Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Cryptor & Trojan.DTSS


  • This topic is locked This topic is locked
2 replies to this topic

#1 sergiocav

sergiocav

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 26 July 2009 - 08:11 PM

Following the post to create a new topic, I have pasted below the DDS.txt and will hold onto to attach.txt until it is requested.

The file names with infections seem to have a common base but different infections are reported.

Free AVG 8.5 reports Win32/Cryptor as about 100 infections with about 50 instances of
"\\?\globalroot\systemroot\system32\geyekrtcmcjpyx.dll" ---"Virus identified Win32/Cryptor" ---"Infected"
and for the remaining infections it reports various executables also identifying them as Win32/Cryptor.

Malwarebyes Anti-Malware reports as 2 infections:

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrtcmcjpyx.dll (Trojan.TDSS) -> No action taken.

Files Infected:
\\?\globalroot\systemroot\system32\geyekrtcmcjpyx.dll (Trojan.TDSS) -> No action taken.

Thanks!

Sergio


DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 16:58:29.87 on Sun 07/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1764 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Xobni\XobniService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ShopSafe\ShopSafe.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Media Vault\Utilities\HPMVTray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\obroker.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\Password Corral v4.0\password4.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: ShopSafeBrowserHelper Class: {333f6b96-3992-4d58-a499-145a10fe48c3} - c:\program files\shopsafe\BhoSSafe.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector
uRun: [EPSON WorkForce 600(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieka.exe /fu "c:\windows\temp\E_S6A9.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\jre1.6.0_07\bin\jusched.exe"
mRun: [ShopSafe] c:\progra~1\shopsafe\ShopSafe.exe /dontopenmycards
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPMVTray] "c:\program files\hewlett-packard\hp media vault\utilities\HPMVTray.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5686/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\yozwv3ed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\jre1.6.0_07\bin\npjava11.dll
FF - plugin: c:\jre1.6.0_07\bin\npjava12.dll
FF - plugin: c:\jre1.6.0_07\bin\npjava13.dll
FF - plugin: c:\jre1.6.0_07\bin\npjava14.dll
FF - plugin: c:\jre1.6.0_07\bin\npjava32.dll
FF - plugin: c:\jre1.6.0_07\bin\npjpi160_07.dll
FF - plugin: c:\jre1.6.0_07\bin\npoji610.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDimdimControl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-26 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-26 108552]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-26 127768]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-6-15 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-6-15 41424]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-26 394952]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-4-7 319488]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-26 298776]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2008-12-15 39936]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\drivers\cvpopflt.sys [2008-11-20 1507104]
R3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\drivers\Cvuvc.sys [2008-11-20 1924128]
R3 cvuvcflt;UVC Filter Service (Cisco);c:\windows\system32\drivers\cvuvcflt.sys [2008-11-20 22432]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 31896]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-15 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-5-29 87760]
RUnknown fvwv;fvwv; [x]
RUnknown gewshp;gewshp; [x]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-5-10 96256]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-11-7 449920]

=============== Created Last 30 ================

2009-07-26 10:51 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-07-26 10:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 10:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 10:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 10:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-26 04:27 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-26 04:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-26 04:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-26 04:14 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-26 04:14 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-26 04:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-26 04:14 <DIR> --d----- c:\program files\AVG
2009-07-26 04:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-24 19:14 <DIR> --d----- c:\windows\pss
2009-07-24 19:03 1,056,768 a------- c:\windows\system32\ROBOEX32.DLL
2009-07-24 19:03 <DIR> --d----- c:\program files\NewTech Infosystems
2009-07-24 19:03 <DIR> --d----- c:\program files\common files\NewTech Infosystems
2009-07-24 18:58 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-24 18:57 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-24 18:54 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-24 18:44 <DIR> --d----- c:\windows\Hewlett-Packard
2009-07-24 18:44 1,024 ----hr-- c:\windows\system32\NTIDIB4.dll
2009-07-24 18:36 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-24 11:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NewTech InfoSystems
2009-07-24 02:32 <DIR> --d----- c:\windows\McAfee.com
2009-07-11 13:59 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Dimdim
2009-07-11 13:59 <DIR> --d----- c:\program files\Dimdim
2009-07-11 13:59 100,232 a------- c:\documents and settings\hp_administrator\DimdimSetup.exe
2009-07-09 00:49 <DIR> --ds---- c:\documents and settings\hp_administrator\UserData

==================== Find3M ====================

2009-07-26 15:15 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-25 22:55 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-07-20 15:48 19,496,992 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-14 08:38 259,376 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-29 20:13 79,888 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-05-29 20:13 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-05-29 20:13 100,944 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-05-29 20:12 133,648 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-05-29 20:12 87,760 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-04-16 08:59 70,984 a------- c:\documents and settings\hp_administrator\g2mdlhlpx.exe

============= FINISH: 17:00:37.43 ===============

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 July 2009 - 04:22 PM

Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 05 August 2009 - 12:22 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users