Win 32 Cryptor Help

View previous topic View next topic Go down

Win 32 Cryptor Help

Post by retypetheanswer on Sat Dec 26, 2009 8:43 am

Hey guys I noticed other threads on this, but wanted to start a new one in case my questions got lost in the shuffle. I havent been hit too hard by cryptor so far as far as i can tell, but nȯne AVG is picking up 55 infections by the Trojan. If there is anyone that can give me any help as to how to remove this bad boy i'd be grateful. Please don't flame too hard because of my noobness haha. Thanks for any help in advance.

retypetheanswer
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-26
OS OS : Windows Vista
Points Points : 25383
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32 Cryptor Help

Post by Dr Jay on Sat Dec 26, 2009 9:53 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win 32 Cryptor Help

Post by retypetheanswer on Sat Dec 26, 2009 5:40 pm

Hey thank you for the quick reply Big Grin Here is the combofix.txt from the c drive.


ComboFix 09-12-25.05 - Laws 12/26/2009 11:29:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2044 [GMT -6:00]
Running from: c:\users\Laws\Desktop\commy.exe
Command switches used :: /stepdel
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2719679643-728849798-1463208268-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\users\Laws\AppData\Roaming\sdra64.exe
c:\$recycle.bin\S-1-5-21-2719679643-728849798-1463208268-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500\desktop.ini
C:\install.exe
c:\users\Laws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\users\Laws\AppData\Roaming\sdra64.exe
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 17:35 . 2009-12-26 17:35 -------- d-----w- c:\users\Laws\AppData\Local\temp
2009-12-26 17:35 . 2009-12-26 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-26 08:36 . 2009-12-26 08:36 -------- d-----w- c:\program files\Trend Micro
2009-12-25 20:01 . 2009-12-25 20:01 -------- d-----w- c:\users\Laws\AppData\Roaming\Malwarebytes
2009-12-25 20:01 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-25 20:01 . 2009-12-25 20:01 -------- d-----w- c:\programdata\Malwarebytes
2009-12-25 20:01 . 2009-12-25 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-25 20:01 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 17:53 . 2009-12-25 17:53 -------- d-----w- c:\users\Laws\AppData\Roaming\runic games
2009-12-25 17:49 . 2009-12-25 17:49 -------- d-----w- c:\program files\Runic Games
2009-12-24 23:38 . 2009-12-25 00:29 -------- d-----w- c:\program files\Warcraft III
2009-12-24 22:29 . 2009-12-24 22:29 -------- d-----w- c:\users\Laws\AppData\Roaming\DivX
2009-12-24 09:55 . 2009-12-24 09:56 -------- d-----w- c:\program files\Hero Editor
2009-12-24 09:55 . 2009-12-24 09:55 249856 ------w- c:\windows\Setup1.exe
2009-12-24 09:55 . 2009-12-24 09:55 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-22 20:25 . 2009-12-22 20:25 -------- d-----w- c:\program files\Rosetta Stone
2009-12-22 18:37 . 2009-12-23 00:02 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-12-22 18:37 . 2009-12-23 00:02 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-12-22 16:49 . 2009-12-22 19:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-22 16:46 . 2009-12-24 10:02 -------- d-----w- c:\program files\Diablo II
2009-12-21 18:44 . 2009-12-22 19:52 -------- d-----w- c:\programdata\FLEXnet
2009-12-21 17:56 . 2009-12-21 17:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-21 17:56 . 2009-12-23 03:26 -------- d-----w- c:\programdata\Rosetta Stone
2009-12-21 17:44 . 2009-12-24 00:33 -------- d-----w- c:\program files\7-Zip
2009-12-21 17:31 . 2009-02-25 00:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-12-21 17:31 . 2009-12-21 17:32 -------- d-----w- c:\program files\MagicDisc
2009-12-17 03:32 . 2009-12-17 03:32 8854 ----a-r- c:\users\Laws\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-12-17 03:32 . 2009-12-17 03:32 40960 ----a-r- c:\users\Laws\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-12-17 03:32 . 2009-12-17 03:32 40960 ----a-r- c:\users\Laws\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-12-17 03:32 . 2009-12-17 03:38 -------- d-----w- c:\program files\Project64 1.6
2009-12-15 19:00 . 2009-12-25 22:41 -------- d-sh--w- c:\users\Laws\AppData\Roaming\lowsec
2009-12-15 01:43 . 2009-12-15 01:43 -------- d-----w- c:\program files\Ask.com
2009-12-15 01:43 . 2009-12-15 01:43 -------- d-----w- c:\program files\uTorrent
2009-12-15 01:43 . 2009-12-26 17:04 -------- d-----w- c:\users\Laws\AppData\Roaming\uTorrent
2009-12-10 09:04 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 09:04 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 09:04 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 07:33 . 2009-12-10 07:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-10 05:38 . 2009-12-10 05:38 -------- d-----w- c:\programdata\Blizzard
2009-12-10 04:06 . 2009-12-23 03:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-09 19:26 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 19:26 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 19:26 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 19:26 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-29 09:00 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-29 01:20 . 2009-12-04 19:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-29 01:20 . 2009-11-29 01:20 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-29 00:38 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-29 00:38 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 09:24 . 2009-11-03 06:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-26 07:16 . 2009-11-03 06:04 -------- d-----w- c:\programdata\avg9
2009-12-25 19:41 . 2009-11-05 02:49 53948 ----a-w- c:\users\Laws\AppData\Roaming\nvModes.dat
2009-12-21 17:55 . 2009-11-04 03:08 -------- d-----w- c:\programdata\WinZip
2009-12-10 09:06 . 2009-11-05 05:16 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 05:16 . 2009-11-30 05:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-25 08:33 . 2009-11-03 01:39 -------- d-----w- c:\users\Laws\AppData\Roaming\Apple Computer
2009-11-25 08:14 . 2009-11-03 01:17 -------- d-----w- c:\programdata\Apple
2009-11-23 01:44 . 2009-11-03 00:20 101856 ----a-w- c:\users\Laws\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-22 09:46 . 2009-11-22 09:45 -------- d-----w- c:\users\Laws\AppData\Roaming\TheLastRipper
2009-11-22 07:21 . 2009-11-22 07:21 -------- d-----w- c:\program files\iDump (Freeware)
2009-11-22 07:19 . 2009-11-22 07:18 -------- d-----w- c:\users\Laws\AppData\Roaming\iPodtoComputer
2009-11-22 07:18 . 2009-11-22 07:18 -------- d-----w- c:\program files\Cucusoft
2009-11-20 07:51 . 2009-11-06 19:56 -------- d-----w- c:\program files\DivX
2009-11-09 17:24 . 2009-11-03 06:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-06 21:31 . 2009-11-06 21:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-06 19:56 . 2008-03-20 06:08 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-06 19:56 . 2009-11-06 19:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-05 09:03 . 2008-03-20 06:05 -------- d-----w- c:\program files\Microsoft Works
2009-11-05 09:01 . 2009-11-05 09:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-05 05:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-05 05:19 . 2009-11-05 05:19 -------- d-----w- c:\program files\Microsoft.NET
2009-11-05 05:17 . 2009-11-05 05:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-04 15:42 . 2009-11-04 03:53 -------- d-----w- c:\users\Laws\AppData\Roaming\Move Networks
2009-11-04 06:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-04 06:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-04 06:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-04 06:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-04 06:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-04 06:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-04 06:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-04 06:47 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 03:53 . 2009-11-04 03:53 127872 ----a-w- c:\users\Laws\AppData\Roaming\Move Networks\uninstall.exe
2009-11-04 03:53 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Laws\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-11-03 08:10 . 2009-11-03 06:23 -------- d-----w- c:\program files\Common Files\Stardock
2009-11-03 06:23 . 2009-11-03 06:23 -------- d-----w- c:\program files\Stardock
2009-11-03 06:08 . 2009-11-03 06:08 117760 ----a-w- c:\users\Laws\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-03 06:07 . 2009-11-03 06:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-03 06:07 . 2009-11-03 06:07 -------- d-----w- c:\users\Laws\AppData\Roaming\SUPERAntiSpyware.com
2009-11-03 06:06 . 2009-11-03 06:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-03 06:04 . 2009-11-03 06:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 06:04 . 2009-11-03 06:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 06:04 . 2009-11-03 06:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-03 06:04 . 2009-11-03 06:04 -------- d-----w- c:\program files\AVG
2009-11-03 02:09 . 2009-11-03 02:09 -------- d-----w- c:\program files\CCleaner
2009-11-03 01:39 . 2009-11-03 01:38 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-03 01:39 . 2009-11-03 01:38 -------- d-----w- c:\program files\iTunes
2009-11-03 01:38 . 2009-11-03 01:38 -------- d-----w- c:\program files\iPod
2009-11-03 01:38 . 2009-11-03 01:17 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 01:38 . 2009-11-03 01:18 -------- d-----w- c:\programdata\Apple Computer
2009-11-03 01:35 . 2009-11-03 01:35 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 01:30 . 2008-03-20 05:56 -------- d-----w- c:\programdata\Symantec
2009-11-03 01:30 . 2008-03-20 05:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-03 01:30 . 2008-03-20 06:02 -------- d-----w- c:\program files\Google
2009-11-03 01:19 . 2009-11-03 01:19 -------- d-----w- c:\program files\Bonjour
2009-11-03 01:18 . 2009-11-03 01:18 -------- d-----w- c:\program files\QuickTime
2009-11-03 01:18 . 2009-11-03 01:18 -------- d-----w- c:\program files\Apple Software Update
2009-11-03 00:49 . 2008-03-20 05:50 -------- d-----w- c:\program files\Creative
2009-11-03 00:49 . 2008-03-20 05:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 00:21 . 2008-03-20 06:15 -------- d-----w- c:\programdata\NVIDIA
2009-11-03 00:20 . 2009-11-03 00:20 -------- d--h--w- c:\users\Laws\AppData\Roaming\GTek
2009-11-03 00:15 . 2009-11-03 00:15 -------- d-sh--we c:\programdata\Templates
2009-11-03 00:15 . 2009-11-03 00:15 -------- d-sh--we c:\programdata\Start Menu
2009-11-03 00:15 . 2009-11-03 00:15 -------- d-sh--we c:\programdata\Favorites
2009-11-03 00:15 . 2009-11-03 00:15 -------- d-sh--we c:\programdata\Documents
2009-11-03 00:15 . 2009-11-03 00:15 -------- d-sh--we c:\programdata\Desktop
2009-10-01 15:29 . 2009-11-03 00:45 195440 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 20:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-15 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-11 2033432]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):89,47,a0,63,1b,5d,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/3/2009 12:04 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/3/2009 12:04 AM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [3/19/2008 6:36 PM 73728]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/3/2009 12:04 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/3/2009 12:04 AM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [3/20/2008 2:31 AM 209408]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Laws\AppData\Roaming\Mozilla\Firefox\Profiles\w2zivfvb.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\users\Laws\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-26 11:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-12-26 11:37:54
ComboFix-quarantined-files.txt 2009-12-26 17:37

Pre-Run: 163,607,969,792 bytes free
Post-Run: 163,558,825,984 bytes free

- - End Of File - - 204F28E5561DD60B639DDF38F7474AD4

retypetheanswer
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-26
OS OS : Windows Vista
Points Points : 25383
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32 Cryptor Help

Post by Dr Jay on Sat Dec 26, 2009 7:44 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win 32 Cryptor Help

Post by retypetheanswer on Sat Dec 26, 2009 11:44 pm

oops accidentally posted it twice. here is the malware bytes log. odd that it found no infections while avg finds 55?



Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/26/2009 5:42:16 PM
mbam-log-2009-12-26 (17-42-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 246706
Time elapsed: 57 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

retypetheanswer
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-26
OS OS : Windows Vista
Points Points : 25383
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win 32 Cryptor Help

Post by Dr Jay on Sun Dec 27, 2009 9:55 am

Please run the [You must be registered and logged in to see this link.]

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum