Win32\Cryptor in a dll file

View previous topic View next topic Go down

Win32Cryptor in a dll file

Post by jojo7694 on Sun Jan 03, 2010 7:02 pm

I have the Win32\Cryptor virus on my computer. My AVG tells me that the file WINDOWS\system32\ijkkkzm.dll is infected. I have ran AVG, Malewarebytes and Superantispyware. nȯne of them remove the virus. I have manually tried to delete the file. But it tells me access is denied. I have ran all programs in regular and safe mode. Please give any advice on how to remove file/virus. Thanks

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Sun Jan 03, 2010 9:22 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Mon Jan 04, 2010 2:15 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:26, on 1/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jody Jones\Desktop\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: (no name) - {BD2993F9-8813-4A7F-A36F-9F954307EC7A} - c:\windows\system32\ijkkkzm.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON NX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE /FU "C:\WINDOWS\TEMP\E_S1FA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ydavlvfp] C:\Documents and Settings\Jody Jones\Local Settings\Application Data\rmcilo\oybxsysguard.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - [You must be registered and logged in to see this link.]
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - [You must be registered and logged in to see this link.]
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} (Orbital Launcher) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: wljcrajt - C:\WINDOWS\SYSTEM32\ijkkkzm.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 9718 bytes

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Mon Jan 04, 2010 5:16 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {BD2993F9-8813-4A7F-A36F-9F954307EC7A} - c:\windows\system32\ijkkkzm.dll
    O4 - HKCU\..\Run: [ydavlvfp] C:\Documents and Settings\Jody Jones\Local Settings\Application Data\rmcilo\oybxsysguard.exe
    O20 - Winlogon Notify: wljcrajt - C:\WINDOWS\SYSTEM32\ijkkkzm.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Mon Jan 04, 2010 10:10 pm

Malwarebytes' Anti-Malware 1.43
Database version: 3492
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 3:56:24 PM
mbam-log-2010-01-04 (15-56-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 210274
Time elapsed: 1 hour(s), 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd2993f9-8813-4a7f-a36f-9f954307ec7a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wljcrajt (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bd2993f9-8813-4a7f-a36f-9f954307ec7a} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\ijkkkzm.dll (Trojan.Vundo.H) -> Delete on reboot.

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Mon Jan 04, 2010 10:10 pm

After I reboot it is still infected.

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Mon Jan 04, 2010 11:13 pm

Hello.
Not a problem, just a rootkit hiding.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Tue Jan 05, 2010 2:39 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jody Jones at 20:37:13.12 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.56 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jody Jones\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: : {bd2993f9-8813-4a7f-a36f-9f954307ec7a} - c:\windows\system32\ijkkkzm.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON NX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S1FA.tmp" /EF "HKCU"
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\iavlsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - [You must be registered and logged in to see this link.]
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - [You must be registered and logged in to see this link.]
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - [You must be registered and logged in to see this link.]
DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
TCP: {D0BBB71A-BA7A-4321-B7B6-2BFDBAD2C796} = 75.116.127.154 75.116.63.154
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: wljcrajt - ijkkkzm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 vuqnfswt;vuqnfswt;c:\windows\system32\drivers\vuqnfswt.sys [2006-1-18 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-30 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-30 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-30 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-30 285392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-4-23 650160]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-4-23 650160]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S2 ayypprix;Microsoft USB 2.0 Enhanced Host Controller Miniport Support;c:\windows\system32\svchost.exe -k netsvcs [2006-1-18 14336]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-22 24652]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================


==================== Find3M ====================

2009-12-02 17:00:58 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-12-02 17:00:48 2118568 ----a-w- c:\windows\system32\Incinerator.dll
2009-12-01 02:33:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 02:33:43 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 02:33:36 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-08-20 04:00:34 0 ----a-w- c:\program files\temp01
2009-01-17 01:12:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011620090117\index.dat

============= FINISH: 20:37:57.64 ===============

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Tue Jan 05, 2010 2:40 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2006 2:58:15 PM
System Uptime: 1/4/2010 6:39:08 PM (2 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U1 | 1861/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 36.506 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/16/2009 10:49:51 PM - System Checkpoint
RP2: 12/17/2009 6:45:00 AM - Software Distribution Service 3.0
RP3: 12/18/2009 6:37:02 AM - Software Distribution Service 3.0
RP4: 12/19/2009 6:02:50 AM - Software Distribution Service 3.0
RP5: 12/20/2009 9:47:32 AM - Software Distribution Service 3.0
RP6: 12/20/2009 9:33:26 PM - Software Distribution Service 3.0
RP7: 12/21/2009 8:28:33 AM - Software Distribution Service 3.0
RP8: 12/22/2009 9:04:52 PM - Software Distribution Service 3.0
RP9: 12/22/2009 9:30:34 PM - Avg8 Update
RP10: 12/22/2009 9:41:11 PM - Avg8 Update
RP11: 12/22/2009 9:49:20 PM - Software Distribution Service 3.0
RP12: 12/23/2009 10:37:29 PM - System Checkpoint
RP13: 12/24/2009 3:00:46 AM - Software Distribution Service 3.0
RP14: 12/25/2009 3:00:46 AM - Software Distribution Service 3.0
RP15: 12/25/2009 10:36:51 PM - Software Distribution Service 3.0
RP16: 12/26/2009 9:54:05 PM - virus 1227
RP17: 12/27/2009 3:00:46 AM - Software Distribution Service 3.0
RP18: 12/28/2009 7:39:18 AM - Software Distribution Service 3.0
RP19: 12/29/2009 7:54:20 PM - Software Distribution Service 3.0
RP20: 12/30/2009 6:00:15 AM - Software Distribution Service 3.0
RP21: 12/31/2009 5:51:14 AM - Software Distribution Service 3.0
RP22: 1/1/2010 3:00:44 AM - Software Distribution Service 3.0
RP23: 1/1/2010 8:29:11 AM - Avg8 Update
RP24: 1/1/2010 7:54:25 PM - Software Distribution Service 3.0
RP25: 1/2/2010 10:47:27 PM - Software Distribution Service 3.0
RP26: 1/3/2010 11:20:33 PM - System Checkpoint
RP27: 1/4/2010 7:08:14 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Authentium AntiVirus SDK - 2
AVG Free 9.0
Bluetooth Stack for Windows by Toshiba
CCHelp
CCScore
CD/DVD Drive Acoustic Silencer
Cda Product Service - shared component
College Algebra
College Algebra (Fall 2009 Student Version)
CR2
Critical Update for Windows Media Player 11 (KB959772)
Digimax Master
Driver Installer
DVD-RAM Driver
Epson Easy Photo Print 2
EPSON NX100 Series Printer Uninstall
EPSON Scan
EPSON Web-To-Page
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
IOGEAR Bluetooth Software
iolo AntiVirus
iolo technologies' System Mechanic
iTunes
Java(TM) 6 Update 14
KSU
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Nokia Connectivity Adapter Cable DKU-5
Notifier
OTtBP
PCDLNCH
PrintMaster 16
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Samsung USB Driver
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SFR2
Shockwave
Sonic DLA
Sonic RecordNow!
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
ToneThis
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VZAccess Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/31/2009 5:37:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
12/30/2009 9:56:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
12/30/2009 9:56:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 9:56:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 9:56:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 9:11:37 PM, error: Service Control Manager [7023] - The dvpapi service terminated with the following error: The class is configured to run as a security id different from the caller
12/30/2009 8:58:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
12/30/2009 8:58:41 PM, error: Service Control Manager [7022] - The dvpapi service hung on starting.
12/30/2009 8:57:18 PM, error: Service Control Manager [7023] - The Microsoft USB 2.0 Enhanced Host Controller Miniport Support service terminated with the following error: The system cannot find the file specified.
12/30/2009 8:55:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/30/2009 6:16:14 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).
12/30/2009 6:13:20 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB973475).
12/30/2009 6:02:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
12/30/2009 10:03:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2009 7:57:07 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2003 (KB974554).
12/29/2009 7:55:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2003 (KB973475).
12/29/2009 2:33:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
1/2/2010 10:46:03 PM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
1/1/2010 8:04:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Tue Jan 05, 2010 3:23 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 14
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
vuqnfswt
ayypprix

Files to delete:
c:\windows\system32\drivers\vuqnfswt.sys
c:\windows\system32\ijkkkzm.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd2993f9-8813-4a7f-a36f-9f954307ec7a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wljcrajt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Tue Jan 05, 2010 5:15 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "vuqnfswt" deleted successfully.
Driver "ayypprix" deleted successfully.
File "c:\windows\system32\drivers\vuqnfswt.sys" deleted successfully.
File "c:\windows\system32\ijkkkzm.dll" deleted successfully.

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Tue Jan 05, 2010 6:14 pm

Is that the full log? please run MBAM again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Tue Jan 05, 2010 8:12 pm

That was the full log from avenger



Malwarebytes' Anti-Malware 1.43
Database version: 3492
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2010 1:56:10 PM
mbam-log-2010-01-05 (13-56-10).txt

Scan type: Quick Scan
Objects scanned: 141171
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd2993f9-8813-4a7f-a36f-9f954307ec7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wljcrajt (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd2993f9-8813-4a7f-a36f-9f954307ec7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\ijkkkzm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Tue Jan 05, 2010 8:17 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Tue Jan 05, 2010 10:41 pm

ComboFix 10-01-04.01 - Jody Jones 01/05/2010 15:07:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.213 [GMT -6:00]
Running from: c:\documents and settings\Jody Jones\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3189052832-4293742930-2107519714-1003
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\MailSwitch.ocx
c:\windows\patch.exe
c:\windows\system32\drivers\cvccwfec.sys
c:\windows\system32\mssfc.dll
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 18:55 . 2010-01-04 18:55 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 14:29 . 2009-12-23 03:41 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-01 14:29 . 2009-12-23 03:41 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-01 14:29 . 2009-12-23 03:40 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-01 04:31 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-01 04:31 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-30 23:38 . 2009-12-30 23:39 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 23:38 . 2009-12-30 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-30 15:47 . 2009-12-30 23:34 -------- d-----w- c:\documents and settings\Jody Jones\Local Settings\Application Data\rmcilo
2009-12-26 04:46 . 2009-12-26 04:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-25 04:15 . 2009-12-25 04:15 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\Malwarebytes
2009-12-25 04:15 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-25 04:15 . 2009-12-25 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-25 04:15 . 2010-01-04 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-25 04:15 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 14:05 . 2009-12-23 14:05 52224 ----a-w- c:\documents and settings\Jody Jones\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-21 04:11 . 2009-12-21 04:11 -------- d-----w- c:\program files\Trend Micro
2009-12-17 04:25 . 2009-12-17 04:25 -------- d-----w- c:\documents and settings\Jody Jones\Local Settings\Application Data\Threat Expert
2009-12-13 13:07 . 2009-12-13 13:07 -------- d-----w- c:\documents and settings\Jody Jones\Local Settings\Application Data\NOS
2009-12-11 04:45 . 2009-12-11 04:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-12-11 04:45 . 2009-12-11 04:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 16:58 . 2006-01-19 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-31 11:59 . 2009-12-01 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-23 14:05 . 2009-06-15 22:46 117760 ----a-w- c:\documents and settings\Jody Jones\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-21 04:19 . 2009-06-27 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-12-17 04:48 . 2008-08-20 04:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 03:00 . 2009-04-23 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-12-11 04:38 . 2009-06-13 13:44 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\LimeWire
2009-12-11 04:19 . 2006-01-19 04:47 -------- d-----w- c:\program files\Common Files\AOL
2009-12-04 05:03 . 2009-12-03 01:22 -------- d-----w- c:\program files\Paint.NET
2009-12-03 03:05 . 2006-08-20 20:53 130352 ----a-w- c:\documents and settings\Jody Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 17:00 . 2009-08-26 16:22 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-12-02 17:00 . 2009-04-23 15:40 2118568 ----a-w- c:\windows\system32\Incinerator.dll
2009-12-01 02:33 . 2009-12-01 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 02:33 . 2009-12-01 02:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 02:33 . 2009-12-01 02:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 02:33 . 2009-12-01 02:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 02:32 . 2008-08-19 01:11 -------- d-----w- c:\program files\AVG
2009-12-01 00:25 . 2006-01-19 04:53 -------- d-----w- c:\program files\Yahoo!
2009-12-01 00:24 . 2006-09-06 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-12-01 00:24 . 2006-09-06 03:41 -------- d--h--r- c:\documents and settings\Jody Jones\Application Data\yahoo!
2009-12-01 00:24 . 2006-08-21 01:56 -------- d-----w- c:\program files\SBC Yahoo!
2009-11-24 04:53 . 2009-11-24 04:42 -------- d-----w- c:\program files\The Ringtone Maker Plus 5
2009-11-24 04:42 . 2009-11-24 04:42 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\The Ringtone Maker Plus
2009-11-24 04:30 . 2009-11-24 04:29 -------- d-----w- c:\program files\ToneThis
2009-11-14 16:22 . 2009-04-23 15:33 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\iolo
2009-10-29 07:45 . 2006-01-19 02:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 01:48 . 2009-04-23 15:52 1541 ----a-w- c:\documents and settings\Jody Jones\Application Data\iolo\restore.bat
2009-10-21 05:38 . 2006-01-19 02:02 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-01-19 02:01 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-01-19 02:02 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-01-19 02:02 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-01-19 02:02 79872 ----a-w- c:\windows\system32\raschap.dll
2008-08-20 04:00 . 2008-08-20 04:00 0 ----a-w- c:\program files\temp01
.

------- Sigcheck -------

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-18 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-01 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToneThis
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"MDM"=2 (0x2)
"KodakCCS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\iAVEmailScanner.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61005:TCP"= 61005:TCP:@xpsp2res.dll,-22009
"10775:TCP"= 10775:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/30/2009 8:33 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/30/2009 8:33 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 9:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 72944]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/30/2009 8:32 PM 285392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/23/2009 9:40 AM 650160]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/23/2009 9:40 AM 650160]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S0 rdbhwf;rdbhwf;c:\windows\system32\drivers\hopsw.sys --> c:\windows\system32\drivers\hopsw.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 7408]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 9:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 9:42 AM 73856]
S4 ayypprix;Microsoft USB 2.0 Enhanced Host Controller Miniport Support;c:\windows\System32\svchost.exe -k netsvcs [1/18/2006 8:02 PM 14336]
S4 vuqnfswt;vuqnfswt;c:\windows\system32\drivers\vuqnfswt.sys --> c:\windows\system32\drivers\vuqnfswt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ayypprix
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - [You must be registered and logged in to see this link.]
DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-lxcgmon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-05 15:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1878090017-1304731481-1828058452-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\iavlsp.dll

- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\IOGEAR\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-01-05 15:27:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 21:27

Pre-Run: 39,126,609,920 bytes free
Post-Run: 39,324,016,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0F0A014B27C1CC62947FEEF8CDFA8CD8

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Wed Jan 06, 2010 12:11 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\documents and settings\All Users\Application Data\Viewpoint
    c:\documents and settings\Jody Jones\Application Data\LimeWire

    Driver::
    rdbhwf
    ayypprix
    vuqnfswt

    NetSvc::
    ayypprix

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    FCopy::
    c:\windows\$NtServicePackUninstall$\sfcfiles.dll | c:\windows\System32\sfcfiles.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Wed Jan 06, 2010 12:48 am

ComboFix 10-01-04.01 - Jody Jones 01/05/2010 18:26:25.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.171 [GMT -6:00]
Running from: c:\documents and settings\Jody Jones\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jody Jones\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Jody Jones\Application Data\LimeWire
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Jody Jones\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Jody Jones\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Jody Jones\Application Data\LimeWire\downloads.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Jody Jones\Application Data\LimeWire\installation.props
c:\documents and settings\Jody Jones\Application Data\LimeWire\library.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\library5.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\limewire.props
c:\documents and settings\Jody Jones\Application Data\LimeWire\mojito.props
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Jody Jones\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Jody Jones\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Jody Jones\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Jody Jones\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Jody Jones\Application Data\LimeWire\questions.props
c:\documents and settings\Jody Jones\Application Data\LimeWire\responses.cache
c:\documents and settings\Jody Jones\Application Data\LimeWire\simpp.xml
c:\documents and settings\Jody Jones\Application Data\LimeWire\spam.dat
c:\documents and settings\Jody Jones\Application Data\LimeWire\tables.props
c:\documents and settings\Jody Jones\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Jody Jones\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Jody Jones\Application Data\LimeWire\version.xml
c:\documents and settings\Jody Jones\Application Data\LimeWire\versions.props
c:\documents and settings\Jody Jones\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Jody Jones\Application Data\LimeWire\xml\data\video.sxml3

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\sfcfiles.dll --> c:\windows\System32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AYYPPRIX
-------\Legacy_RDBHWF
-------\Legacy_VUQNFSWT
-------\Service_ayypprix
-------\Service_rdbhwf
-------\Service_vuqnfswt


((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-06 00:26 . 2004-08-04 12:00 1580544 ----a-w- c:\windows\system32\sfcfiles.dll
2010-01-04 18:55 . 2010-01-04 18:55 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 14:29 . 2009-12-23 03:41 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-01 14:29 . 2009-12-23 03:41 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-01 14:29 . 2009-12-23 03:40 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-01 04:31 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-01 04:31 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-30 23:38 . 2009-12-30 23:39 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 23:38 . 2009-12-30 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-30 15:47 . 2009-12-30 23:34 -------- d-----w- c:\documents and settings\Jody Jones\Local Settings\Application Data\rmcilo
2009-12-26 04:46 . 2009-12-26 04:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-25 04:15 . 2009-12-25 04:15 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\Malwarebytes
2009-12-25 04:15 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-25 04:15 . 2009-12-25 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-25 04:15 . 2010-01-04 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-25 04:15 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 14:05 . 2009-12-23 14:05 52224 ----a-w- c:\documents and settings\Jody Jones\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-21 04:11 . 2009-12-21 04:11 -------- d-----w- c:\program files\Trend Micro
2009-12-17 04:25 . 2009-12-17 04:25 -------- d-----w- c:\documents and settings\Jody Jones\Local Settings\Application Data\Threat Expert
2009-12-13 13:07 . 2009-12-13 13:07 -------- d-----w- c:\documents and settings\Jody Jones\Local Settings\Application Data\NOS
2009-12-11 04:45 . 2009-12-11 04:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-12-11 04:45 . 2009-12-11 04:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 11:59 . 2009-12-01 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-23 14:05 . 2009-06-15 22:46 117760 ----a-w- c:\documents and settings\Jody Jones\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-21 04:19 . 2009-06-27 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-12-17 04:48 . 2008-08-20 04:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 03:00 . 2009-04-23 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-12-11 04:19 . 2006-01-19 04:47 -------- d-----w- c:\program files\Common Files\AOL
2009-12-04 05:03 . 2009-12-03 01:22 -------- d-----w- c:\program files\Paint.NET
2009-12-03 03:05 . 2006-08-20 20:53 130352 ----a-w- c:\documents and settings\Jody Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 17:00 . 2009-08-26 16:22 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-12-02 17:00 . 2009-04-23 15:40 2118568 ----a-w- c:\windows\system32\Incinerator.dll
2009-12-01 02:33 . 2009-12-01 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 02:33 . 2009-12-01 02:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 02:33 . 2009-12-01 02:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 02:33 . 2009-12-01 02:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 02:32 . 2008-08-19 01:11 -------- d-----w- c:\program files\AVG
2009-12-01 00:25 . 2006-01-19 04:53 -------- d-----w- c:\program files\Yahoo!
2009-12-01 00:24 . 2006-09-06 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-12-01 00:24 . 2006-09-06 03:41 -------- d--h--r- c:\documents and settings\Jody Jones\Application Data\yahoo!
2009-12-01 00:24 . 2006-08-21 01:56 -------- d-----w- c:\program files\SBC Yahoo!
2009-11-24 04:53 . 2009-11-24 04:42 -------- d-----w- c:\program files\The Ringtone Maker Plus 5
2009-11-24 04:42 . 2009-11-24 04:42 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\The Ringtone Maker Plus
2009-11-24 04:30 . 2009-11-24 04:29 -------- d-----w- c:\program files\ToneThis
2009-11-14 16:22 . 2009-04-23 15:33 -------- d-----w- c:\documents and settings\Jody Jones\Application Data\iolo
2009-10-29 07:45 . 2006-01-19 02:02 916480 ------w- c:\windows\system32\wininet.dll
2009-10-25 01:48 . 2009-04-23 15:52 1541 ----a-w- c:\documents and settings\Jody Jones\Application Data\iolo\restore.bat
2009-10-21 05:38 . 2006-01-19 02:02 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-01-19 02:01 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-01-19 02:02 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-01-19 02:02 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-01-19 02:02 79872 ----a-w- c:\windows\system32\raschap.dll
2008-08-20 04:00 . 2008-08-20 04:00 0 ----a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-18 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-01 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"MDM"=2 (0x2)
"KodakCCS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\iAVEmailScanner.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61005:TCP"= 61005:TCP:@xpsp2res.dll,-22009
"10775:TCP"= 10775:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/30/2009 8:33 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/30/2009 8:33 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 9:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 72944]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/30/2009 8:32 PM 285392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/23/2009 9:40 AM 650160]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/23/2009 9:40 AM 650160]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 7408]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 9:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 9:42 AM 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - [You must be registered and logged in to see this link.]
DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-05 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1878090017-1304731481-1828058452-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\iavlsp.dll

- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\IOGEAR\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-01-05 18:44:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-06 00:44
ComboFix2.txt 2010-01-05 21:27

Pre-Run: 39,334,191,104 bytes free
Post-Run: 39,290,916,864 bytes free

- - End Of File - - D993BD68A38CD11D059059A2DE2C7131

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Wed Jan 06, 2010 6:10 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by jojo7694 on Thu Jan 07, 2010 3:54 am

So far computer is running great. Thanks so much for the help

jojo7694
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-03
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32\Cryptor in a dll file

Post by Belahzur on Thu Jan 07, 2010 1:49 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum