Win 32/Cryptor - added Hijack logfiile as instructed

View previous topic View next topic Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by Belahzur on 12th May 2009, 10:50 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    alwybfa

    :files
    c:\\Program Files\\LimeWire

    :reg
    [HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
    "AntiVirusDisableNotify"=-
    [HKEY_LOCAL_MACHINE\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
    "c:\\\\Program Files\\\\LimeWire\\\\LimeWire.exe"=-


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by barb999 on 12th May 2009, 11:04 pm

========== SERVICES/DRIVERS ==========

Service\\Driver alwybfa deleted successfully.
========== FILES ==========
Folder move failed. c:\\\\Program Files\\\\LimeWire\\root\\magnet10 scheduled to be moved on reboot.
Folder move failed. c:\\\\Program Files\\\\LimeWire\\root scheduled to be moved on reboot.
Folder move failed. c:\\\\Program Files\\\\LimeWire\\lib scheduled to be moved on reboot.
Folder move failed. c:\\\\Program Files\\\\LimeWire\\.NetworkShare scheduled to be moved on reboot.
c:\\\\Program Files\\\\LimeWire moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\\\\software not found.
Registry key HKEY_LOCAL_MACHINE\\\\currentcontrolset not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_180245

After the program finished, it asked me if I wanted to reboot? I haven't yet.

barb999
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-05-09
OS OS : xp
Points Points : 27741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by barb999 on 12th May 2009, 11:05 pm

I just saw your command to "reboot" if asked. I am doing so now...be back in a few minutes.

barb999
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-05-09
OS OS : xp
Points Points : 27741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by barb999 on 12th May 2009, 11:16 pm

This is the OTMoveIt3 log after rebooting:

========= SERVICES/DRIVERS ==========

Service\\Driver alwybfa deleted successfully.
========== FILES ==========
Folder move failed. c:\\\\Program Files\\\\LimeWire\\root\\magnet10 scheduled to be moved on reboot.
Folder move failed. c:\\\\Program Files\\\\LimeWire\\root scheduled to be moved on reboot.
Folder move failed. c:\\\\Program Files\\\\LimeWire\\lib scheduled to be moved on reboot.
Folder move failed. c:\\\\Program Files\\\\LimeWire\\.NetworkShare scheduled to be moved on reboot.
c:\\\\Program Files\\\\LimeWire moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\\\\software not found.
Registry key HKEY_LOCAL_MACHINE\\\\currentcontrolset not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_180245

Files moved on Reboot...
File c:\\\\Program Files\\\\LimeWire\\root\\magnet10 not found!
File c:\\\\Program Files\\\\LimeWire\\root not found!
File c:\\\\Program Files\\\\LimeWire\\lib not found!
File c:\\\\Program Files\\\\LimeWire\\.NetworkShare not found!

barb999
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-05-09
OS OS : xp
Points Points : 27741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by barb999 on 13th May 2009, 12:52 pm

Man, has this been a trial???? I have run so many reports that I forget which ones I have done. One of them exposed SpyBot files and I deleted them.

RootRepeal Drivers report Part 1 - a to l

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/13 07:45
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8C8000 Size: 57344 File Visible: -
Status: -

Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xBAB78000 Size: 23552 File Visible: -
Status: -

Name: acgprs.sys
Image Path: C:\WINDOWS\system32\DRIVERS\acgprs.sys
Address: 0x9F9E5000 Size: 97280 File Visible: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xBACC4000 Size: 11648 File Visible: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xBA58B000 Size: 101888 File Visible: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xA2931000 Size: 19232 File Visible: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0x9AA92000 Size: 138496 File Visible: -
Status: -

Name: AFS2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Address: 0xBAAC8000 Size: 35840 File Visible: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xBA9F8000 Size: 42368 File Visible: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xBAA08000 Size: 44928 File Visible: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xBACCC000 Size: 12800 File Visible: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xBA948000 Size: 55168 File Visible: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xBA918000 Size: 56960 File Visible: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xBADAC000 Size: 5248 File Visible: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xBA9D8000 Size: 42752 File Visible: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xBA9E8000 Size: 43008 File Visible: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xBACD8000 Size: 12032 File Visible: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0x9BB06000 Size: 60800 File Visible: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xBAB48000 Size: 26496 File Visible: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xBAB80000 Size: 22400 File Visible: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xBACDC000 Size: 14848 File Visible: -
Status: -

Name: ASCTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Address: 0xBAE2A000 Size: 7488 File Visible: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA5A4000 Size: 96512 File Visible: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAE92000 Size: 3072 File Visible: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBACC0000 Size: 16384 File Visible: -
Status: -

Name: bdfm.sys
Image Path: C:\WINDOWS\system32\drivers\bdfm.sys
Address: 0x99898000 Size: 104448 File Visible: -
Status: -

Name: bdfsfltr.sys
Image Path: C:\WINDOWS\system32\drivers\bdfsfltr.sys
Address: 0x998DA000 Size: 235520 File Visible: -
Status: -

Name: bdftdif.sys
Image Path: C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
Address: 0x9AB02000 Size: 130560 File Visible: -
Status: -

Name: bdselfpr.sys
Image Path: C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys
Address: 0x99F74000 Size: 8832 File Visible: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADBE000 Size: 4224 File Visible: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xBACE4000 Size: 13952 File Visible: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xBADB8000 Size: 7680 File Visible: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0x9B51B000 Size: 63744 File Visible: -
Status: -

Name: Cdr4_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS
Address: 0xBAE84000 Size: 2432 File Visible: -
Status: -

Name: Cdralw2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS
Address: 0xBAE72000 Size: 2560 File Visible: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBAAD8000 Size: 62976 File Visible: -
Status: -

Name: ckldrv.sys
Image Path: C:\WINDOWS\system32\ckldrv.sys
Address: 0x9B8DA000 Size: 17792 File Visible: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA9A8000 Size: 53248 File Visible: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xBA312000 Size: 13952 File Visible: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xBADB4000 Size: 6656 File Visible: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBACBC000 Size: 10240 File Visible: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xBACC8000 Size: 14976 File Visible: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xBA55F000 Size: 179584 File Visible: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xBACD4000 Size: 14720 File Visible: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA998000 Size: 36352 File Visible: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA6AA000 Size: 153344 File Visible: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADB6000 Size: 5888 File Visible: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xBAB88000 Size: 20192 File Visible: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xA10FE000 Size: 61440 File Visible: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9A8BF000 Size: 876544 File Visible: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0x9B7EB000 Size: 12288 File Visible: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAEE9000 Size: 4096 File Visible: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xB8BDB000 Size: 163328 File Visible: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0x9A995000 Size: 143744 File Visible: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0x9B54B000 Size: 44544 File Visible: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA53F000 Size: 129792 File Visible: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBAE6E000 Size: 7936 File Visible: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA6D0000 Size: 125056 File Visible: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBA30E000 Size: 9984 File Visible: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8D84000 Size: 163840 File Visible: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA2901000 Size: 28672 File Visible: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xBAB98000 Size: 25952 File Visible: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9A6AE000 Size: 264832 File Visible: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xA4C45000 Size: 8576 File Visible: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xBAB58000 Size: 18560 File Visible: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBAAA8000 Size: 52480 File Visible: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA41000 Size: 983040 File Visible: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA06000 Size: 241664 File Visible: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E4000 Size: 139264 File Visible: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xB8DC0000 Size: 1166848 File Visible: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 61440 File Visible: -
Status: -

Name: IASTOR.SYS
Image Path: IASTOR.SYS
Address: 0xBA5BC000 Size: 874240 File Visible: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBAAB8000 Size: 42112 File Visible: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xBACE0000 Size: 16000 File Visible: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xBADAE000 Size: 5504 File Visible: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBAA78000 Size: 36352 File Visible: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0x9AADC000 Size: 152832 File Visible: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0x9F716000 Size: 75264 File Visible: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 37248 File Visible: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAC28000 Size: 24576 File Visible: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: -
Status: -

Name: klif.sys
Image Path: C:\WINDOWS\System32\DRIVERS\klif.sys
Address: 0x9A9B9000 Size: 253952 File Visible: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x99205000 Size: 172416 File Visible: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8B62000 Size: 143360 File Visible: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA516000 Size: 92288 File Visible: -
Status: -

barb999
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-05-09
OS OS : xp
Points Points : 27741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by barb999 on 13th May 2009, 12:53 pm

RootRepeal Rpt 2 m to z

Name: mbamswissarmy.sys
Image Path: C:\WINDOWS\system32\drivers\mbamswissarmy.sys
Address: 0x9F899000 Size: 32768 File Visible: -
Status: -

Name: mf.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mf.sys
Address: 0xBAA88000 Size: 63744 File Visible: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADC0000 Size: 4224 File Visible: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBAC38000 Size: 30080 File Visible: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC30000 Size: 23040 File Visible: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8F8000 Size: 42368 File Visible: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xBAB50000 Size: 17280 File Visible: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9A7F2000 Size: 180608 File Visible: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0x9A9F7000 Size: 455296 File Visible: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA1369000 Size: 19072 File Visible: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB9F87000 Size: 35072 File Visible: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAD88000 Size: 15488 File Visible: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA46F000 Size: 105344 File Visible: -
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NDIS.SYS
Address: 0xBA70D000 Size: 182656 File Visible: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA306000 Size: 10112 File Visible: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0x9B7D3000 Size: 14592 File Visible: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8B4B000 Size: 91520 File Visible: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB9F57000 Size: 40576 File Visible: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0x9B56B000 Size: 34688 File Visible: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0x9AAB4000 Size: 162816 File Visible: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBAA98000 Size: 61824 File Visible: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA1361000 Size: 30848 File Visible: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA489000 Size: 574976 File Visible: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAFFA000 Size: 2944 File Visible: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8B8000 Size: 61696 File Visible: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xBAE71000 Size: 4096 File Visible: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB38000 Size: 19712 File Visible: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB30000 Size: 28672 File Visible: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xBA6EF000 Size: 120192 File Visible: -
Status: -

Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xB9F77000 Size: 47360 File Visible: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xBAB90000 Size: 27296 File Visible: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xBADBA000 Size: 5504 File Visible: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0x9FB29000 Size: 147456 File Visible: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8B3A000 Size: 69120 File Visible: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC40000 Size: 17792 File Visible: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBABA0000 Size: 20000 File Visible: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xBA968000 Size: 40320 File Visible: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xBA928000 Size: 33152 File Visible: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xBA988000 Size: 45312 File Visible: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xBA938000 Size: 40448 File Visible: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xBA978000 Size: 49024 File Visible: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA4C31000 Size: 8832 File Visible: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBAAF8000 Size: 51328 File Visible: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB9FA7000 Size: 41472 File Visible: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB9F97000 Size: 48384 File Visible: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAC48000 Size: 16512 File Visible: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0x9AA67000 Size: 175744 File Visible: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADC2000 Size: 4224 File Visible: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB8B0A000 Size: 196224 File Visible: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBAAE8000 Size: 57600 File Visible: -
Status: -

Name: RimSerial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Address: 0xBAC50000 Size: 18432 File Visible: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xBAE00000 Size: 5888 File Visible: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x99360000 Size: 45056 File Visible: No
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0x9D5FC000 Size: 13568 File Visible: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xBA692000 Size: 98304 File Visible: -
Status: -

Name: Serial.SYS
Image Path: C:\WINDOWS\System32\Drivers\Serial.SYS
Address: 0xA02BB000 Size: 64512 File Visible: -
Status: -

Name: serscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serscan.sys
Address: 0xBADFE000 Size: 6784 File Visible: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xBA9B8000 Size: 40960 File Visible: -
Status: -

Name: smserial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\smserial.sys
Address: 0x9FA4E000 Size: 893952 File Visible: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xBAB40000 Size: 19072 File Visible: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA52D000 Size: 73472 File Visible: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9A454000 Size: 333952 File Visible: -
Status: -

Name: ssfs0bbc.sys
Image Path: ssfs0bbc.sys
Address: 0xBA8E8000 Size: 45056 File Visible: -
Status: -

Name: sshrmd.sys
Image Path: sshrmd.sys
Address: 0xBA8D8000 Size: 36864 File Visible: -
Status: -

Name: ssidrv.sys
Image Path: ssidrv.sys
Address: 0xBA73A000 Size: 188416 File Visible: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0x9FB4D000 Size: 1132704 File Visible: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBAE02000 Size: 4352 File Visible: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xBAB68000 Size: 28384 File Visible: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xBAB70000 Size: 30688 File Visible: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xBACD0000 Size: 16256 File Visible: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xBAB60000 Size: 32640 File Visible: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xB8B85000 Size: 185824 File Visible: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB8F0D000 Size: 60800 File Visible: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0x9F6BD000 Size: 361600 File Visible: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAB28000 Size: 20480 File Visible: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB9F67000 Size: 40704 File Visible: -
Status: -

Name: tifm21.sys
Image Path: C:\WINDOWS\system32\drivers\tifm21.sys
Address: 0xB8BB3000 Size: 162432 File Visible: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xBADB0000 Size: 4992 File Visible: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xBA958000 Size: 36736 File Visible: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8AAC000 Size: 384768 File Visible: -
Status: -

Name: usbaapl.sys
Image Path: C:\WINDOWS\System32\Drivers\usbaapl.sys
Address: 0xBABF0000 Size: 32000 File Visible: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADFC000 Size: 8192 File Visible: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB989C000 Size: 30208 File Visible: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xA10EE000 Size: 59520 File Visible: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8C03000 Size: 147456 File Visible: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xB8733000 Size: 15104 File Visible: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB98A4000 Size: 20608 File Visible: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA1371000 Size: 20992 File Visible: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xBA9C8000 Size: 42240 File Visible: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xBADB2000 Size: 5376 File Visible: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8DAC000 Size: 81920 File Visible: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA908000 Size: 52352 File Visible: -
Status: -

Name: w39n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Address: 0xB8C27000 Size: 1428096 File Visible: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0x9BB16000 Size: 34560 File Visible: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA1329000 Size: 20480 File Visible: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9A7B5000 Size: 83072 File Visible: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0x9CED7000 Size: 12032 File Visible: -
Status: -

barb999
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-05-09
OS OS : xp
Points Points : 27741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32/Cryptor - added Hijack logfiile as instructed

Post by Belahzur on 13th May 2009, 12:57 pm

You don't need to run RootRepeal now, the malware is gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum