TR/crypt.xpack.gen on windows xp

View previous topic View next topic Go down

TR/crypt.xpack.gen on windows xp

Post by Ebw on Mon Sep 07, 2009 2:08 am

Hi,
This trojan keeps popping up in my locals temp file-usually with a different file name. I'm sending the latest hijack this log.

I'm a novice but learning-your service is fantastic! ty





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:22 PM, on 9/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Emmett Williamson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-516290368-2114724278-2145710425-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-516290368-2114724278-2145710425-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 12931 bytes

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Belahzur on Mon Sep 07, 2009 8:51 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
    O1 - Hosts: ::1 localhost


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

TR/crypt.xpack.gen on windows xp

Post by Ebw on Tue Sep 08, 2009 10:44 pm

Here is the mbam file, ty.

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appiiit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cooper.mine (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Belahzur on Wed Sep 09, 2009 12:08 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Wed Sep 09, 2009 2:02 am

DDS (Ver_09-07-30.01) - NTFSx86
Run by Emmett Williamson at 20:53:31.09 on Tue 09/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.243 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Documents and Settings\Emmett Williamson\Desktop\HijackThis.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Emmett Williamson\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [ThpSrv] thpsrv /logon
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [NDSTray.exe] NDSTray.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TFNF5] TFNF5.exe

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Wed Sep 09, 2009 2:03 am

mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-27 206256]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-20 6144]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-1 11608]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-20 5888]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-1 55656]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-9-12 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-12 122368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-27 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-27 1097096]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-20 126976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-20 35968]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-12 114464]
S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-9-12 221184]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-9-12 245760]

=============== Created Last 30 ================

2009-09-05 20:51 47 a------- c:\windows\NeroDigital.ini
2009-09-02 06:50 --dsh--- c:\documents and settings\emmett williamson\IECompatCache
2009-09-02 06:48 --dsh--- c:\documents and settings\emmett williamson\PrivacIE
2009-09-02 06:41 --dsh--- c:\documents and settings\emmett williamson\IETldCache
2009-09-02 06:39 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-09-02 06:38 --d----- c:\windows\ie8updates
2009-09-02 06:37 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-09-02 06:37 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-02 06:37 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-02 06:37 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-09-02 06:37 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-02 06:37 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-02 06:31 -cd-h--- c:\windows\ie8
2009-09-01 17:38 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-01 17:38 --d----- c:\program files\Avira
2009-09-01 17:38 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-01 01:25 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-01 01:13 3,768 a------- c:\windows\machine.ver
2009-08-31 00:10 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-31 00:10 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-31 00:10 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-31 00:10 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-31 00:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-31 00:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-31 00:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-31 00:10 --d----- C:\eb33170fd857a307250e8483
2009-08-30 16:25 --d----- c:\docume~1\emmett~1\applic~1\Malwarebytes
2009-08-30 16:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 16:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-30 16:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 16:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-30 16:07 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-30 16:07 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-30 15:43 --d----- c:\documents and settings\emmett williamson\.SunDownloadManager
2009-08-30 15:24 --d----- C:\EFSTMPWP
2009-08-30 14:02 120 a------- c:\windows\Xjuzimi.dat
2009-08-29 22:06 --d----- c:\program files\MSXML 4.0
2009-08-29 21:58 --d----- c:\windows\system32\wbem\Repository
2009-08-27 21:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-27 21:26 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-27 21:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-27 21:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-27 21:26 --d----- c:\program files\common files\PC Tools
2009-08-27 21:26 --d----- c:\program files\Spyware Doctor
2009-08-27 21:26 --d----- c:\docume~1\emmett~1\applic~1\PC Tools
2009-08-27 21:26 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-08-27 21:06 --d----- c:\docume~1\emmett~1\applic~1\AVG8
2009-08-25 21:49 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-25 00:37 --d----- c:\windows\system32\XPSViewer
2009-08-24 22:58 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-24 22:56 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-24 22:56 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-24 22:55 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-24 22:55 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-24 22:55 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-24 22:53 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-08-24 22:53 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-24 22:53 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-24 22:52 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-24 22:52 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-08-24 22:52 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-24 22:43 --d----- c:\windows\system32\scripting
2009-08-24 22:43 --d----- c:\windows\l2schemas
2009-08-24 22:42 --d----- c:\windows\system32\en
2009-08-24 22:42 --d----- c:\windows\system32\bits
2009-08-24 22:39 --d----- c:\windows\ServicePackFiles
2009-08-24 22:36 --d----- c:\windows\network diagnostic
2009-08-24 22:26 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-08-24 22:14 --d----- c:\windows\system32\PreInstall
2009-08-24 22:12 --d----- c:\windows\system32\SoftwareDistribution
2009-08-24 22:12 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-08-24 22:12 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-08-24 22:12 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-08-24 22:12 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-08-24 22:08 --dsh--- c:\documents and settings\emmett williamson\UserData
2009-08-24 13:35 --d----- c:\program files\Microsoft Visual Studio 8
2009-08-24 12:53 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\McAfee.com Personal Firewall
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\Intel
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\AOL
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\You've Got Pictures Screensaver
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\Protector Suite
2009-08-24 12:52 --d----- c:\documents and settings\Emmett Williamson
2009-08-24 12:51 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-08-24 12:50 2,732,032 a------- c:\windows\system32\NETw3r32.dll
2009-08-24 12:50 1,707,776 a------- c:\windows\system32\drivers\NETw3x32.sys
2009-08-24 12:50 561,152 a------- c:\windows\system32\NETw3c32.dll

