C1E79DA80958} ---- EOF - GMER 1.0.10 ---- ------------------------------------------------- In safe mode, niether of the files u mentioned could be found - i tried both a windows search (start menu) and also typing the location of each file into the windows explorer address bar - nothing. the blacklight scan was very quick, should it have been?