WIN32/Crypto problem.

View previous topic View next topic Go down

WIN32/Crypto problem.

Post by elporco on 12th August 2009, 11:18 pm

ok first off here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:43, on 13/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\temp\2279299.tmp
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Becks\Desktop\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{28EA2DBA-838B-4FD2-AEB0-78C3595E4758}: NameServer = 85.255.112.139,85.255.112.136
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D6C2EA-8D50-4EDB-B949-988000AA8B7D}: NameServer = 85.255.112.139,85.255.112.136
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.139,85.255.112.136
O17 - HKLM\System\CS1\Services\Tcpip\..\{28EA2DBA-838B-4FD2-AEB0-78C3595E4758}: NameServer = 85.255.112.139,85.255.112.136
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.112.139,85.255.112.136
O17 - HKLM\System\CS14\Services\Tcpip\..\{28EA2DBA-838B-4FD2-AEB0-78C3595E4758}: NameServer = 85.255.112.139,85.255.112.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.139,85.255.112.136
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11389 bytes


im having major trouble with this sytem, i get a bad image error 2/3 times for every program that opens (meaning a good deal of time spent on startup closing errors).

AVG reports Crypto in several places but is unable to remove it. i have downloaded malwarebytes but after getting the usual bad image DLL errors it will not start installing.

when i do a google search the first search is always redirected then the 2nd is ok but certain websites (mainly to do with malwarebytes) give a DNS error as if the virus is blocking any attemp to kill it.

thanks for the help on this.


EDIT* forgot to add, my windows security centre has been disabled and will no restart


Last edited by elporco on 12th August 2009, 11:22 pm; edited 1 time in total (Reason for editing : forgot to add)

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by Belahzur on 13th August 2009, 12:07 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by elporco on 13th August 2009, 8:28 am

ComboFix 09-08-10.06 - Becks 13/08/2009 8:54.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.954.67 [GMT 1:00]
Running from: c:\users\Becks\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2316167748-4072116333-2837980287-500
c:\$recycle.bin\S-1-5-21-495556611-1600015499-729608983-500
c:\windows\Installer\2634e.msi
c:\windows\Installer\26352.msi
c:\windows\Installer\26356.msi
c:\windows\Installer\2635a.msi
c:\windows\Installer\2635e.msi
c:\windows\Installer\26366.msi
c:\windows\Installer\29c899.msi
c:\windows\system32\drivers\ESQULserv.sys
c:\windows\system32\drivers\UACmvxdxixcbeimoqf.sys
c:\windows\system32\file.exe.tmp
c:\windows\system32\UACeeqspeywqppvwcw.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjixahbvuhtnykhy.log
c:\windows\system32\UACmrqovivmosndihm.log
c:\windows\system32\UACnwxsygpvhxvqfcu.dll
c:\windows\system32\UACskrbqqavpmpkkif.dll
c:\windows\system32\UACteiflxmrnrewoed.dll
c:\windows\system32\UACvolvvtnnmqjyyst.log
c:\windows\system32\UACygpbsibscurptqb.dat
c:\windows\system32\UACyhsejebfiladcwd.dll
c:\windows\TEMP\2279299.tmp


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_ESQULserv.sys
-------\Legacy_UACd.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 08:07 . 2009-08-13 08:09 -------- d-----w- c:\users\Becks\AppData\Local\temp
2009-08-13 08:07 . 2009-08-13 08:07 -------- d-----w- c:\users\joanne\AppData\Local\temp
2009-08-13 08:07 . 2009-08-13 08:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 22:58 . 2009-08-12 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 22:56 . 2009-08-13 07:01 -------- d-----w- c:\progra~2\NOS
2009-08-12 22:56 . 2009-08-12 22:56 -------- d-----w- c:\program files\NOS
2009-08-12 22:52 . 2009-08-13 06:53 -------- d-----w- c:\users\Becks\AppData\Local\Adobe
2009-08-12 22:43 . 2009-08-12 22:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-12 22:16 . 2009-08-12 22:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-12 22:16 . 2009-08-12 22:16 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-11 16:57 . 2009-08-12 18:53 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-11 16:35 . 2009-08-11 16:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 16:35 . 2009-08-11 16:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 16:34 . 2009-08-11 16:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 16:34 . 2009-08-11 16:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 16:34 . 2009-08-13 07:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-11 16:34 . 2009-08-11 16:38 -------- d-----w- c:\progra~2\AVG Security Toolbar
2009-08-11 16:33 . 2009-08-11 16:33 -------- d-----w- c:\program files\AVG
2009-08-11 16:33 . 2009-08-11 17:58 -------- d-----w- c:\progra~2\avg8
2009-08-11 16:29 . 2009-08-11 16:29 -------- d-----w- c:\users\Becks\AppData\Roaming\AVG8
2009-08-11 12:33 . 2009-08-11 12:33 -------- d-----w- c:\program files\CCleaner
2009-08-06 16:20 . 2009-08-11 16:19 -------- d-----w- c:\progra~2\Symantec
2009-08-06 16:01 . 2009-08-11 16:16 -------- d-----w- c:\users\Becks\AppData\Roaming\Symantec
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\users\joanne\AppData\Roaming\Symantec
2009-08-06 15:43 . 2009-08-11 16:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-02 10:30 . 2009-08-02 10:30 -------- d-----w- C:\54e62fa3758e5967869c6918db
2009-08-02 10:29 . 2009-08-02 10:29 -------- d-----w- c:\windows\CheckSur

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by elporco on 13th August 2009, 8:29 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 07:33 . 2009-05-01 21:40 -------- d-----w- c:\users\Becks\AppData\Roaming\Skype
2009-08-13 07:01 . 2009-05-28 08:11 -------- d-----w- c:\users\Becks\AppData\Roaming\skypePM
2009-08-12 22:42 . 2008-10-25 10:56 -------- d-----w- c:\program files\Java
2009-08-11 15:20 . 2008-10-25 10:59 -------- d-----w- c:\program files\SMINST
2009-08-11 12:26 . 2009-03-22 15:53 75264 ----a-w- c:\users\Becks\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 17:54 . 2009-06-28 10:21 1356 ----a-w- c:\users\joanne\AppData\Local\d3d9caps.dat
2009-08-06 16:19 . 2009-04-05 12:37 5972 ----a-w- c:\users\Becks\AppData\Local\d3d9caps.dat
2009-08-06 15:38 . 2008-10-25 09:43 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-18 16:06 . 2009-08-01 16:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-01 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-01 16:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-30 14:36 . 2009-08-11 15:21 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 14:10 . 2009-08-11 15:21 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 14:03 . 2009-08-11 15:21 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 11:44 . 2009-08-11 15:21 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-26 17:36 . 2009-08-11 15:21 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-15 15:24 . 2009-08-01 16:16 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-08-01 16:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-01 16:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-01 16:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-28 08:11 . 2009-05-28 08:11 56 ---ha-w- c:\progra~2\ezsidmv.dat
2009-05-16 21:28 . 2009-05-16 21:28 75264 ----a-w- c:\users\joanne\AppData\Local\GDIPFONTCACHEV1.DAT
2008-10-25 10:06 . 2008-10-25 09:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-11 2000152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE84A22B-3368-40C2-A7BD-588693C61C4D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{890C8E91-63B9-4019-BC60-DE848C539F51}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{44CD7D4F-A031-47BA-A7C1-1CE0D8146DE4}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7D2C9C0C-B797-42DD-8307-62AB3DCF71CC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A7CDA6AF-2AD8-4D9B-84F2-362CC1A2D799}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CCBE1A03-E39E-4B63-BB79-B8AF38672587}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AFDDB794-50D9-4AB0-9F92-67DF32524B4B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{934CC6AA-A7C8-47CA-A9C7-62FA8B566CE2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9BB57742-4736-4EC8-83AB-0345FF642200}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{66DF6751-6A64-47E2-B7BD-ABDA0E18702D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E9D579BE-17A0-457E-96F6-502E032DE411}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{724A4421-2BFD-4AF5-B75E-926666AA1F1D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0E6BD4EA-14AF-44B8-8CFA-30B3C116C088}"= UDP:c:\users\Becks\AppData\Local\Temp\7zSE456.tmp\SymNRT.exe:Norton Removal Tool
"{EC4237A3-F711-41C4-952F-10374D170946}"= TCP:c:\users\Becks\AppData\Local\Temp\7zSE456.tmp\SymNRT.exe:Norton Removal Tool
"{30F4915F-FC40-4CE3-AE72-D3407ECD3FE3}"= UDP:c:\users\Becks\AppData\Local\Temp\7zSBCBA.tmp\SymNRT.exe:Norton Removal Tool
"{DF21C9CE-C2A0-408B-B60A-DC6506AE61AB}"= TCP:c:\users\Becks\AppData\Local\Temp\7zSBCBA.tmp\SymNRT.exe:Norton Removal Tool
"{C34B2A38-B522-44D2-B818-2B35E0484203}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{85C1DEC2-D2A3-45F7-841A-4F14D889D871}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{27A66526-3CDE-4D5A-A605-55828C30025A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/08/2009 17:34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/08/2009 17:35 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/08/2009 17:33 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/08/2009 17:33 297752]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 11:59 365952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 15:52 112128]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 10:56 193840]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/08/2009 23:56 66056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by elporco on 13th August 2009, 8:29 am

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-13 09:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings]
@DACL=(02 0000)
@SACL=(02 0001)

[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings\CursorManiaBtn]
@DACL=(02 0000)
@SACL=(02 0001)
"LastHTMLMenuURL"="http://www.mywebface.com/menus/CursorChooser.html"
"HTMLMenuRevision"="300"
"ETag"="\"249f-225c6-4a79aa4f\""

[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings\MyFunCardsIMBtn]
@DACL=(02 0000)
@SACL=(02 0001)
"LastHTMLMenuURL"="http://www.mywebface.com/menus/MyFunCards_en.html.gz"
"HTMLMenuRevision"="286"
"ETag"="\"bffb8f-1813-48ecea36\""

[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings\WebfettiBtn]
@DACL=(02 0000)
@SACL=(02 0001)
"LastHTMLMenuURL"="http://www.mywebface.com/menus/WebfettiChooser_en.html"
"HTMLMenuRevision"="287"
"ETag"="\"4a6eeb-876ea-49d524f4\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-08-13 9:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 08:19

Pre-Run: 121,033,207,808 bytes free
Post-Run: 121,049,120,768 bytes free

260 --- E O F --- 2009-08-11 14:48

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by Belahzur on 13th August 2009, 4:12 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

Driver::
ezSharedSvc

NetSvc::
ezSharedSvc

RegLock::
[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings]
[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings\CursorManiaBtn]
[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings\MyFunCardsIMBtn]
[HKEY_USERS\S-1-5-21-495556611-1600015499-729608983-1000\Software\AppDataLow\Software\Fun Web Products\Settings\WebfettiBtn]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by elporco on 13th August 2009, 6:55 pm

ok here is the new log!

ComboFix 09-08-10.06 - Becks 13/08/2009 19:19.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.954.313 [GMT 1:00]
Running from: c:\users\Becks\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Becks\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ezSharedSvc


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 18:30 . 2009-08-13 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-13 18:30 . 2009-08-13 18:30 -------- d-----w- c:\users\joanne\AppData\Local\temp
2009-08-13 18:30 . 2009-08-13 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-13 18:15 . 2009-08-13 18:15 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-13 08:07 . 2009-08-13 18:33 -------- d-----w- c:\users\Becks\AppData\Local\temp
2009-08-12 22:58 . 2009-08-12 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 22:56 . 2009-08-13 07:01 -------- d-----w- c:\progra~2\NOS
2009-08-12 22:56 . 2009-08-12 22:56 -------- d-----w- c:\program files\NOS
2009-08-12 22:52 . 2009-08-13 06:53 -------- d-----w- c:\users\Becks\AppData\Local\Adobe
2009-08-12 22:43 . 2009-08-12 22:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-12 22:16 . 2009-08-12 22:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-12 22:16 . 2009-08-12 22:16 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-11 16:57 . 2009-08-12 18:53 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-11 16:35 . 2009-08-11 16:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 16:35 . 2009-08-11 16:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 16:34 . 2009-08-11 16:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 16:34 . 2009-08-11 16:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 16:34 . 2009-08-13 07:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-11 16:34 . 2009-08-11 16:38 -------- d-----w- c:\progra~2\AVG Security Toolbar
2009-08-11 16:33 . 2009-08-11 16:33 -------- d-----w- c:\program files\AVG
2009-08-11 16:33 . 2009-08-11 17:58 -------- d-----w- c:\progra~2\avg8
2009-08-11 16:29 . 2009-08-11 16:29 -------- d-----w- c:\users\Becks\AppData\Roaming\AVG8
2009-08-11 12:33 . 2009-08-11 12:33 -------- d-----w- c:\program files\CCleaner
2009-08-06 16:20 . 2009-08-11 16:19 -------- d-----w- c:\progra~2\Symantec
2009-08-06 16:01 . 2009-08-11 16:16 -------- d-----w- c:\users\Becks\AppData\Roaming\Symantec
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\users\joanne\AppData\Roaming\Symantec
2009-08-06 15:43 . 2009-08-11 16:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-02 10:30 . 2009-08-02 10:30 -------- d-----w- C:\54e62fa3758e5967869c6918db
2009-08-02 10:29 . 2009-08-02 10:29 -------- d-----w- c:\windows\CheckSur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 18:35 . 2009-05-28 08:11 -------- d-----w- c:\users\Becks\AppData\Roaming\skypePM
2009-08-13 18:29 . 2009-05-01 21:40 -------- d-----w- c:\users\Becks\AppData\Roaming\Skype
2009-08-12 22:42 . 2008-10-25 10:56 -------- d-----w- c:\program files\Java
2009-08-11 15:20 . 2008-10-25 10:59 -------- d-----w- c:\program files\SMINST
2009-08-11 12:26 . 2009-03-22 15:53 75264 ----a-w- c:\users\Becks\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 17:54 . 2009-06-28 10:21 1356 ----a-w- c:\users\joanne\AppData\Local\d3d9caps.dat
2009-08-06 16:19 . 2009-04-05 12:37 5972 ----a-w- c:\users\Becks\AppData\Local\d3d9caps.dat
2009-08-06 15:38 . 2008-10-25 09:43 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-18 16:06 . 2009-08-01 16:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-01 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-01 16:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-30 14:36 . 2009-08-11 15:21 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 14:10 . 2009-08-11 15:21 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 14:03 . 2009-08-11 15:21 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 11:44 . 2009-08-11 15:21 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-26 17:36 . 2009-08-11 15:21 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-15 15:24 . 2009-08-01 16:16 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-08-01 16:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-01 16:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-01 16:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-28 08:11 . 2009-05-28 08:11 56 ---ha-w- c:\progra~2\ezsidmv.dat
2009-05-16 21:28 . 2009-05-16 21:28 75264 ----a-w- c:\users\joanne\AppData\Local\GDIPFONTCACHEV1.DAT
2008-10-25 10:06 . 2008-10-25 09:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:34 . 2008-01-21 02:34 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2008-01-21 02:34 . 2008-01-21 02:34 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2008-01-21 02:34 . 2008-01-21 02:34 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2008-01-21 01:58 . 2009-08-13 08:38 44826 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-08-13 08:39 86140 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 09:58 . 2008-10-25 09:58 12288 c:\windows\System32\drivers\hidusb.sys
- 2008-01-21 02:32 . 2008-01-21 02:32 12288 c:\windows\System32\drivers\hidusb.sys
+ 2008-10-25 09:58 . 2008-10-25 09:58 25728 c:\windows\System32\drivers\hidparse.sys
+ 2008-10-25 09:58 . 2008-10-25 09:58 39936 c:\windows\System32\drivers\hidclass.sys
- 2009-01-13 21:54 . 2009-08-13 08:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-13 21:54 . 2009-08-13 08:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-13 21:54 . 2009-08-13 08:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-13 21:54 . 2009-08-13 08:09 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-13 21:54 . 2009-08-13 08:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-13 21:54 . 2009-08-13 08:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-13 18:15 . 2008-01-21 02:32 12288 c:\windows\LastGood.Tmp\system32\DRIVERS\hidusb.sys
+ 2009-08-13 18:15 . 2008-01-21 02:32 25472 c:\windows\LastGood.Tmp\system32\DRIVERS\hidparse.sys
+ 2009-08-13 18:15 . 2008-01-21 02:32 38912 c:\windows\LastGood.Tmp\system32\DRIVERS\hidclass.sys
+ 2009-03-22 15:48 . 2009-08-13 08:39 8854 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-495556611-1600015499-729608983-1000_UserData.bin
+ 2008-01-21 02:34 . 2008-01-21 02:34 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll
+ 2008-01-21 02:34 . 2008-01-21 02:34 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll
+ 2008-01-21 02:34 . 2008-01-21 02:34 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll
+ 2009-03-22 17:27 . 2009-08-13 18:02 243136 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-04-30 07:01 . 2009-08-13 07:53 171984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-30 07:01 . 2009-08-13 18:31 171984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-08-13 08:07 . 2009-08-13 08:07 204800 c:\windows\ERDNT\subs\Users\00000002\NTUSER.DAT
+ 2009-08-13 18:30 . 2009-08-13 18:30 204800 c:\windows\ERDNT\subs\Users\00000002\NTUSER.DAT
- 2009-08-13 08:07 . 2009-08-13 08:07 204800 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-13 18:30 . 2009-08-13 18:30 204800 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2006-11-02 10:22 . 2009-08-13 18:30 6037504 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-08-13 18:30 . 2009-08-13 18:30 2392064 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-13 08:07 . 2009-08-13 08:07 2392064 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-13 08:07 . 2009-08-13 08:07 2043904 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-13 18:30 . 2009-08-13 18:30 2043904 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-13 18:30 . 2009-08-13 18:30 6037504 c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-08-13 18:18 . 2009-08-13 18:18 6037504 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-06-02 21:08 . 2009-08-13 18:08 68280822 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by elporco on 13th August 2009, 6:56 pm

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-11 2000152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE84A22B-3368-40C2-A7BD-588693C61C4D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{890C8E91-63B9-4019-BC60-DE848C539F51}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{44CD7D4F-A031-47BA-A7C1-1CE0D8146DE4}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7D2C9C0C-B797-42DD-8307-62AB3DCF71CC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A7CDA6AF-2AD8-4D9B-84F2-362CC1A2D799}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CCBE1A03-E39E-4B63-BB79-B8AF38672587}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AFDDB794-50D9-4AB0-9F92-67DF32524B4B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{934CC6AA-A7C8-47CA-A9C7-62FA8B566CE2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9BB57742-4736-4EC8-83AB-0345FF642200}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{66DF6751-6A64-47E2-B7BD-ABDA0E18702D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E9D579BE-17A0-457E-96F6-502E032DE411}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{724A4421-2BFD-4AF5-B75E-926666AA1F1D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0E6BD4EA-14AF-44B8-8CFA-30B3C116C088}"= UDP:c:\users\Becks\AppData\Local\Temp\7zSE456.tmp\SymNRT.exe:Norton Removal Tool
"{EC4237A3-F711-41C4-952F-10374D170946}"= TCP:c:\users\Becks\AppData\Local\Temp\7zSE456.tmp\SymNRT.exe:Norton Removal Tool
"{30F4915F-FC40-4CE3-AE72-D3407ECD3FE3}"= UDP:c:\users\Becks\AppData\Local\Temp\7zSBCBA.tmp\SymNRT.exe:Norton Removal Tool
"{DF21C9CE-C2A0-408B-B60A-DC6506AE61AB}"= TCP:c:\users\Becks\AppData\Local\Temp\7zSBCBA.tmp\SymNRT.exe:Norton Removal Tool
"{C34B2A38-B522-44D2-B818-2B35E0484203}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{85C1DEC2-D2A3-45F7-841A-4F14D889D871}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{27A66526-3CDE-4D5A-A605-55828C30025A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/08/2009 17:34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/08/2009 17:35 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/08/2009 17:33 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/08/2009 17:33 297752]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 11:59 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 10:56 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 15:52 112128]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/08/2009 23:56 66056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe
.
**************************************************************************
.
Completion time: 2009-08-13 19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 18:43
ComboFix2.txt 2009-08-13 08:19

Pre-Run: 120,902,402,048 bytes free
Post-Run: 120,876,969,984 bytes free

257 --- E O F --- 2009-08-11 14:48

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by Belahzur on 14th August 2009, 6:22 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by elporco on 14th August 2009, 8:10 pm

its running fantastic now mate thanks for all the help.

now to get it secure so they dont do it again.
whats best it currently has mbam and AVG on the machine.

elporco
Novice
Novice

Posts Posts : 31
Joined Joined : 2009-08-12
OS OS : XP PRO SP3
Protection Protection : MBAM, MSE & PC Tools+
Points Points : 27103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Crypto problem.

Post by Belahzur on 14th August 2009, 9:00 pm

Keep both of them. MBAM is only an antispyware, not an antivirus.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum