Cryptor virus slowly destroying my computer PLease HElp

View previous topic View next topic Go down

Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 2:19 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:12, on 7/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fighters\configservice.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Fighters\ScannerService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Users\Kevin\Documents\Downloads\winlogon (1).exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Gamevance Text - {F02FABCB-92DD-475A-98AF-14217BD50746} - C:\Program Files\Gamevance\gvtl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [ALUAlert] "C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9dc8867822840) (gupdate1c9dc8867822840) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13646 bytes

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by Origin on 9th July 2009, 2:28 am

Hello kdl,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.



  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Gamevance Text - {F02FABCB-92DD-475A-98AF-14217BD50746} - C:\Program Files\Gamevance\gvtl.dll (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 3:04 am

Malwarebytes will not run .

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by Origin on 9th July 2009, 3:09 am

I see, please do the following:

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 12:11 pm

ComboFix 09-07-08.04 - Kevin 07/08/2009 22:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2187 [GMT -5:00]
Running from: c:\users\Kevin\Downloads\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1150989161-3649305048-1039150209-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\ShoppingReport
c:\programdata\Microsoft\Windows\Start Menu\Programs\Seekmo
c:\programdata\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk
c:\programdata\SeekmoSA
c:\programdata\SeekmoSA\SeekmoSA.dat
c:\programdata\SeekmoSA\SeekmoSA_kyf.dat
c:\programdata\SeekmoSA\SeekmoSAAbout.mht
c:\programdata\SeekmoSA\SeekmoSAau.dat
c:\programdata\SeekmoSA\SeekmoSAEULA.mht
c:\users\brileynicole\AppData\Roaming\.#
c:\users\Kevin\AppData\Roaming\.#
c:\users\Kevin\AppData\Roaming\Seekmo
c:\windows\COUPON~1.OCX
c:\windows\Installer\66f087a.msi
c:\windows\Installer\b67995.msi
c:\windows\system32\drivers\MSIVXckrryobxtqdicvqsqtjruvqxbeeosgxx.sys
c:\windows\system32\hXEO6mSA.exe.a_a
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkekcuipgfmfpecinetfurhnngfpvtibb.dll
c:\windows\system32\MSIVXpiicdykwodmuokppxdanmlufbtrtiwha.dll
c:\windows\system32\tmp.reg
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 03:46 . 2009-07-09 03:49 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2009-07-09 03:46 . 2009-07-09 03:46 -------- d-----w- c:\users\brileynicole\AppData\Local\temp
2009-07-09 02:55 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 02:55 . 2009-07-09 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 02:55 . 2009-07-09 02:55 -------- d-----w- c:\programdata\Malwarebytes
2009-07-09 02:55 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 16:00 . 2009-07-04 15:59 692504 ----a-w- c:\programdata\avg8\update\backup\avgcsrvx.exe
2009-07-04 16:00 . 2009-07-04 15:59 417560 ----a-w- c:\programdata\avg8\update\backup\avgcclix.dll
2009-07-04 16:00 . 2009-07-04 15:59 382744 ----a-w- c:\programdata\avg8\update\backup\avgclitx.dll
2009-07-04 15:59 . 2009-07-04 15:59 69912 ----a-w- c:\programdata\avg8\update\backup\avgcrlpx.dll
2009-07-04 15:59 . 2009-07-05 20:25 2054424 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-04 15:59 . 2009-07-04 15:59 335752 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-04 15:59 . 2009-07-05 20:25 2167576 ----a-w- c:\programdata\avg8\update\backup\avgresf.dll
2009-07-04 15:59 . 2009-07-04 15:59 3403032 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-04 15:59 . 2009-07-04 15:59 836888 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-04 15:59 . 2009-07-04 15:59 337176 ----a-w- c:\programdata\avg8\update\backup\avglogx.dll
2009-07-04 15:59 . 2009-07-04 15:59 3298584 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-07-04 15:59 . 2009-07-04 15:59 1206040 ----a-w- c:\programdata\avg8\update\backup\avgabout.dll
2009-07-04 15:59 . 2009-07-04 15:59 1471768 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-04 15:59 . 2009-07-04 15:59 1086744 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-03 12:50 . 2009-07-03 12:50 -------- d-----w- c:\program files\SSas
2009-07-03 12:50 . 2009-07-03 12:50 -------- d-----w- c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2009-07-03 00:16 . 2009-07-03 00:16 -------- d-----w- c:\users\brileynicole\AppData\Roaming\AVG8
2009-07-01 20:35 . 2009-07-01 20:35 2053912 ----a-w- c:\programdata\avg8\update\prepare\avgcorex.dll
2009-06-30 23:39 . 2009-06-26 22:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-28 21:51 . 2009-06-28 21:51 -------- d-----w- c:\users\Kevin\AppData\Local\Chromium
2009-06-28 21:51 . 2009-06-28 21:51 -------- d-----w- c:\program files\SRWare Iron
2009-06-27 20:26 . 2009-06-27 20:26 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 22:44 . 2009-06-26 22:44 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 22:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 22:44 . 2009-06-26 22:44 -------- d-----w- c:\program files\Lavasoft
2009-06-26 21:10 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-26 21:10 . 2009-06-26 21:51 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-26 21:10 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-26 21:10 . 2009-06-26 21:11 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-26 21:10 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-26 21:09 . 2009-07-08 14:04 -------- d-----w- c:\program files\Spyware Doctor
2009-06-26 21:09 . 2009-06-26 21:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\PC Tools
2009-06-26 21:09 . 2009-06-26 21:09 -------- d-----w- c:\programdata\PC Tools
2009-06-25 15:18 . 2009-06-14 21:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-25 14:53 . 2009-06-25 14:53 -------- d-----w- c:\users\Kevin\AppData\Local\AVG Security Toolbar
2009-06-25 14:33 . 2009-06-25 14:33 -------- d-----w- c:\users\Kevin\AppData\Roaming\AVG8
2009-06-25 14:33 . 2009-06-25 14:33 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 14:33 . 2009-06-25 15:18 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-25 14:33 . 2009-06-25 14:33 832144 ----a-w- c:\programdata\avg8\update\prepare\AVGToolbarInstall.exe
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-----w- c:\users\Kevin\Freeze Tag - Dream Machine
2009-06-16 22:11 . 2009-06-16 22:12 -------- d-----w- c:\program files\Can You See What I See Dream Machine
2009-06-15 14:58 . 2009-06-15 14:58 -------- d-----w- c:\program files\Sunset Studio - Love on the High Seas
2009-06-14 00:13 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 00:13 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 03:17 . 2009-06-12 03:17 -------- d-----w- c:\users\Kevin\AppData\Roaming\Track Color Preference Settings
2009-06-12 03:03 . 2009-06-12 03:03 -------- d-----w- c:\programdata\Disney Imagineering
2009-06-12 03:01 . 2009-06-12 03:01 -------- d-----w- c:\program files\Disney Imagineering
2009-06-12 03:01 . 2009-06-12 03:01 -------- d-----w- c:\programdata\Roaming
2009-06-11 19:33 . 2009-06-11 19:33 212992 ----a-w- c:\windows\UnVt.exe
2009-06-11 19:33 . 2009-06-11 19:33 -------- d-----w- c:\program files\Activision Value
2009-06-11 18:19 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 18:19 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 18:19 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 18:24 . 2009-06-10 18:24 -------- d-----w- c:\users\brileynicole\AppData\Roaming\vlc
2009-06-10 18:20 . 2009-06-10 18:20 -------- d-----w- c:\users\brileynicole\AppData\Roaming\DivX
2009-06-09 21:04 . 2009-06-09 21:04 -------- d-----w- c:\program files\Dream Day Wedding - Viva Las Vegas

.

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 12:11 pm

((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 03:47 . 2008-01-05 16:03 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-09 03:31 . 2009-04-11 22:27 -------- d-----w- c:\programdata\avg8
2009-07-09 03:01 . 2009-01-03 02:10 -------- d-----w- c:\program files\Gamevance
2009-07-09 00:30 . 2008-04-26 19:52 -------- d-----w- c:\programdata\Google Updater
2009-07-07 22:56 . 2008-11-16 03:50 -------- d-----w- c:\users\brileynicole\AppData\Roaming\LimeWire
2009-07-06 22:47 . 2009-06-26 22:46 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 22:47 . 2009-06-26 22:46 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 22:47 . 2009-06-26 22:46 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-05 23:29 . 2009-05-09 16:42 -------- d-----w- c:\program files\Norton Security Scan
2009-07-05 20:25 . 2009-04-11 22:27 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 19:28 . 2008-07-13 18:57 -------- d-----w- c:\program files\Escape the Museum
2009-07-03 22:46 . 2009-06-26 22:46 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-03 22:46 . 2009-06-26 22:46 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-03 22:46 . 2009-06-26 22:46 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 23:00 . 2009-06-26 22:46 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 23:00 . 2009-06-26 22:46 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 23:00 . 2009-06-26 22:46 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 22:59 . 2009-06-26 22:46 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 22:59 . 2009-06-26 22:46 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 22:57 . 2009-06-26 22:46 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 22:57 . 2009-06-26 22:46 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 22:57 . 2009-06-26 22:46 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 22:54 . 2009-06-26 22:46 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 22:53 . 2009-06-26 22:46 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 22:50 . 2009-06-26 22:46 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 22:46 . 2009-06-26 22:46 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-26 22:46 . 2009-06-26 22:46 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 22:46 . 2009-06-26 22:46 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-26 22:44 . 2008-11-16 20:36 -------- d-----w- c:\programdata\Lavasoft
2009-06-26 22:43 . 2008-11-16 20:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-25 14:33 . 2009-04-11 22:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 14:33 . 2008-03-22 17:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 23:11 . 2008-01-05 16:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-15 16:04 . 2008-10-20 00:38 -------- d-----w- c:\program files\3DFrogFrenz
2009-06-14 08:00 . 2008-02-09 17:49 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 21:45 . 2008-12-25 19:01 -------- d-----w- c:\program files\PhoTags Express
2009-06-12 14:50 . 2009-06-12 03:03 177 ----a-w- c:\users\Kevin\AppData\Roaming\prefs.bin
2009-06-12 14:44 . 2009-06-12 14:44 0 ----a-w- c:\users\Kevin\AppData\Roaming\badclose.bin
2009-06-12 08:11 . 2008-01-05 16:21 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 03:03 . 2008-01-05 16:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 03:03 . 2008-09-26 16:41 839 ----a-w- c:\windows\EReg515.dat
2009-06-08 20:59 . 2009-06-08 16:27 278 ----a-w- c:\windows\EReg213.dat
2009-06-08 20:53 . 2009-05-24 23:35 -------- d-----w- c:\users\Kevin\AppData\Roaming\DivX
2009-06-08 20:51 . 2009-06-08 20:48 -------- d-----w- c:\program files\Noah
2009-06-08 16:57 . 2009-06-08 16:57 -------- d-----w- c:\program files\LEGO Media
2009-06-08 16:28 . 2009-06-08 16:28 -------- d-----w- c:\program files\directx
2009-06-05 02:34 . 2009-06-05 02:33 -------- d-----w- c:\users\Kevin\AppData\Roaming\Spintop 3 Days Zoo Mystery
2009-06-05 02:32 . 2009-06-05 02:32 -------- d-----w- c:\program files\Three Days - Zoo Mystery
2009-05-30 06:15 . 2008-02-12 20:53 2044 ----a-w- c:\users\brileynicole\AppData\Roaming\wklnhst.dat
2009-05-30 01:15 . 2009-05-30 01:15 390664 ----a-w- c:\users\Kevin\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 13:59 . 2009-05-26 13:59 -------- d-----w- c:\programdata\JollyBear
2009-05-26 13:58 . 2009-05-26 13:58 -------- d-----w- c:\program files\Big City Adventure
2009-05-25 01:26 . 2009-05-25 01:26 -------- d-----w- c:\users\Kevin\AppData\Roaming\dvdcss
2009-05-25 01:25 . 2009-05-25 01:24 -------- d-----w- c:\users\Kevin\AppData\Roaming\vlc
2009-05-25 01:06 . 2009-05-25 01:06 -------- d-----w- c:\program files\VideoLAN
2009-05-24 16:02 . 2008-01-05 16:21 -------- d-----w- c:\program files\Google
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\DivX
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-23 06:46 . 2009-04-13 16:01 -------- d-----w- c:\program files\Success Story
2009-05-23 06:41 . 2009-03-19 03:04 -------- d-----w- c:\program files\Mystery PI - The New York Fortune
2009-05-23 06:23 . 2009-03-19 21:28 -------- d-----w- c:\program files\Mean Girls
2009-05-23 06:11 . 2009-03-15 21:03 -------- d-----w- c:\program files\Cooking Academy 2 World Cuisine
2009-05-23 02:59 . 2009-03-19 02:25 -------- d-----w- c:\program files\Mushroom Age
2009-05-23 02:58 . 2009-03-22 23:57 -------- d-----w- c:\program files\Nanny Mania 2
2009-05-22 04:20 . 2008-02-23 02:31 612 ----a-w- c:\users\Kevin\AppData\Roaming\wklnhst.dat
2009-05-21 01:10 . 2009-05-21 01:10 -------- d-----w- c:\users\brileynicole\AppData\Roaming\Nikon
2009-05-21 01:10 . 2008-12-23 04:14 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-05-19 16:21 . 2009-05-19 16:21 -------- d-----w- c:\program files\Cate West - The Velvet Keys
2009-05-17 02:07 . 2009-05-17 02:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-15 22:02 . 2009-05-15 22:02 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 08:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 18:55 . 2009-04-11 22:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-24 16:05 . 2009-06-11 18:18 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 18:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 18:18 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-15 20:25 . 2006-09-14 21:13 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-05 23:37 . 2008-01-05 23:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-24 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-24 81920]
"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-01-09 543272]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-13 492912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\users\brileynicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-8-21 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2008-12-25 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 12:12 pm

HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10DD04FB-1F0A-4E36-831E-72CB1AAE3B38}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE4C3C6C-6F77-47C2-9BCC-FD0364F9B5A8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F8F8DF96-1907-4A9A-8B93-CD7648CBD342}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{1E63D412-1C71-4F9D-8E8B-62E8A240436C}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{6F851498-D76A-4D90-98B8-76B8A14B37C0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{136B7284-06F7-4D3B-9F5D-AD588B5B843B}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{6D949304-0708-4DF4-8527-75E11D24106C}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
"{E067CE60-822D-4980-AAE2-F3DB2BB652F2}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
"{615D769E-6195-4E54-AEBD-578E93FF9BBC}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D1DB0116-A7CC-4416-AFC6-89F328170095}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{30799BF9-94BA-4275-9DCD-4F15958E7E8E}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{7D43B870-3EDD-4187-8C01-59043944BB9D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{4971314B-D14D-493B-B375-BD11D5D23112}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{46F63387-8FFE-4756-B2B7-7638569E9820}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02C2CE8F-9D1E-4D2E-94D1-F0CF814332A4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A78B0F8A-52B7-4BAC-A3E4-7681C84B24BD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D2050B8B-B6A8-4242-B7A5-26AEA044F775}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8D4F14FC-1AC8-4792-A1F8-8A1AA553D286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D128EB67-BC10-4B8C-80F6-8D4BACE342E1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{98E9E794-5083-4130-A8CE-39F792B7691B}c:\\program files\\games\\wheel of fortune\\wheel of fortune.exe"= UDP:c:\program files\games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"UDP Query User{442BCB8E-11DD-474C-8DC4-14DEFF4968C4}c:\\program files\\games\\wheel of fortune\\wheel of fortune.exe"= TCP:c:\program files\games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"{A89EA1A6-676E-493E-996E-4659E40B11CA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AC3232DA-7E01-464B-B1B8-9FE5B08BF646}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{1DB5BF4D-3556-4F34-961C-00B73DD171B6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{50388D54-404B-4858-A019-2BCD158E9275}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/26/2009 17:46 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/26/2009 16:10 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/11/2009 17:27 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/11/2009 17:27 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/11/2009 17:27 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 14:06 1029456]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [11/18/2008 12:01 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [11/18/2008 12:01 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [11/18/2008 12:01 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [11/18/2008 12:01 139912]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/26/2009 16:09 348752]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [11/18/2008 12:01 15496]
S2 gupdate1c9dc8867822840;Google Update Service (gupdate1c9dc8867822840);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:57 133104]
S4 BCSWAP;BCSWAP;c:\windows\System32\drivers\bcswap.sys [1/25/2007 09:54 91496]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/3/2008 14:58 24652]

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 12:12 pm

-- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:54]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-05 01:45]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 15:57]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 15:57]

2009-07-08 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 23:00]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2lbcna81.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 82.5.185.111
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-08 22:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1864)
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-07-09 23:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 03:59

Pre-Run: 438,296,244,224 bytes free
Post-Run: 439,547,469,824 bytes free

460 --- E O F --- 2009-07-06 17:37

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by Belahzur on 9th July 2009, 1:53 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the folllowing if present:

    Ask Toolbar
    Limewire
    Viewpoint Manager (remove only)
    Viewpoint Media Player
    Viewpoint Toolbar

  • Click on the Uninstall/Change button at the top.

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\program files\Gamevance
c:\users\brileynicole\AppData\Roaming\LimeWire
c:\program files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
"AutoUpdateDisableNotify"=-
"UpdatesDisableNotify"=-

Firefox::
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2lbcna81.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 10:15 pm

ComboFix 09-07-09.04 - Kevin 07/09/2009 16:47.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1929 [GMT -5:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Gamevance
c:\program files\Gamevance\ars.cfg
c:\program files\Gamevance\gvun.exe
c:\program files\Gamevance\icon.ico
c:\users\brileynicole\AppData\Roaming\LimeWire
c:\users\brileynicole\AppData\Roaming\LimeWire\createtimes.cache
c:\users\brileynicole\AppData\Roaming\LimeWire\fileurns.cache
c:\users\brileynicole\AppData\Roaming\LimeWire\filters.props
c:\users\brileynicole\AppData\Roaming\LimeWire\installation.props
c:\users\brileynicole\AppData\Roaming\LimeWire\library.dat
c:\users\brileynicole\AppData\Roaming\LimeWire\limewire.props
c:\users\brileynicole\AppData\Roaming\LimeWire\mojito.props
c:\users\brileynicole\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\brileynicole\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\brileynicole\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\brileynicole\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\brileynicole\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\brileynicole\AppData\Roaming\LimeWire\questions.props
c:\users\brileynicole\AppData\Roaming\LimeWire\simpp.xml
c:\users\brileynicole\AppData\Roaming\LimeWire\tables.props
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\brileynicole\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\brileynicole\AppData\Roaming\LimeWire\version.xml
c:\users\brileynicole\AppData\Roaming\LimeWire\versions.props

.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 21:59 . 2009-07-09 21:59 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2009-07-09 21:43 . 2009-07-09 21:43 -------- d-s---w- C:\Combo-Fix
2009-07-09 02:55 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 02:55 . 2009-07-09 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 02:55 . 2009-07-09 02:55 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-09 02:55 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 12:50 . 2009-07-03 12:50 -------- d-----w- c:\program files\SSas
2009-07-03 12:50 . 2009-07-03 12:50 -------- d-----w- c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2009-06-30 23:39 . 2009-06-26 22:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-28 21:51 . 2009-06-28 21:51 -------- d-----w- c:\users\Kevin\AppData\Local\Chromium
2009-06-28 21:51 . 2009-06-28 21:51 -------- d-----w- c:\program files\SRWare Iron
2009-06-26 22:46 . 2009-06-26 22:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-26 22:46 . 2009-06-26 22:46 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 22:44 . 2009-06-26 22:44 -------- dc-h--w- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 22:44 . 2009-06-26 22:44 -------- d-----w- c:\program files\Lavasoft
2009-06-26 21:10 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-26 21:10 . 2009-06-26 21:51 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-26 21:10 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-26 21:10 . 2009-06-26 21:11 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-26 21:10 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-26 21:09 . 2009-07-09 10:12 -------- d-----w- c:\program files\Spyware Doctor
2009-06-26 21:09 . 2009-06-26 21:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\PC Tools
2009-06-26 21:09 . 2009-06-26 21:09 -------- d-----w- c:\progra~2\PC Tools
2009-06-25 14:53 . 2009-06-25 14:53 -------- d-----w- c:\users\Kevin\AppData\Local\AVG Security Toolbar
2009-06-25 14:33 . 2009-06-25 14:33 -------- d-----w- c:\users\Kevin\AppData\Roaming\AVG8
2009-06-25 14:33 . 2009-06-25 15:18 -------- d-----w- c:\progra~2\AVG Security Toolbar
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-----w- c:\users\Kevin\Freeze Tag - Dream Machine
2009-06-16 22:11 . 2009-06-16 22:12 -------- d-----w- c:\program files\Can You See What I See Dream Machine
2009-06-15 14:58 . 2009-06-15 14:58 -------- d-----w- c:\program files\Sunset Studio - Love on the High Seas
2009-06-14 00:13 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 00:13 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 03:17 . 2009-06-12 03:17 -------- d-----w- c:\users\Kevin\AppData\Roaming\Track Color Preference Settings
2009-06-12 03:03 . 2009-06-12 03:03 -------- d-----w- c:\progra~2\Disney Imagineering
2009-06-12 03:01 . 2009-06-12 03:01 -------- d-----w- c:\program files\Disney Imagineering
2009-06-12 03:01 . 2009-06-12 03:01 -------- d-----w- c:\progra~2\Roaming
2009-06-11 19:33 . 2009-06-11 19:33 212992 ----a-w- c:\windows\UnVt.exe
2009-06-11 19:33 . 2009-06-11 19:33 -------- d-----w- c:\program files\Activision Value
2009-06-11 18:19 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 18:19 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 18:19 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 21:27 . 2008-01-05 16:03 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-09 03:31 . 2009-04-11 22:27 -------- d-----w- c:\progra~2\avg8
2009-07-09 00:30 . 2008-04-26 19:52 -------- d-----w- c:\progra~2\Google Updater
2009-07-05 23:29 . 2009-05-09 16:42 -------- d-----w- c:\program files\Norton Security Scan
2009-07-05 20:25 . 2009-04-11 22:27 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 19:28 . 2008-07-13 18:57 -------- d-----w- c:\program files\Escape the Museum
2009-06-26 22:44 . 2008-11-16 20:36 -------- d-----w- c:\progra~2\Lavasoft
2009-06-26 22:43 . 2008-11-16 20:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-25 14:33 . 2009-04-11 22:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 14:33 . 2008-03-22 17:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 23:11 . 2008-01-05 16:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-15 16:04 . 2008-10-20 00:38 -------- d-----w- c:\program files\3DFrogFrenz
2009-06-14 08:00 . 2008-02-09 17:49 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-12 21:45 . 2008-12-25 19:01 -------- d-----w- c:\program files\PhoTags Express
2009-06-12 14:50 . 2009-06-12 03:03 177 ----a-w- c:\users\Kevin\AppData\Roaming\prefs.bin
2009-06-12 14:44 . 2009-06-12 14:44 0 ----a-w- c:\users\Kevin\AppData\Roaming\badclose.bin
2009-06-12 08:11 . 2008-01-05 16:21 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 03:03 . 2008-01-05 16:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 03:03 . 2008-09-26 16:41 839 ----a-w- c:\windows\EReg515.dat
2009-06-09 21:04 . 2009-06-09 21:04 -------- d-----w- c:\program files\Dream Day Wedding - Viva Las Vegas
2009-06-08 20:59 . 2009-06-08 16:27 278 ----a-w- c:\windows\EReg213.dat
2009-06-08 20:53 . 2009-05-24 23:35 -------- d-----w- c:\users\Kevin\AppData\Roaming\DivX
2009-06-08 20:51 . 2009-06-08 20:48 -------- d-----w- c:\program files\Noah
2009-06-08 16:57 . 2009-06-08 16:57 -------- d-----w- c:\program files\LEGO Media
2009-06-08 16:28 . 2009-06-08 16:28 -------- d-----w- c:\program files\directx
2009-06-05 02:34 . 2009-06-05 02:33 -------- d-----w- c:\users\Kevin\AppData\Roaming\Spintop 3 Days Zoo Mystery
2009-06-05 02:32 . 2009-06-05 02:32 -------- d-----w- c:\program files\Three Days - Zoo Mystery
2009-05-30 01:15 . 2009-05-30 01:15 390664 ----a-w- c:\users\Kevin\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 13:59 . 2009-05-26 13:59 -------- d-----w- c:\progra~2\JollyBear
2009-05-26 13:58 . 2009-05-26 13:58 -------- d-----w- c:\program files\Big City Adventure
2009-05-25 01:26 . 2009-05-25 01:26 -------- d-----w- c:\users\Kevin\AppData\Roaming\dvdcss
2009-05-25 01:25 . 2009-05-25 01:24 -------- d-----w- c:\users\Kevin\AppData\Roaming\vlc
2009-05-25 01:06 . 2009-05-25 01:06 -------- d-----w- c:\program files\VideoLAN
2009-05-24 16:02 . 2008-01-05 16:21 -------- d-----w- c:\program files\Google
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\DivX
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-23 06:46 . 2009-04-13 16:01 -------- d-----w- c:\program files\Success Story
2009-05-23 06:41 . 2009-03-19 03:04 -------- d-----w- c:\program files\Mystery PI - The New York Fortune
2009-05-23 06:23 . 2009-03-19 21:28 -------- d-----w- c:\program files\Mean Girls
2009-05-23 06:11 . 2009-03-15 21:03 -------- d-----w- c:\program files\Cooking Academy 2 World Cuisine
2009-05-23 02:59 . 2009-03-19 02:25 -------- d-----w- c:\program files\Mushroom Age
2009-05-23 02:58 . 2009-03-22 23:57 -------- d-----w- c:\program files\Nanny Mania 2
2009-05-22 04:20 . 2008-02-23 02:31 612 ----a-w- c:\users\Kevin\AppData\Roaming\wklnhst.dat
2009-05-21 01:10 . 2008-12-23 04:14 20 ---h--w- c:\progra~2\PKP_DLdu.DAT
2009-05-19 16:21 . 2009-05-19 16:21 -------- d-----w- c:\program files\Cate West - The Velvet Keys
2009-05-17 02:07 . 2009-05-17 02:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-14 08:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 18:55 . 2009-04-11 22:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-24 16:05 . 2009-06-11 18:18 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 18:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 18:18 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-15 20:25 . 2006-09-14 21:13 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-05 23:37 . 2008-01-05 23:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 10:15 pm

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 16:04 . 2009-07-09 21:30 52746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-09 21:30 69450 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-07-09 03:51 69450 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-27 03:23 . 2009-07-09 21:30 12156 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1150989161-3649305048-1039150209-1000_UserData.bin
+ 2008-02-21 03:09 . 2009-07-09 21:27 7156 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-09 21:28 . 2009-07-09 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-09 03:48 . 2009-07-09 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-09 03:48 . 2009-07-09 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-09 21:28 . 2009-07-09 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-20 09:59 . 2009-07-09 20:17 268928 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-01-05 16:28 . 2009-07-09 21:59 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-05 16:28 . 2009-07-09 03:49 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-09 21:59 4538368 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-07-09 03:49 4538368 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-05 16:28 . 2009-07-09 21:59 2703360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-05 16:28 . 2009-07-09 03:49 2703360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-24 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-24 81920]
"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-01-09 543272]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-13 492912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2008-12-25 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10DD04FB-1F0A-4E36-831E-72CB1AAE3B38}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE4C3C6C-6F77-47C2-9BCC-FD0364F9B5A8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F8F8DF96-1907-4A9A-8B93-CD7648CBD342}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{1E63D412-1C71-4F9D-8E8B-62E8A240436C}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{6F851498-D76A-4D90-98B8-76B8A14B37C0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{136B7284-06F7-4D3B-9F5D-AD588B5B843B}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{6D949304-0708-4DF4-8527-75E11D24106C}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
"{E067CE60-822D-4980-AAE2-F3DB2BB652F2}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
"{615D769E-6195-4E54-AEBD-578E93FF9BBC}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D1DB0116-A7CC-4416-AFC6-89F328170095}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{30799BF9-94BA-4275-9DCD-4F15958E7E8E}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{7D43B870-3EDD-4187-8C01-59043944BB9D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{4971314B-D14D-493B-B375-BD11D5D23112}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{46F63387-8FFE-4756-B2B7-7638569E9820}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02C2CE8F-9D1E-4D2E-94D1-F0CF814332A4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A78B0F8A-52B7-4BAC-A3E4-7681C84B24BD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D2050B8B-B6A8-4242-B7A5-26AEA044F775}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8D4F14FC-1AC8-4792-A1F8-8A1AA553D286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D128EB67-BC10-4B8C-80F6-8D4BACE342E1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{98E9E794-5083-4130-A8CE-39F792B7691B}c:\\program files\\games\\wheel of fortune\\wheel of fortune.exe"= UDP:c:\program files\games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"UDP Query User{442BCB8E-11DD-474C-8DC4-14DEFF4968C4}c:\\program files\\games\\wheel of fortune\\wheel of fortune.exe"= TCP:c:\program files\games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"{A89EA1A6-676E-493E-996E-4659E40B11CA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AC3232DA-7E01-464B-B1B8-9FE5B08BF646}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{1DB5BF4D-3556-4F34-961C-00B73DD171B6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{50388D54-404B-4858-A019-2BCD158E9275}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/26/2009 17:46 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/26/2009 16:10 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/11/2009 17:27 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/11/2009 17:27 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/11/2009 17:27 298776]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [11/18/2008 12:01 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [11/18/2008 12:01 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [11/18/2008 12:01 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [11/18/2008 12:01 139912]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/26/2009 16:09 348752]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 14:06 1029456]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [11/18/2008 12:01 15496]
S2 gupdate1c9dc8867822840;Google Update Service (gupdate1c9dc8867822840);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:57 133104]
S4 BCSWAP;BCSWAP;c:\windows\System32\drivers\bcswap.sys [1/25/2007 09:54 91496]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 9th July 2009, 10:16 pm

-- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2lbcna81.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 82.5.185.111
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-09 16:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000078703AD1AC12461FA1 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4580)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\NetworkExplorer.dll
.
Completion time: 2009-07-09 17:02
ComboFix-quarantined-files.txt 2009-07-09 22:02
ComboFix2.txt 2009-07-09 04:00

Pre-Run: 439,353,982,976 bytes free
Post-Run: 439,320,109,056 bytes free

410 --- E O F --- 2009-07-06 17:37

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by Belahzur on 10th July 2009, 12:53 am

Hello.
Lets uninstall a few things now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 10th July 2009, 1:31 am

3D Frog Frenzy
3DVIA player 4.1
ABBYY FineReader 6.0 Sprint
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
Agatha Christie - Peril at End House
Angela Young's Dream Adventure
Annie's Millions
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Are You Smarter Than A 5th Grader
AVG 8.5
BCWipe 3.0
Ben 10 Alien Force Bounty Hunters
Big City Adventure
Bonjour
Browser Address Error Redirector
Bug Adventure v2.0
Burger Shop
Can You See What I See?
Can You See What I See? Dream Machine
Cate West - The Velvet Keys
CCScore
Centipede
Christmasville
Conexant D850 PCI V.92 Modem
Cooking Academy 2 World Cuisine
Cooking Dash
County Fair
Coupon Printer for Windows
DeductionPro 2007
Delicious
Dell Getting Started Guide
Dell Support Center
DellSupport
Detective Stories - Hollywood
Digital Line Detect
Diner Dash - Seasonal Snack Pack
Diner Dash 2
Diner Dash 2
Disney Toontown Online
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dream Day Honeymoon
Dream Day Wedding - Viva Las Vegas
Dream Day Wedding 2 - Married in Manhattan
Elizabeth Find, MD - Diagnosis Mystery
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
Escape Rosecliff Island
Escape the Museum
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
Family Restaurant
Free Realms Installer
Frosty Games
Gamevance
Go Go Gourmet
Go Go Gourmet - Chef of the Year
Gold Rush - Treasure Hunt
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hawaiian Explorer - Lost Island
HijackThis 2.0.2
HLPIndex
HLPRFO
Hospital Hustle
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java(TM) SE Runtime Environment 6
JumpStart 4th Grade v1.2
Kodak EasyShare software
KSU
Laura Jones and the Gates of Good and Evil
LEGOLAND
Lexmark 1200 Series
Lexmark Fax Solutions
Little Shop of Treasures
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic Encyclopedia - First Story
Magic School Bus - Rainforest
Malwarebytes' Anti-Malware
MAPPY by Namco
Masters of Mystery - Crime of Fashion
Mean Girls
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Zoo Tycoon
Miriel the Magical Merchant
Modem Diagnostic Tool
Monopoly
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Mushroom Age
Mushroom Age
Music, Photos & Videos Launcher
Mystery Legends - Sleepy Hollow
Mystery P.I. - The Vegas Heist
Mystery PI - The New York Fortune
Mystery Stories - Berlin Nights
Nanny Mania 2
NetWaiting
NICK_BGH_TRACKER
Nikon Message Center
Nikon Transfer
Noah's Ark Activity Center
Norton Security Scan
Notifier
NVIDIA Drivers
Operation Mania
OTOY
OTtBPSDK
PCDADDIN
PCDHELP
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhoTags Express
Pixia
Product Documentation Launcher
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Righteous Kill
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Sally's Salon
Sally's Spa
Samantha Swift and the Hidden Roses of Athen
Serif PhotoPlus 6.0
SFR
SHASTA
SKIN0001
SKINXSDK
Slingo ® Deluxe (remove only)
Sonic Activation Module
SpongeBob SquarePants 3-D
Spyware Doctor 6.0
SPYWAREfighter
SPYWAREfighter
SRWare Iron 2.0.178.0
Success Story
Sunset Studio - Love on the High Seas
Tahiti Hidden Pearls
TaxCut Alabama 2007
TaxCut Premium + State 2007
The Big Green Help Tracker
The Clockwork Man
The Game Of Life
The Game of Life - SpongeBob SquarePants Edition
The Hidden Object Show
The Price Is Right
The Secret of Margrave Manor
The Weather Channel Desktop 6
Three Days - Zoo Mystery
Toy Story 2
Travel Agency
Treasure Masters, Inc.
Ultimate Ride Disney Coaster
Undiscovered World - The Incan Sun
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
User's Guides
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
VPRINTOL
Wheel of Fortune (remove only)
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WIRELESS
Women's Murder Club - A Darker Shade of Grey
Women's Murder Club - Death in Scarlet
World Mosaics
Yahoo! Toolbar

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by Belahzur on 10th July 2009, 1:58 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) SE Runtime Environment 6


  • Click on the Uninstall/Change button at the top.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cryptor virus slowly destroying my computer PLease HElp

Post by kdl on 10th July 2009, 8:59 pm

Everything seems much better. Thanks to everyone at GEEKPOLICE!!

kdl
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-07-09
OS OS : vista
Points Points : 27123
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum