win32 cryptor

View previous topic View next topic Go down

win32 cryptor

Post by mike k on 21st November 2009, 11:47 pm

i had the win32 cryptor used malwarebytes ithank its gone but now my sound does not work can some one help please

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 22nd November 2009, 2:04 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 22nd November 2009, 12:11 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:08:44, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: jitodiyo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: Ipefdll - {46C43316-768A-42B4-9665-2682C131058C} - C:\WINDOWS\system32\v32occab.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 14236 bytes

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 22nd November 2009, 7:23 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O20 - AppInit_DLLs: jitodiyo.dll
    O21 - SSODL: Ipefdll - {46C43316-768A-42B4-9665-2682C131058C} - C:\WINDOWS\system32\v32occab.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 23rd November 2009, 12:50 am

Malwarebytes' Anti-Malware 1.41
Database version: 3215
Windows 5.1.2600 Service Pack 3

11/22/2009 6:48:48 PM
mbam-log-2009-11-22 (18-48-48).txt

Scan type: Quick Scan
Objects scanned: 154025
Time elapsed: 18 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 23rd November 2009, 1:22 am

and still know sound

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 23rd November 2009, 1:45 am

well i thank its fixed i ran CC and it fixed the registry i got sound now thanks for your help

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 23rd November 2009, 3:09 am

well i thought it was fixed its not

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 23rd November 2009, 8:38 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 25th November 2009, 12:19 am

ComboFix 09-11-24.02 - Mike 11/24/2009 17:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.582 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Mike\Application Data\iniasd.txt
c:\documents and settings\Mike\Application Data\inst.exe
c:\documents and settings\Mike\Cookies\feki.ban
c:\documents and settings\Mike\Cookies\ososo._sy
c:\program files\Common Files\opyrykego.vbs
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\INSTALL.LOG
c:\windows\hojaf._sy
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004443_.tmp.dll
c:\windows\system32\_004444_.tmp.dll
c:\windows\system32\_004445_.tmp.dll
c:\windows\system32\_004446_.tmp.dll
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004448_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004456_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004462_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004471_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004474_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004501_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004514_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004522_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dataset.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\jiho.vbs
c:\windows\system32\o4Patch.exe
c:\windows\system32\payojuvi.exe
c:\windows\system32\Process.exe
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET63F.tmp
c:\windows\system32\SET75E.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sstray.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\bupehcph.job

-- Previous Run --

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-24 12:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-24 12:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 11:40 . 2009-11-24 23:53 -------- d-----w- C:\Combo-Fix
2009-11-23 15:36 . 2009-11-23 15:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-23 14:41 . 2009-11-23 14:41 119756 ----a-w- c:\windows\system32\pnpiknt.dll
2009-11-23 14:41 . 2009-11-23 14:41 2486272 ----a-w- c:\windows\system32\patalime.dll
2009-11-23 14:41 . 2009-11-23 14:41 1052672 ----a-w- c:\windows\system32\avifecat.exe
2009-11-23 14:41 . 2009-11-23 14:41 1327104 ----a-w- c:\windows\system32\vgaboipv.dll
2009-11-23 14:41 . 2009-11-23 14:41 1024000 ----a-w- c:\windows\system32\olebodev.dll
2009-11-23 02:12 . 2004-05-20 16:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-11-22 18:15 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 18:15 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 18:05 . 2009-11-22 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 17:43 . 2009-11-22 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 12:08 . 2009-11-22 12:08 -------- d-----w- c:\program files\Trend Micro
2009-11-20 01:24 . 2009-11-20 01:24 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 01:23 . 2009-11-20 01:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Mozilla
2009-11-12 23:15 . 2009-11-12 23:17 -------- d-----w- C:\$AVG
2009-11-12 23:14 . 2009-11-16 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 21:58 . 2009-11-10 21:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!
2009-11-07 02:05 . 2009-11-07 02:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 23:54 . 2008-01-19 23:16 -------- d-----w- c:\program files\Steam
2009-11-24 23:50 . 2008-07-26 13:05 154962 ----a-w- c:\windows\system32\webohker32.dll
2009-11-24 09:10 . 2009-09-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-24 09:10 . 2009-09-13 20:18 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 01:40 . 2008-01-20 14:28 -------- d-----w- c:\program files\Google
2009-11-22 18:15 . 2009-01-22 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 18:11 . 2008-01-22 01:00 -------- d-----w- c:\program files\BitLord
2009-11-22 18:09 . 2008-05-11 19:47 -------- d-----w- c:\program files\FrostWire
2009-11-22 17:47 . 2008-01-19 21:44 -------- d-----w- c:\program files\Java
2009-11-21 21:04 . 2008-02-24 15:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Vso
2009-11-16 02:53 . 2008-10-05 21:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 23:15 . 2008-08-17 12:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:15 . 2008-08-17 12:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-12 23:14 . 2008-06-08 18:02 -------- d-----w- c:\program files\AVG
2009-11-03 02:42 . 2009-10-02 17:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 03:47 . 2009-10-20 03:47 -------- d-----r- c:\documents and settings\Guest\Application Data\Brother
2009-10-20 03:30 . 2009-10-20 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\ScanSoft
2009-10-20 03:28 . 2009-10-20 03:28 -------- d-----w- c:\documents and settings\Guest\Application Data\PC-FAX TX
2009-10-14 17:29 . 2009-10-14 17:29 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-10-11 12:31 . 2009-06-11 16:24 -------- d-----w- c:\program files\Common Files\Motive
2009-10-05 04:00 . 2009-10-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 03:30 . 2008-06-18 00:05 -------- d-----w- c:\program files\Yahoo!
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-09-30 13:09 . 2009-01-22 16:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 13:17 . 2009-09-27 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 12:22 . 2009-09-27 12:22 71776 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 12:22 . 2009-09-27 12:22 -------- d-----w- c:\documents and settings\Guest\Application Data\AT&T
2009-09-25 10:54 . 2009-09-25 10:54 12911 ----a-w- c:\windows\qevasityj.dat
2009-09-25 10:54 . 2009-09-25 10:54 11669 ----a-w- c:\documents and settings\Mike\Application Data\sefu.dat
2009-09-25 10:54 . 2009-09-25 10:54 11451 ----a-w- c:\program files\Common Files\yxuxasox._sy
2009-09-25 02:36 . 2008-01-23 22:56 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-09-25 02:16 . 2008-01-23 22:59 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-09-18 12:30 . 2008-01-19 18:57 71776 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-07-26 13:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 20:42 . 2009-08-31 20:42 14892 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2007-09-16 00:28 . 2007-11-22 12:23 54512984 ----a-w- c:\program files\GoogleSketchUpProWEN.exe
2009-08-17 04:42 . 2009-08-17 04:42 3 --sha-w- c:\windows\system32\bivulota.dll
.

------- Sigcheck -------

[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" [2009-11-16 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Libancap"= {52B2767C-4F36-4CAD-A2AC-F79419FE618D} - c:\windows\system32\olebodev.dll [2009-11-23 1024000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-12 23:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\condition zero\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\zombie panic! source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of juarez - bound in blood sp demo\\CoJBiBDemo_x86.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\fuel - demo\\FUEL.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ATT-SST\\McciTrayApp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 6:35 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 6:35 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/12/2009 5:14 PM 285392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/19/2008 9:21 AM 598856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/19/2008 12:59 PM 20160]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [1/20/2008 3:56 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - [You must be registered and logged in to see this link.]
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\cja22u8f.default\
FF - plugin: c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-serfing.sys
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuaudio.exe UninstallGUI
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 100 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 12850 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 20 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 220 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 30 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 320 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 33290 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 50 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 60 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]
AddRemove-Steam App 80 - c:\program files\Steam\steam.exe [You must be registered and logged in to see this link.]



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-24 18:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\vgaboipv.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\delabdde\pnposmic\dborpol.dll

- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\vgaboipv.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\delabdde\pnposmic\dborpol.dll
.
Completion time: 2009-11-24 18:16
ComboFix-quarantined-files.txt 2009-11-25 00:15

Pre-Run: 68,492,820,480 bytes free
Post-Run: 68,464,914,432 bytes free

- - End Of File - - B8510F08818E223B1B75F34FAFB6049A

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 25th November 2009, 1:17 am


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\pnpiknt.dll
    c:\windows\system32\patalime.dll
    c:\windows\system32\avifecat.exe
    c:\windows\system32\vgaboipv.dll
    c:\windows\system32\olebodev.dll
    c:\windows\system32\webohker32.dll
    c:\windows\system32\bivulota.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Libancap"=-

    FCopy::
    c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 26th November 2009, 4:40 am

ComboFix 09-11-25.03 - Mike 11/25/2009 21:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.574 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\avifecat.exe"
"c:\windows\system32\bivulota.dll"
"c:\windows\system32\olebodev.dll"
"c:\windows\system32\patalime.dll"
"c:\windows\system32\pnpiknt.dll"
"c:\windows\system32\vgaboipv.dll"
"c:\windows\system32\webohker32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\avifecat.exe
c:\windows\system32\bivulota.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\patalime.dll
c:\windows\system32\pnpiknt.dll
c:\windows\system32\vgaboipv.dll
c:\windows\system32\webohker32.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 03:58 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-11-26 03:58 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-11-24 12:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-24 12:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 11:40 . 2009-11-24 23:53 -------- d-----w- C:\Combo-Fix
2009-11-23 15:36 . 2009-11-23 15:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-23 02:12 . 2004-05-20 16:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-11-22 18:15 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 18:15 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 18:05 . 2009-11-22 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 17:43 . 2009-11-22 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 12:08 . 2009-11-22 12:08 -------- d-----w- c:\program files\Trend Micro
2009-11-20 01:24 . 2009-11-20 01:24 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 01:23 . 2009-11-20 01:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Mozilla
2009-11-12 23:15 . 2009-11-12 23:17 -------- d-----w- C:\$AVG
2009-11-12 23:14 . 2009-11-16 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 21:58 . 2009-11-10 21:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!
2009-11-07 02:05 . 2009-11-07 02:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 04:20 . 2008-01-19 23:16 -------- d-----w- c:\program files\Steam
2009-11-25 09:10 . 2009-09-13 20:18 -------- d-----w- c:\program files\Microsoft Works
2009-11-25 09:03 . 2009-09-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-23 01:40 . 2008-01-20 14:28 -------- d-----w- c:\program files\Google
2009-11-22 18:15 . 2009-01-22 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 18:11 . 2008-01-22 01:00 -------- d-----w- c:\program files\BitLord
2009-11-22 18:09 . 2008-05-11 19:47 -------- d-----w- c:\program files\FrostWire
2009-11-22 17:47 . 2008-01-19 21:44 -------- d-----w- c:\program files\Java
2009-11-21 21:04 . 2008-02-24 15:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Vso
2009-11-16 02:53 . 2008-10-05 21:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 23:15 . 2008-08-17 12:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:15 . 2008-08-17 12:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-12 23:14 . 2008-06-08 18:02 -------- d-----w- c:\program files\AVG
2009-11-03 02:42 . 2009-10-02 17:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 03:47 . 2009-10-20 03:47 -------- d-----r- c:\documents and settings\Guest\Application Data\Brother
2009-10-20 03:30 . 2009-10-20 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\ScanSoft
2009-10-20 03:28 . 2009-10-20 03:28 -------- d-----w- c:\documents and settings\Guest\Application Data\PC-FAX TX
2009-10-14 17:29 . 2009-10-14 17:29 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-10-11 12:31 . 2009-06-11 16:24 -------- d-----w- c:\program files\Common Files\Motive
2009-10-05 04:00 . 2009-10-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 03:30 . 2008-06-18 00:05 -------- d-----w- c:\program files\Yahoo!
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-09-30 13:09 . 2009-01-22 16:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 13:17 . 2009-09-27 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 12:22 . 2009-09-27 12:22 71776 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 12:22 . 2009-09-27 12:22 -------- d-----w- c:\documents and settings\Guest\Application Data\AT&T
2009-09-25 10:54 . 2009-09-25 10:54 12911 ----a-w- c:\windows\qevasityj.dat
2009-09-25 10:54 . 2009-09-25 10:54 11669 ----a-w- c:\documents and settings\Mike\Application Data\sefu.dat
2009-09-25 10:54 . 2009-09-25 10:54 11451 ----a-w- c:\program files\Common Files\yxuxasox._sy
2009-09-25 02:36 . 2008-01-23 22:56 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-09-25 02:16 . 2008-01-23 22:59 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-09-18 12:30 . 2008-01-19 18:57 71776 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-07-26 13:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 20:42 . 2009-08-31 20:42 14892 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2007-09-16 00:28 . 2007-11-22 12:23 54512984 ----a-w- c:\program files\GoogleSketchUpProWEN.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 04:12 . 2009-11-26 04:12 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
- 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-07-26 13:05 . 2009-03-21 14:06 120015 c:\windows\system32\delabdde\ipxarfat.dll
+ 2008-08-30 02:06 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-06-25 22:59 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-07-26 13:05 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-04-04 23:08 . 2009-04-04 23:08 343058432 c:\windows\Installer\47a7364.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" [2009-11-16 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-12 23:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\condition zero\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\zombie panic! source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of juarez - bound in blood sp demo\\CoJBiBDemo_x86.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\fuel - demo\\FUEL.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ATT-SST\\McciTrayApp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 6:35 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 6:35 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/12/2009 5:14 PM 285392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/19/2008 9:21 AM 598856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/19/2008 12:59 PM 20160]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [1/20/2008 3:56 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - [You must be registered and logged in to see this link.]
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\cja22u8f.default\
FF - plugin: c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-25 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-11-25 22:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 04:28
ComboFix2.txt 2009-11-25 00:16

Pre-Run: 68,018,831,360 bytes free
Post-Run: 67,939,594,240 bytes free

- - End Of File - - 7FC24674FA77902338E3A830A085FCE7

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 27th November 2009, 12:28 am

i do get this error when i click on sound storm by nvida Error Message: "Incorrect size returned during FXMANAGER_ALLOCATE

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 27th November 2009, 12:49 am

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 27th November 2009, 1:57 am

2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
ACDSee Pro 2
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AltoMP3 Gold 5.20
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
AT&T Toolbar
AT&T Wireless Connection Tool
AVG Free 9.0
Battlefield 2142
Bonjour
Brother MFL-Pro Suite
CCleaner
Coupon Printer for Windows
Defraggler (remove only)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
DVDFab Platinum
DVDFab Platinum 2.82
DVDFab Platinum 4.0.5.5
EndItAll 2.0
GameFlood
GameSpy Comrade
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
Guild Wars
HijackThis 2.0.2
History Sweeper 2.89
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB976098-v2)
iPod To Computer Transfer 5.3
iTunes
Java(TM) 6 Update 17
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.5.5)
MSN
MSXML 6 Service Pack 2 (KB954459)
Nero 6 Ultra Edition
NVIDIA Drivers
NvMixer
PaperPort
PowerDVD
Protected Music Converter 0.99b
PunkBuster Services
QuickTime
Razer Copperhead
RzE's CS Helper
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Sid Meier's Civilization 4
SoftV92 Data Fax Modem with SmartCP
Steam
System Requirements Lab
TurboTax 2008
TurboTax 2008 waliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB973687)
Ventrilo Client
WinAVIVideoConverter
Window Washer
Windows Defender
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 27th November 2009, 10:31 am

Okay, lets clean this up.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\BitLord
    c:\program files\FrostWire
    c:\windows\qevasityj.dat
    c:\documents and settings\Mike\Application Data\sefu.dat
    c:\program files\Common Files\yxuxasox._sy


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 27th November 2009, 2:48 pm

========== FILES ==========
c:\program files\BitLord\Torrents folder moved successfully.
c:\program files\BitLord\rules folder moved successfully.
c:\program files\BitLord\lang folder moved successfully.
c:\program files\BitLord\Downloads\wow folder moved successfully.
c:\program files\BitLord\Downloads\World of Warcraft\World of Warcraft\Data\enGB folder moved successfully.
c:\program files\BitLord\Downloads\World of Warcraft\World of Warcraft\Data folder moved successfully.
c:\program files\BitLord\Downloads\World of Warcraft\World of Warcraft folder moved successfully.
c:\program files\BitLord\Downloads\World of Warcraft folder moved successfully.
c:\program files\BitLord\Downloads\WinAVI Video Converter Standard v7.5 with serial folder moved successfully.
c:\program files\BitLord\Downloads\Transformers Revenge of the Fallen iPod Touch\Underworld Rise of the Lycans (2009)Ipod.nl.subs.NLT-Release folder moved successfully.
c:\program files\BitLord\Downloads\Transformers Revenge of the Fallen iPod Touch folder moved successfully.
c:\program files\BitLord\Downloads\PUSH folder moved successfully.
c:\program files\BitLord\Downloads\Office_2007_Aug_09 folder moved successfully.
c:\program files\BitLord\Downloads\Office 2003 SP3 folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Presence folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Physical Graffiti (Disc 2) folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Physical Graffiti (Disc 1) folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Led Zeppelin IV folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Led Zeppelin III folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Led Zeppelin II folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - In Through The Out Door folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Houses of the Holy folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - Coda folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\Led Zeppelin - 1 folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan)\2007-04 (Dec) Disc's folder moved successfully.
c:\program files\BitLord\Downloads\LED ZEPPELIN-Complete Studio Recordings(10CD)[EAC-FLAC](oan) folder moved successfully.
c:\program files\BitLord\Downloads\K-Lite mega Codec Pack + Win AVI 7.1 folder moved successfully.
c:\program files\BitLord\Downloads\Janet Evanovich - Stephanie Plum 15 - Finger Lickin' Fifteen folder moved successfully.
c:\program files\BitLord\Downloads\Janet Evanovich - Plum Spooky folder moved successfully.
c:\program files\BitLord\Downloads\IPOD FIRMAWARE 2G 3.0 GM 2 folder moved successfully.
c:\program files\BitLord\Downloads\Evanovich, Janet - Wife for Hire\Wife for Hire folder moved successfully.
c:\program files\BitLord\Downloads\Evanovich, Janet - Wife for Hire folder moved successfully.
c:\program files\BitLord\Downloads\DVDFab Platinum 5.2.3.2 folder moved successfully.
c:\program files\BitLord\Downloads\Boston\Boston_ Greatest Hits folder moved successfully.
c:\program files\BitLord\Downloads\Boston folder moved successfully.
c:\program files\BitLord\Downloads\AltoMP3 Gold CD Ripper 5.12 folder moved successfully.
c:\program files\BitLord\Downloads\ACDSee.Pro.2.v2.0.219.Incl.Keymaker folder moved successfully.
c:\program files\BitLord\Downloads\ACDSee Pro 2 v2.0.238\ACDSee.Pro.2.v2.0.238 folder moved successfully.
c:\program files\BitLord\Downloads\ACDSee Pro 2 v2.0.238 folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down\3 Doors Down - 2008-3 Doors Down folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down\3 Doors Down - 2005-Seventeen Days folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down\3 Doors Down - 2005-Let Me Go folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down\3 Doors Down - 2003-Another 700 Miles (EP) folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down\3 Doors Down - 2002-Away From The Sun folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down\3 Doors Down - 2000-The Better Life folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down\3 Doors Down folder moved successfully.
c:\program files\BitLord\Downloads\3 Doors Down folder moved successfully.
c:\program files\BitLord\Downloads folder moved successfully.
c:\program files\BitLord folder moved successfully.
c:\program files\FrostWire folder moved successfully.
c:\windows\qevasityj.dat moved successfully.
c:\documents and settings\Mike\Application Data\sefu.dat moved successfully.
c:\program files\Common Files\yxuxasox._sy moved successfully.

OTM by OldTimer - Version 3.1.2.0 log created on 11272009_084433

I also get this error / dirctsound test:failure at step 19 (user verification of software):HRESULT= 0x00000000 (error code)

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 27th November 2009, 11:25 pm

Do you the latest sound drivers installed? how long ago was it that you updated the sound drivers?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 28th November 2009, 12:29 am

i uninstalled them yesterday and then i reinstalled them

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 28th November 2009, 12:42 am

ok well power dvd has sound and so does windows media player has sound too but videos on the internet does not nore when iam on a internet game

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by mike k on 28th November 2009, 12:55 am

now it seems to be working lol i dont know but thanks a lot for the help

mike k
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-21
OS OS : xp home
Points Points : 25958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 cryptor

Post by Belahzur on 28th November 2009, 6:56 pm

Not a problem! Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum