SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 01:51 on 15/12/2009 by Hiras (Administrator - Elevation successful)
========== filefind ==========
Searching for "*atapi.sys"
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [15:10 14/04/2008] [17:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
-=End Of File=-
and I already checked my PC with Active Scan 2.0
;*********************************************************************************************
ANALYSIS: 2009-12-14 16:21:38
PROTECTIONS: 0
MALWARE: 8
SUSPECTS: 0
;********************************************************************************************
PROTECTIONS
Description Version Active Updated
;==================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;==================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wuse.1
00040735 adware/whenusearch Adware No 0 Yes No hkey_classes_root\wuse.1
00040735 adware/whenusearch Adware No 0 Yes No hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{ba2325ed-f9eb-4830-8fce-0bc35b16969b}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\hiras\cookies\hiras@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\hiras\cookies\hiras@atdmt[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\hiras\cookies\hiras@tribalfusion[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\hiras\cookies\
[email protected][1].txt
00339160 Adware/WhenUSearch Adware No 0 Yes No c:\program files\daemon tools searchbar\search.dll
03074964 Trj/CI.A Virus/Trojan Yes 0 Yes No c:\documents and settings\hiras\application data\advantage\advantage.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\hiras\desktop\pcmav 2.2\pcmav 2.2\vdb\update.vdb
;==================================================================================
SUSPECTS
Sent Location
;==================================================================================
VULNERABILITIES
Id Severity Description
;==================================================================================
and i already deleted the malware