==================== Find3M ====================

2009-08-24 22:45 87,447 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe

============= FINISH: 20:54:56.59 ===============

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Wed Sep 09, 2009 2:04 am

mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-27 206256]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-20 6144]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-1 11608]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-20 5888]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-1 55656]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-9-12 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-12 122368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-27 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-27 1097096]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-20 126976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-20 35968]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-12 114464]
S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-9-12 221184]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-9-12 245760]

=============== Created Last 30 ================

2009-09-05 20:51 47 a------- c:\windows\NeroDigital.ini
2009-09-02 06:50 --dsh--- c:\documents and settings\emmett williamson\IECompatCache
2009-09-02 06:48 --dsh--- c:\documents and settings\emmett williamson\PrivacIE
2009-09-02 06:41 --dsh--- c:\documents and settings\emmett williamson\IETldCache
2009-09-02 06:39 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-09-02 06:38 --d----- c:\windows\ie8updates
2009-09-02 06:37 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-09-02 06:37 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-02 06:37 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-02 06:37 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-09-02 06:37 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-02 06:37 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-02 06:31 -cd-h--- c:\windows\ie8
2009-09-01 17:38 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-01 17:38 --d----- c:\program files\Avira
2009-09-01 17:38 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-01 01:25 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-01 01:13 3,768 a------- c:\windows\machine.ver
2009-08-31 00:10 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-31 00:10 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-31 00:10 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-31 00:10 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-31 00:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-31 00:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-31 00:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-31 00:10 --d----- C:\eb33170fd857a307250e8483
2009-08-30 16:25 --d----- c:\docume~1\emmett~1\applic~1\Malwarebytes
2009-08-30 16:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 16:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-30 16:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 16:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-30 16:07 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-30 16:07 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-30 15:43 --d----- c:\documents and settings\emmett williamson\.SunDownloadManager
2009-08-30 15:24 --d----- C:\EFSTMPWP
2009-08-30 14:02 120 a------- c:\windows\Xjuzimi.dat
2009-08-29 22:06 --d----- c:\program files\MSXML 4.0
2009-08-29 21:58 --d----- c:\windows\system32\wbem\Repository
2009-08-27 21:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-27 21:26 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-27 21:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-27 21:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-27 21:26 --d----- c:\program files\common files\PC Tools
2009-08-27 21:26 --d----- c:\program files\Spyware Doctor
2009-08-27 21:26 --d----- c:\docume~1\emmett~1\applic~1\PC Tools
2009-08-27 21:26 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-08-27 21:06 --d----- c:\docume~1\emmett~1\applic~1\AVG8
2009-08-25 21:49 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-25 00:37 --d----- c:\windows\system32\XPSViewer
2009-08-24 22:58 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-24 22:56 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-24 22:56 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-24 22:55 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-24 22:55 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-24 22:55 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-24 22:53 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-08-24 22:53 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-24 22:53 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-24 22:52 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-24 22:52 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-08-24 22:52 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-24 22:43 --d----- c:\windows\system32\scripting
2009-08-24 22:43 --d----- c:\windows\l2schemas
2009-08-24 22:42 --d----- c:\windows\system32\en
2009-08-24 22:42 --d----- c:\windows\system32\bits
2009-08-24 22:39 --d----- c:\windows\ServicePackFiles
2009-08-24 22:36 --d----- c:\windows\network diagnostic
2009-08-24 22:26 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-08-24 22:14 --d----- c:\windows\system32\PreInstall
2009-08-24 22:12 --d----- c:\windows\system32\SoftwareDistribution
2009-08-24 22:12 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-08-24 22:12 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-08-24 22:12 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-08-24 22:12 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-08-24 22:08 --dsh--- c:\documents and settings\emmett williamson\UserData
2009-08-24 13:35 --d----- c:\program files\Microsoft Visual Studio 8
2009-08-24 12:53 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\McAfee.com Personal Firewall
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\Intel
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\AOL
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\You've Got Pictures Screensaver
2009-08-24 12:52 --d----- c:\docume~1\emmett~1\applic~1\Protector Suite
2009-08-24 12:52 --d----- c:\documents and settings\Emmett Williamson
2009-08-24 12:51 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-08-24 12:50 2,732,032 a------- c:\windows\system32\NETw3r32.dll
2009-08-24 12:50 1,707,776 a------- c:\windows\system32\drivers\NETw3x32.sys
2009-08-24 12:50 561,152 a------- c:\windows\system32\NETw3c32.dll

==================== Find3M ====================

2009-08-24 22:45 87,447 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe

============= FINISH: 20:54:56.59 ===============

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Wed Sep 09, 2009 2:28 pm

Hi,
Sorry I downloaded second half of DDS twice (see above). Also have virus TR/PCK.Krap.W.905-computer is freezing up when I try to run a scan from malwarebytes and antiviral simultaneously (didn't freeze before).

Are these two insidious viruses feeding off each other? I hear the snarling of jackals (that's them) in the darkness (that's my lack of computer knowledge) just outside of the hopeful light (that's you) of my slowly dying campfire (that's my computer).

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Belahzur on Wed Sep 09, 2009 6:51 pm

Hello.
Delete this file in bold:
c:\windows\Xjuzimi.dat

Does the alert say where this TR/PCK.Krap.W.905 is found?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Wed Sep 09, 2009 9:08 pm

yes local temp file...i trashed it once but back it came...antiviral says its a malware detection-and to deny access--but it keeps trying to get in

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Belahzur on Wed Sep 09, 2009 10:01 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Thu Sep 10, 2009 4:26 am

ComboFix 09-09-09.04 - Emmett Williamson 09/09/2009 23:07.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.380 [GMT -5:00]
Running from: c:\documents and settings\Emmett Williamson\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\135c26.msp
c:\windows\Installer\135c27.msp
c:\windows\Installer\135c28.msp
c:\windows\Installer\135c29.msp
c:\windows\Installer\135c2a.msp
c:\windows\Installer\135c2b.msp
c:\windows\Installer\135c2c.msp
c:\windows\Installer\135c2d.msp
c:\windows\Installer\135c2e.msp
c:\windows\Installer\161f15.msp
c:\windows\Installer\161f16.msp
c:\windows\Installer\161f17.msp
c:\windows\Installer\161f18.msp
c:\windows\Installer\161f19.msp
c:\windows\Installer\161f1a.msp
c:\windows\Installer\161f1b.msp
c:\windows\Installer\161f1c.msp
c:\windows\Installer\161f1d.msp
c:\windows\Installer\161f1e.msp
c:\windows\Installer\179359.msp
c:\windows\Installer\179363.msp
c:\windows\Installer\17936e.msp
c:\windows\Installer\317d30.msp
c:\windows\Installer\317d31.msp
c:\windows\Installer\317d32.msp
c:\windows\Installer\317d33.msp
c:\windows\Installer\317d34.msp
c:\windows\Installer\317d35.msp
c:\windows\Installer\317d36.msp
c:\windows\Installer\317d37.msp
c:\windows\Installer\317d38.msp
c:\windows\Installer\3cd846.msp
c:\windows\Installer\3cd847.msp
c:\windows\Installer\3cd848.msp
c:\windows\Installer\3cd849.msp
c:\windows\Installer\3cd84a.msp
c:\windows\Installer\3cd84b.msp
c:\windows\Installer\3cd84c.msp
c:\windows\Installer\3cd84d.msp
c:\windows\Installer\3cd84e.msp
c:\windows\Installer\3cd84f.msp
c:\windows\Installer\3e2992.msp
c:\windows\Installer\3e299c.msp
c:\windows\Installer\3e29a7.msp
c:\windows\Installer\abfb3.msp
c:\windows\system32\Drivers\fftztv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sqimjilj


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-08 22:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 22:07 . 2009-09-08 22:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\windows\Sun
2009-09-05 05:16 . 2009-09-05 05:16 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2009-09-05 05:16 . 2009-09-05 05:16 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-09-05 05:16 . 2009-09-05 05:16 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-09-02 12:03 . 2009-09-02 12:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-02 11:50 . 2009-09-02 11:50 -------- d-sh--w- c:\documents and settings\Emmett Williamson\IECompatCache
2009-09-02 11:48 . 2009-09-02 11:48 -------- d-sh--w- c:\documents and settings\Emmett Williamson\PrivacIE
2009-09-02 11:41 . 2009-09-02 11:41 -------- d-sh--w- c:\documents and settings\Emmett Williamson\IETldCache
2009-09-02 11:39 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-02 11:38 . 2009-09-10 03:31 -------- d-----w- c:\windows\ie8updates
2009-09-02 11:37 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-02 11:37 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-02 11:37 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-02 11:37 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-02 11:37 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-02 11:37 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-02 11:31 . 2009-09-02 11:37 -------- dc-h--w- c:\windows\ie8
2009-09-01 22:38 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-01 22:38 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-01 22:38 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-01 22:38 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-01 22:38 . 2009-09-01 22:38 -------- d-----w- c:\program files\Avira
2009-09-01 22:38 . 2009-09-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 05:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-31 05:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-31 05:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-31 05:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-31 05:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-31 05:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-31 05:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-31 05:10 . 2009-08-31 05:11 -------- d-----w- C:\eb33170fd857a307250e8483
2009-08-30 21:25 . 2009-08-30 21:25 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\Malwarebytes
2009-08-30 21:25 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:25 . 2009-08-30 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 21:25 . 2009-08-30 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 21:25 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:07 . 2009-08-30 21:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-30 20:43 . 2009-08-30 20:53 -------- d-----w- c:\documents and settings\Emmett Williamson\.SunDownloadManager
2009-08-30 20:24 . 2009-08-30 20:24 -------- d-----w- C:\EFSTMPWP
2009-08-30 19:02 . 2009-08-30 19:02 -------- d-----w- c:\documents and settings\Emmett Williamson\Local Settings\Application Data\{2FF80835-6515-437F-BC94-83ABE51D169E}
2009-08-30 03:06 . 2009-08-30 03:06 -------- d-----w- c:\program files\MSXML 4.0
2009-08-30 02:58 . 2009-08-30 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-28 04:04 . 2009-08-28 04:04 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\InterVideo
2009-08-28 03:35 . 2009-08-28 03:35 -------- d-----w- c:\documents and settings\Emmett Williamson\Local Settings\Application Data\Identities
2009-08-28 02:47 . 2009-08-28 02:47 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\AdobeUM
2009-08-28 02:26 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-28 02:26 . 2009-09-01 06:25 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 02:26 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-28 02:26 . 2009-09-10 04:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 02:26 . 2009-08-28 02:30 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-28 02:26 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-28 02:26 . 2009-09-10 03:52 -------- d-----w- c:\program files\Spyware Doctor
2009-08-28 02:26 . 2009-08-28 02:26 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\PC Tools
2009-08-28 02:26 . 2009-08-28 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-28 02:06 . 2009-08-28 02:06 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\AVG8
2009-08-25 05:37 . 2009-08-31 05:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-25 05:37 . 2009-08-25 05:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-25 03:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-25 03:59 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-25 03:59 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-25 03:59 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-25 03:59 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-25 03:59 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-08-25 03:59 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-25 03:59 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-25 03:59 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-25 03:59 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-25 03:59 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-25 03:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-08-25 03:56 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-25 03:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-25 03:55 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-25 03:55 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-25 03:53 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 03:53 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-25 03:53 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-25 03:52 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-25 03:52 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-25 03:43 . 2009-08-25 03:43 -------- d-----w- c:\windows\system32\scripting
2009-08-25 03:43 . 2009-08-25 03:43 -------- d-----w- c:\windows\l2schemas
2009-08-25 03:42 . 2009-08-25 03:42 -------- d-----w- c:\windows\system32\en
2009-08-25 03:42 . 2009-08-25 03:42 -------- d-----w- c:\windows\system32\bits
2009-08-25 03:39 . 2009-08-25 03:39 -------- d-----w- c:\windows\ServicePackFiles
2009-08-25 03:25 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-08-25 03:12 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-sh--w- c:\documents and settings\Emmett Williamson\UserData
2009-08-24 18:39 . 2009-08-25 05:37 -------- d-----w- c:\program files\MSBuild
2009-08-24 18:35 . 2009-08-24 18:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-24 18:33 . 2009-08-24 18:33 -------- d-----w- c:\documents and settings\Emmett Williamson\Local Settings\Application Data\Microsoft Help
2009-08-24 18:33 . 2009-08-24 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-24 17:53 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-24 17:51 . 2006-05-24 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-08-24 17:51 . 2006-05-21 17:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AOL
2009-08-24 17:51 . 2006-05-20 18:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Protector Suite
2009-08-24 17:51 . 2006-05-20 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 00:33 . 2006-05-20 18:28 -------- d-----w- c:\program files\Common Files\AOL
2009-09-09 00:28 . 2009-08-24 17:52 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\AOL
2009-09-09 00:28 . 2006-05-20 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-09-09 00:28 . 2006-05-20 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-01 06:25 . 2009-09-01 06:25 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-31 12:59 . 2006-05-20 18:35 71224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 21:07 . 2006-05-20 18:11 -------- d-----w- c:\program files\Java
2009-08-27 05:12 . 2006-09-08 23:40 -------- d-----w- c:\program files\DesktopDialer
2009-08-25 05:17 . 2006-05-20 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-08-24 18:39 . 2006-05-26 07:22 -------- d-----w- c:\program files\Microsoft Works
2009-08-24 17:51 . 2009-08-24 17:52 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-24 17:50 . 2009-08-24 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-08-24 17:50 . 2006-05-20 17:55 -------- d-----w- c:\program files\Intel
2009-08-05 09:01 . 2006-05-20 17:31 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-05-20 17:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-05-20 17:31 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2006-05-20 17:31 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2006-05-20 17:32 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-05-20 17:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-12 12:31 . 2006-05-20 17:31 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-05-20 17:31 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-25 253952]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-29 155648]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-23 86016]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2005-03-18 151552]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-21 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-04-25 315392]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-04-25 110592]
"TFncKy"="TFncKy.exe" [BU]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-10 622592]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-06-30 89541]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-5-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148149729\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/27/2009 9:26 PM 206256]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 1:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/20/2006 1:20 PM 6144]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/20/2006 1:21 PM 5888]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/1/2009 5:38 PM 108289]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/27/2009 9:26 PM 348752]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [5/20/2006 1:21 PM 126976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/20/2006 12:49 PM 35968]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-09 23:18
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(5112)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Toshiba\TME3\TMEEJME.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\program files\Apoint2K\ApntEx.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
.
**************************************************************************
.
Completion time: 2009-09-10 23:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 04:21

Pre-Run: 98,054,463,488 bytes free
Post-Run: 98,226,257,920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

406 --- E O F --- 2009-09-10 03:34

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Thu Sep 10, 2009 4:39 am

Malwarebytes' Anti-Malware 1.40
Database version: 2770
Windows 5.1.2600 Service Pack 3

9/9/2009 11:36:15 PM
mbam-log-2009-09-09 (23-36-15).txt

Scan type: Quick Scan
Objects scanned: 100281
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Belahzur on Thu Sep 10, 2009 6:46 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Sat Sep 12, 2009 7:02 am

It works much better,now ty. A little slower on startup but no virus?

Here is the log,

ComboFix 09-09-11.01 - Emmett Williamson 09/12/2009 1:49.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.501 [GMT -5:00]
Running from: c:\documents and settings\Emmett Williamson\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-08 22:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 22:07 . 2009-09-08 22:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\windows\Sun
2009-09-05 05:16 . 2009-09-05 05:16 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2009-09-05 05:16 . 2009-09-05 05:16 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-09-05 05:16 . 2009-09-05 05:16 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-09-02 12:03 . 2009-09-02 12:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-02 11:50 . 2009-09-02 11:50 -------- d-sh--w- c:\documents and settings\Emmett Williamson\IECompatCache
2009-09-02 11:48 . 2009-09-02 11:48 -------- d-sh--w- c:\documents and settings\Emmett Williamson\PrivacIE
2009-09-02 11:41 . 2009-09-02 11:41 -------- d-sh--w- c:\documents and settings\Emmett Williamson\IETldCache
2009-09-02 11:39 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-02 11:38 . 2009-09-10 03:31 -------- d-----w- c:\windows\ie8updates
2009-09-02 11:37 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-02 11:37 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-02 11:37 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-02 11:37 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-02 11:37 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-02 11:37 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-02 11:31 . 2009-09-02 11:37 -------- dc-h--w- c:\windows\ie8
2009-09-01 22:38 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-01 22:38 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-01 22:38 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-01 22:38 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-01 22:38 . 2009-09-01 22:38 -------- d-----w- c:\program files\Avira
2009-09-01 22:38 . 2009-09-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 05:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-31 05:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-31 05:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-31 05:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-31 05:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-31 05:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-31 05:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-31 05:10 . 2009-08-31 05:11 -------- d-----w- C:\eb33170fd857a307250e8483
2009-08-30 21:25 . 2009-08-30 21:25 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\Malwarebytes
2009-08-30 21:25 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:25 . 2009-08-30 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 21:25 . 2009-08-30 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 21:25 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:07 . 2009-08-30 21:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-30 20:43 . 2009-08-30 20:53 -------- d-----w- c:\documents and settings\Emmett Williamson\.SunDownloadManager
2009-08-30 20:24 . 2009-08-30 20:24 -------- d-----w- C:\EFSTMPWP
2009-08-30 19:02 . 2009-08-30 19:02 -------- d-----w- c:\documents and settings\Emmett Williamson\Local Settings\Application Data\{2FF80835-6515-437F-BC94-83ABE51D169E}
2009-08-30 03:06 . 2009-08-30 03:06 -------- d-----w- c:\program files\MSXML 4.0
2009-08-30 02:58 . 2009-08-30 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-28 04:04 . 2009-08-28 04:04 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\InterVideo
2009-08-28 03:35 . 2009-08-28 03:35 -------- d-----w- c:\documents and settings\Emmett Williamson\Local Settings\Application Data\Identities
2009-08-28 02:47 . 2009-08-28 02:47 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\AdobeUM
2009-08-28 02:26 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-28 02:26 . 2009-09-01 06:25 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 02:26 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-28 02:26 . 2009-09-12 06:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 02:26 . 2009-08-28 02:30 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-28 02:26 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-28 02:26 . 2009-09-12 02:12 -------- d-----w- c:\program files\Spyware Doctor
2009-08-28 02:26 . 2009-08-28 02:26 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\PC Tools
2009-08-28 02:26 . 2009-08-28 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-28 02:06 . 2009-08-28 02:06 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\AVG8
2009-08-25 05:37 . 2009-08-31 05:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-25 05:37 . 2009-08-25 05:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-25 03:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-25 03:59 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-25 03:59 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-25 03:59 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-25 03:59 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-25 03:59 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-08-25 03:59 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-25 03:59 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-25 03:59 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-25 03:59 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-25 03:59 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-25 03:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-08-25 03:56 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-25 03:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-25 03:55 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-25 03:55 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-25 03:53 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 03:53 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-25 03:53 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-25 03:52 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-25 03:52 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-25 03:43 . 2009-08-25 03:43 -------- d-----w- c:\windows\system32\scripting
2009-08-25 03:43 . 2009-08-25 03:43 -------- d-----w- c:\windows\l2schemas
2009-08-25 03:42 . 2009-08-25 03:42 -------- d-----w- c:\windows\system32\en
2009-08-25 03:42 . 2009-08-25 03:42 -------- d-----w- c:\windows\system32\bits
2009-08-25 03:39 . 2009-08-25 03:39 -------- d-----w- c:\windows\ServicePackFiles
2009-08-25 03:25 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-08-25 03:12 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-sh--w- c:\documents and settings\Emmett Williamson\UserData
2009-08-24 18:39 . 2009-08-25 05:37 -------- d-----w- c:\program files\MSBuild
2009-08-24 18:35 . 2009-08-24 18:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-24 18:33 . 2009-08-24 18:33 -------- d-----w- c:\documents and settings\Emmett Williamson\Local Settings\Application Data\Microsoft Help
2009-08-24 18:33 . 2009-08-24 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-24 17:53 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-24 17:51 . 2006-05-24 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-08-24 17:51 . 2006-05-21 17:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AOL
2009-08-24 17:51 . 2006-05-20 18:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Protector Suite
2009-08-24 17:51 . 2006-05-20 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 00:33 . 2006-05-20 18:28 -------- d-----w- c:\program files\Common Files\AOL
2009-09-09 00:28 . 2009-08-24 17:52 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\AOL
2009-09-09 00:28 . 2006-05-20 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-09-09 00:28 . 2006-05-20 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-01 06:25 . 2009-09-01 06:25 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-31 12:59 . 2006-05-20 18:35 71224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 21:07 . 2006-05-20 18:11 -------- d-----w- c:\program files\Java
2009-08-27 05:12 . 2006-09-08 23:40 -------- d-----w- c:\program files\DesktopDialer
2009-08-25 05:17 . 2006-05-20 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-08-24 18:39 . 2006-05-26 07:22 -------- d-----w- c:\program files\Microsoft Works
2009-08-24 17:51 . 2009-08-24 17:52 -------- d-----w- c:\documents and settings\Emmett Williamson\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-08-24 17:51 . 2009-08-24 17:51 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-24 17:50 . 2009-08-24 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-08-24 17:50 . 2006-05-20 17:55 -------- d-----w- c:\program files\Intel
2009-08-05 09:01 . 2006-05-20 17:31 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-05-20 17:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-05-20 17:31 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2006-05-20 17:31 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2006-05-20 17:32 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-05-20 17:31 915456 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-20 17:31 . 2008-04-14 00:12 92672 c:\windows\system32\dllcache\wlnotify.dll
+ 2006-05-20 17:31 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\rundll32.exe
+ 2006-05-20 17:31 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\lsass.exe
+ 2008-04-14 00:11 . 2008-04-14 00:11 19456 c:\windows\system32\dllcache\dimsntfy.dll
+ 2006-05-20 17:31 . 2009-09-12 02:14 689194 c:\windows\system32\perfh009.dat
+ 2006-05-20 17:31 . 2009-09-12 02:14 128654 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-25 253952]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-29 155648]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-23 86016]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2005-03-18 151552]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-21 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-04-25 315392]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-04-25 110592]
"TFncKy"="TFncKy.exe" [BU]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-10 622592]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-06-30 89541]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-5-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148149729\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/27/2009 9:26 PM 206256]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 1:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/20/2006 1:20 PM 6144]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/20/2006 1:21 PM 5888]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/1/2009 5:38 PM 108289]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [5/20/2006 1:21 PM 126976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/20/2006 12:49 PM 35968]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/27/2009 9:26 PM 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-12 01:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(4680)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-09-12 1:57
ComboFix-quarantined-files.txt 2009-09-12 06:56
ComboFix2.txt 2009-09-10 04:21

Pre-Run: 98,580,758,528 bytes free
Post-Run: 98,563,100,672 bytes free

309 --- E O F --- 2009-09-10 03:34

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Ebw on Sat Sep 12, 2009 7:06 am

here is the latest hijack this file, in case it's needed...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:46 AM, on 9/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Emmett Williamson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-516290368-2114724278-2145710425-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-516290368-2114724278-2145710425-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 11938 bytes

Ebw
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-08-30
OS OS : xp
Points Points : 26584
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/crypt.xpack.gen on windows xp

Post by Origin on Sat Sep 12, 2009 5:44 pm

I see Avira running there along side Mcafee. Did you intend this?

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

I would keep Avira as its way better then Mcafee and Mcafee slows down your computer.

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    Mcafee

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.



  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


  • Press "Fix Checked"
  • Close Hijack This.


How is the computer running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum