Jump to content

MBR sector of the 2. physical disk contains trojan Win32/Mebroot.CA.


SFB
 Share

Recommended Posts

Okay if we're going to continue then I'm going to be a bit more aggressive in removal stuff so make sure your data is backed up.

Do you have access to another computer for burning CDs and downloading files, etc before we get going?

Lets do it!

Link to post
Share on other sites

  • Root Admin

Okay, please download and run the following tool, reboot when asked.

http://oldtimer.geekstogo.com/OTC.exe

Then download and run this tool and post back the logs.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Then, Please download Lop S&D

Double-click on Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt), typcially C:\lopR.txt

Link to post
Share on other sites

Hmm... why does OTC delete Lop S&D when it is ran?

DDS_Attach.txt

DDS Log:

DDS (Ver_09-10-26.01) - NTFSx86

Run by Administrator at 16:31:37.67 on Tue 11/03/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie_rsearch.html

uDefault_Page_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie_rsearch.html

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoSMHelp = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

mPolicies-explorer: StartMenuFavorites = 0 (0x0)

mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)

mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)

mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)

mPolicies-explorer: Start_ShowRun = 1 (0x1)

mPolicies-explorer: Start_ShowSearch = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

dPolicies-explorer: NoActiveDesktop = 1 (0x1)

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

LSP: c:\windows\system32\imon.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239189045515

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239940172859

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\2h6qxanw.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-9 15424]

R2 ioperm;ioperm support for Cygwin driver;c:\documents and settings\administrator\desktop\gateway\cmospwd-5.0\cmospwd-5.0\windows\ioperm.sys [2009-10-27 12800]

=============== Created Last 30 ================

2009-11-03 15:09:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-11-03 15:07:34 0 d-----w- C:\Combo-Fix

2009-11-03 05:16:07 123 ----a-w- c:\windows\rootkitno.ini

2009-11-03 05:13:01 0 d-----w- C:\RootkitNO

2009-11-03 04:58:08 2 --shatr- c:\windows\winstart.bat

2009-11-03 04:57:26 0 d-----w- c:\program files\UnHackMe

2009-10-28 18:42:04 0 d-----w- c:\program files\JDownloader

2009-10-27 10:49:20 77312 ----a-w- c:\windows\MBR.exe

2009-10-27 05:17:07 0 d-----w- c:\program files\SystemRequirementsLab

2009-10-27 05:00:27 0 d-----w- c:\windows\Motorola

2009-10-27 04:50:35 0 d-----w- c:\program files\Gateway

2009-10-27 04:43:17 290816 ----a-w- c:\windows\system32\drivers\tifm21.sys

2009-10-27 04:43:10 0 d-----w- c:\windows\tiinst

2009-10-23 19:24:03 0 d-----w- c:\program files\Lavalys

2009-10-23 17:41:09 0 d-----w- c:\windows\system32\CatRoot_bak

2009-10-23 15:37:09 31232 ----a-w- c:\windows\system32\cmdow.exe

2009-10-23 10:21:31 0 d-----w- c:\windows\system32\wbem\snmp

2009-10-23 10:21:31 0 d-----w- c:\windows\system32\oobe

2009-10-23 10:21:31 0 d-----w- c:\windows\srchasst

2009-10-23 10:21:30 0 d-----w- c:\windows\system32\xircom

2009-10-23 10:21:30 0 d-----w- c:\windows\system32\inetsrv

2009-10-23 10:21:30 0 d-----w- c:\program files\msn gaming zone

2009-10-23 09:22:46 0 d-sha-r- C:\cmdcons

2009-10-23 09:21:09 236544 ----a-w- c:\windows\PEV.exe

2009-10-17 06:48:39 111992 ----a-w- c:\windows\system32\acaptuser32.dll

2009-10-17 06:35:33 0 d-----w- c:\docume~1\admini~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-10-17 06:22:45 0 d-----w- c:\program files\common files\Macrovision Shared

2009-10-17 06:22:23 46928 ----a-r- c:\windows\system32\AdobePDF.dll

2009-10-17 06:22:23 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2009-10-17 03:45:33 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2009-10-17 03:45:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-17 03:45:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-17 03:45:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-10-17 03:45:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-07 06:36:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2009-10-07 06:36:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2009-10-07 06:36:24 0 d-----w- c:\program files\QT Lite

2009-10-07 06:34:27 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-10-07 06:34:27 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-10-07 06:34:25 0 d-----w- c:\program files\Real Alternative

==================== Find3M ====================

2009-11-03 22:26:14 3112 ----a-w- c:\windows\system32\drivers\sthdae.log

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

============= FINISH: 16:31:51.17 ===============

LopSD log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5500 @ 1.66GHz )

BIOS : Rev 1.0

USER : Administrator ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:37 Go (Free:10 Go)

D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Tue 11/03/2009|16:42 )

--------------------\\ Listing folders in APPLIC~1

[10/17/2009|12:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe

[10/17/2009|12:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>

com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[10/16/2009|09:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Download Manager

[09/23/2009|11:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> GrabIt

[11/02/2009|11:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Help

[04/08/2009|03:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities

[04/08/2009|04:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InstallShield

[04/08/2009|05:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia

[10/16/2009|09:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Malwarebytes

[06/21/2009|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Media Player Classic

[08/14/2009|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[04/08/2009|04:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla

[04/15/2009|10:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Nero

[10/07/2009|12:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Real

[09/16/2009|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[10/26/2009|11:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SystemRequirementsLab

[08/19/2009|09:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> TrueCrypt

[05/14/2009|09:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Uniblue

[11/03/2009|01:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> vlc

[04/08/2009|04:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> WinRAR

[10/17/2009|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[10/07/2009|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[05/14/2009|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DriverScanner

[10/17/2009|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet

[10/16/2009|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[06/17/2009|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[10/15/2009|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help

[04/15/2009|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero

[04/08/2009|01:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller

[04/08/2009|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage

[04/08/2009|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[04/08/2009|03:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[04/08/2009|03:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/08/2009|03:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/03/2009 04:25 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/06/2008 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[10/17/2009|12:16] C:\Program Files\<DIR> Adobe

[09/23/2009|09:26] C:\Program Files\<DIR> AltBinz

[04/08/2009|12:29] C:\Program Files\<DIR> CCleaner

[09/15/2009|08:42] C:\Program Files\<DIR> Combined Community Codec Pack

[11/03/2009|09:17] C:\Program Files\<DIR> Common Files

[04/08/2009|03:31] C:\Program Files\<DIR> ComPlus Applications

[10/04/2009|02:04] C:\Program Files\<DIR> Dziobas Rar Player

[10/23/2009|12:46] C:\Program Files\<DIR> ERUNT

[10/29/2009|04:54] C:\Program Files\<DIR> ESET

[10/02/2009|01:32] C:\Program Files\<DIR> FlashGet

[04/08/2009|05:10] C:\Program Files\<DIR> FLV Player

[10/26/2009|10:50] C:\Program Files\<DIR> Gateway

[09/22/2009|05:58] C:\Program Files\<DIR> GrabIt

[06/16/2009|09:15] C:\Program Files\<DIR> Hewlett-Packard

[11/03/2009|10:15] C:\Program Files\<DIR> hp deskjet 970c series

[04/08/2009|04:28] C:\Program Files\<DIR> IDT

[10/26/2009|10:43] C:\Program Files\<DIR> InstallShield Installation Information

[10/26/2009|11:53] C:\Program Files\<DIR> Intel

[10/16/2009|10:46] C:\Program Files\<DIR> Internet Explorer

[09/17/2009|01:51] C:\Program Files\<DIR> Java

[10/28/2009|12:48] C:\Program Files\<DIR> JDownloader

[10/23/2009|01:24] C:\Program Files\<DIR> Lavalys

[10/16/2009|09:45] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[10/23/2009|04:21] C:\Program Files\<DIR> microsoft frontpage

[04/16/2009|09:12] C:\Program Files\<DIR> Microsoft Office

[09/10/2009|07:25] C:\Program Files\<DIR> Microsoft Silverlight

[04/16/2009|09:12] C:\Program Files\<DIR> Microsoft Visual Studio

[05/15/2009|05:49] C:\Program Files\<DIR> Microsoft Works

[10/23/2009|04:21] C:\Program Files\<DIR> movie maker

[11/03/2009|04:34] C:\Program Files\<DIR> Mozilla Firefox

[04/16/2009|09:12] C:\Program Files\<DIR> MSBuild

[10/23/2009|04:21] C:\Program Files\<DIR> msn gaming zone

[04/15/2009|10:46] C:\Program Files\<DIR> Nero

[04/08/2009|03:31] C:\Program Files\<DIR> NetMeeting

[09/23/2009|11:47] C:\Program Files\<DIR> NewsBin

[04/08/2009|03:32] C:\Program Files\<DIR> Online Services

[04/08/2009|03:36] C:\Program Files\<DIR> Opera

[08/19/2009|09:46] C:\Program Files\<DIR> Outlook Express

[10/07/2009|12:36] C:\Program Files\<DIR> QT Lite

[10/07/2009|12:34] C:\Program Files\<DIR> Real Alternative

[07/26/2009|07:01] C:\Program Files\<DIR> Reference Assemblies

[04/08/2009|04:44] C:\Program Files\<DIR> SigmaTel

[09/15/2009|08:36] C:\Program Files\<DIR> SMPlayer

[10/26/2009|11:17] C:\Program Files\<DIR> SystemRequirementsLab

[08/19/2009|09:14] C:\Program Files\<DIR> TrueCrypt

[11/03/2009|05:16] C:\Program Files\<DIR> UnHackMe

[04/08/2009|03:35] C:\Program Files\<DIR> Uninstall Information

[10/01/2009|09:35] C:\Program Files\<DIR> Unknown Device Identifier

[09/14/2009|10:50] C:\Program Files\<DIR> Video Thumbnails Maker

[04/08/2009|11:37] C:\Program Files\<DIR> VideoLAN

[04/08/2009|05:28] C:\Program Files\<DIR> Windows Media Connect 2

[04/08/2009|05:28] C:\Program Files\<DIR> Windows Media Player

[10/23/2009|04:21] C:\Program Files\<DIR> Windows NT

[04/08/2009|03:32] C:\Program Files\<DIR> WindowsUpdate

[10/15/2009|01:40] C:\Program Files\<DIR> WinRAR

[10/23/2009|04:21] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/17/2009|12:22] C:\Program Files\Common Files\<DIR> Adobe

[04/14/2009|07:30] C:\Program Files\Common Files\<DIR> Adobe AIR

[04/16/2009|09:12] C:\Program Files\Common Files\<DIR> DESIGNER

[04/08/2009|04:44] C:\Program Files\Common Files\<DIR> InstallShield

[10/17/2009|12:22] C:\Program Files\Common Files\<DIR> Macrovision Shared

[05/15/2009|05:49] C:\Program Files\Common Files\<DIR> Microsoft Shared

[04/08/2009|03:31] C:\Program Files\Common Files\<DIR> MSSoap

[04/15/2009|10:45] C:\Program Files\Common Files\<DIR> Nero

[04/08/2009|04:26] C:\Program Files\Common Files\<DIR> ODBC

[04/08/2009|03:31] C:\Program Files\Common Files\<DIR> Services

[04/08/2009|04:26] C:\Program Files\Common Files\<DIR> SpeechEngines

[05/15/2009|05:47] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 21 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 16:42:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Desktop\cs4\Adobe_KeymakerCS4\Adobe Keymaker por Paolitaaa\keygen.exe

C:\DOCUME~1\ADMINI~1\Desktop\sfb\geek programs\BusinessCards MX 3.99 ML\BusinessCards_MX_3.99___Keygen-CRD.rar

C:\DOCUME~1\ADMINI~1\Desktop\sfb\geek programs\Pass=Xtra\keygen.exe

[F:35][D:7]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies

[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 11/03/2009|16:44 - Option : [1]

--------------------\\ Scan completed at 16:44:24

Link to post
Share on other sites

  • Root Admin

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

My recommendation would be to backup your data, format the drive and reinstall Windows.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.