WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Win sys/32 cryptor virus

2 posters

descriptionWin sys/32 cryptor virus EmptyWin sys/32 cryptor virus27th June 2009, 2:26 pm

more_horiz
I need some help getting this removed.

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 2:37 pm

more_horiz
MY PROBLEM:Infection: Virus Identified Win32/Cryptor
LOCATION: Process: C:\WINDOWS\system32\svchost.exe

I did the Hijackthis and this is the report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:14 AM, on 6/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFCEFE53-3B37-4833-B037-2E5C4ACC92D6}: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFCEFE53-3B37-4833-B037-2E5C4ACC92D6}: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFCEFE53-3B37-4833-B037-2E5C4ACC92D6}: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9c8e179cb1940) (gupdate1c9c8e179cb1940) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 5:42 pm

more_horiz
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Win sys/32 cryptor virus CF_download_FF

Win sys/32 cryptor virus CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


Last edited by Belahzur on 27th June 2009, 9:00 pm; edited 1 time in total

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win sys/32 cryptor virus DXwU4
Win sys/32 cryptor virus VvYDg

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 8:55 pm

more_horiz
Maybe I'm 2 computer illiterate to even try.

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:00 pm

more_horiz
What makes you say that? Smile...

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win sys/32 cryptor virus DXwU4
Win sys/32 cryptor virus VvYDg

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:15 pm

more_horiz
ComboFix 09-06-26.02 - aarons 06/27/2009 17:05.1 - NTFSx86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6001.1.1252.1.1033.18.2036.875 [GMT -4:00]
Running from: c:\users\aarons\Pictures\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DigitalLabs
c:\program files\DigitalLabs\Uninstall.exe
c:\users\aarons\AppData\Roaming\inst.exe
c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalLabs
c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalLabs\Uninstall.lnk
c:\windows\system32\drivers\MSIVXcewispotqeyxduxbtwbpeapeqxcwcpxp.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXichbynnaolsertipqsuxxecognmgljot.dll
c:\windows\system32\MSIVXsvnqltqvirpfluprluwiexqcjbekciii.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 21:11 . 2009-06-27 21:11 -------- d-----w- c:\users\aarons\AppData\Local\temp
2009-06-27 14:35 . 2009-06-27 14:35 -------- d-----w- c:\program files\Trend Micro
2009-06-27 06:17 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-27 06:17 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-27 06:17 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-27 06:17 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-27 06:17 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-27 06:17 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-27 06:17 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-27 06:16 . 2009-06-27 06:17 -------- d-----w- c:\program files\VSO
2009-06-24 15:00 . 2009-06-24 14:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-23 16:28 . 2009-06-23 16:28 -------- d-----w- c:\users\aarons\AppData\Local\MicroVision Applications
2009-06-22 23:54 . 2009-06-22 23:54 -------- d-----w- c:\program files\DL Software
2009-06-21 03:59 . 1995-07-20 04:00 398416 ------w- c:\windows\system32\VBRUN300.DLL
2009-06-21 03:59 . 1998-11-13 08:07 704272 ----a-w- c:\windows\system32\cdo.dll
2009-06-21 03:59 . 1998-05-12 00:01 385024 ----a-w- c:\windows\system32\VBAR332.DLL
2009-06-21 03:59 . 1997-09-26 04:00 251664 ------w- c:\windows\system32\MSRD2X35.DLL
2009-06-21 03:59 . 1997-09-26 04:00 121104 ------w- c:\windows\system32\MSJINT35.DLL
2009-06-21 03:59 . 1997-09-26 04:00 1037312 ------w- c:\windows\system32\MSJET35.DLL
2009-06-21 03:59 . 1997-07-19 21:55 1347344 ------w- c:\windows\system32\MSVBVM50.DLL
2009-06-21 03:58 . 1997-09-26 04:00 404240 ------w- c:\windows\system32\MSREPL35.DLL
2009-06-21 03:58 . 1997-09-26 04:00 24336 ------w- c:\windows\system32\MSJTER35.DLL
2009-06-21 03:58 . 1997-01-24 04:00 78608 ------w- c:\windows\system32\VB5DB.DLL
2009-06-21 03:58 . 1996-12-05 04:00 77824 ------w- c:\windows\system32\ODBCTL32.DLL
2009-06-21 03:58 . 1997-05-12 21:53 314368 ----a-w- c:\windows\IsUninst.exe
2009-06-18 11:32 . 2009-06-27 20:48 -------- d-----w- C:\MDT
2009-06-18 11:30 . 2009-06-18 11:31 -------- d-----w- c:\users\aarons\AppData\Roaming\CyberLink
2009-06-18 11:30 . 2009-06-18 11:30 -------- d-----w- c:\programdata\CyberLink
2009-06-16 13:06 . 2009-06-16 13:06 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-16 13:06 . 2009-06-04 13:20 352024 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-06-16 13:06 . 2009-06-04 13:19 908568 ----a-w- c:\programdata\avg8\update\backup\avgemc.exe
2009-06-12 16:27 . 2009-06-12 16:27 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA00D.tmp.exe
2009-06-11 16:01 . 2009-06-11 16:01 -------- d-----w- c:\users\aarons\AppData\Local\AVG Security Toolbar
2009-06-10 14:08 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 21:04 . 2009-06-09 21:04 -------- d-----w- c:\programdata\vsosdk
2009-06-09 20:17 . 2009-06-27 06:17 47360 ----a-w- c:\users\aarons\AppData\Roaming\pcouffin.sys
2009-06-09 20:17 . 2009-06-09 20:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-09 20:17 . 2009-06-27 06:51 -------- d-----w- c:\users\aarons\AppData\Roaming\Vso
2009-06-05 07:14 . 2009-06-27 21:01 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 11:41 . 2009-06-11 13:22 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 11:41 . 2009-06-27 20:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-04 11:41 . 2009-06-16 13:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 11:41 . 2009-06-27 20:48 -------- d-----w- c:\programdata\avg8
2009-05-31 22:37 . 2009-05-31 22:37 -------- d-----w- c:\programdata\Downloaded Installations
2009-05-31 22:35 . 2009-05-31 22:35 -------- d-----w- c:\program files\AVG
2009-05-31 15:14 . 2009-06-23 17:14 -------- d-----w- c:\users\aarons\AppData\Local\WeatherBug
2009-05-31 15:14 . 2009-05-31 15:14 -------- d-----w- c:\users\aarons\AppData\Roaming\WeatherBug
2009-05-31 15:14 . 2009-05-31 15:14 -------- d-----w- c:\program files\AWS
2009-05-29 22:06 . 2009-06-27 20:48 -------- d-----w- c:\users\aarons\Tracing
2009-05-29 22:05 . 2009-05-29 22:05 -------- d-----w- c:\program files\Microsoft
2009-05-29 22:05 . 2009-05-29 22:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-29 22:04 . 2009-05-29 22:05 -------- d-----w- c:\program files\Windows Live
2009-05-29 22:02 . 2009-05-29 22:02 -------- d-----w- c:\program files\Common Files\Windows Live

.

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:15 pm

more_horiz
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 14:41 . 2009-05-06 14:55 -------- d-----w- c:\program files\uTorrent
2009-06-27 14:41 . 2009-04-29 15:13 -------- d-----w- c:\users\aarons\AppData\Roaming\uTorrent
2009-06-27 06:53 . 2009-04-29 15:44 -------- d-----w- c:\program files\DivX
2009-06-27 06:53 . 2009-02-07 20:05 151136729 ----a-w- c:\windows\DUMP3fec.tmp
2009-06-27 06:40 . 2008-11-25 18:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-27 03:31 . 2009-05-17 21:14 -------- d-----w- c:\users\aarons\AppData\Roaming\gtk-2.0
2009-06-24 14:59 . 2008-11-25 17:54 -------- d-----w- c:\program files\Java
2009-06-23 16:32 . 2009-04-29 15:57 -------- d-----w- c:\programdata\Roxio
2009-06-11 13:23 . 2009-06-11 13:23 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-11 13:22 . 2009-06-11 13:23 826344 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-11 13:22 . 2009-06-11 13:23 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-11 13:22 . 2009-06-11 13:23 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-11 13:22 . 2009-06-11 13:23 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-11 13:19 . 2009-06-04 13:17 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-11 07:09 . 2008-11-25 18:04 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 07:08 . 2009-04-29 15:43 -------- d-----w- c:\programdata\Microsoft Help
2009-06-09 22:26 . 2009-02-07 19:11 70176 ----a-w- c:\users\aarons\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-04 13:19 . 2009-06-04 11:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-04 13:17 . 2009-06-04 13:17 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-06-04 11:42 . 2009-06-04 13:20 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-06-04 11:42 . 2009-06-04 13:20 12936 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-06-04 11:42 . 2009-06-04 13:20 90632 ----a-w- c:\programdata\avg8\update\backup\avgtdix.sys
2009-06-04 11:41 . 2009-06-04 13:20 287000 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-06-04 11:41 . 2009-06-04 13:17 443672 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-06-04 11:41 . 2009-06-04 13:17 584472 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-04 11:39 . 2008-11-25 17:57 -------- d-----w- c:\program files\Google
2009-05-25 17:01 . 2008-11-25 17:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-17 21:12 . 2009-05-17 21:12 -------- d-----w- c:\program files\GIMP-2.0
2009-05-14 21:55 . 2009-05-14 21:55 245408 ----a-w- c:\windows\system32\unicows.dll
2009-05-13 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-04 01:00 . 2009-05-03 23:12 -------- d-----w- c:\users\aarons\AppData\Roaming\Paltalk
2009-05-03 23:14 . 2009-05-03 23:14 -------- d-----w- c:\program files\AskBarDis
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w- c:\users\aarons\AppData\Roaming\Roxio
2009-04-29 15:56 . 2008-11-25 18:06 -------- d-----w- c:\programdata\Sonic
2009-04-29 15:53 . 2009-04-29 15:50 -------- d-----w- c:\users\aarons\AppData\Roaming\DivX
2009-04-29 15:50 . 2009-04-29 15:18 -------- d-----w- c:\users\aarons\AppData\Roaming\GetRightToGo
2009-04-29 15:48 . 2009-04-29 15:48 -------- d-----w- c:\program files\Microsoft.NET
2009-04-28 04:11 . 2009-04-28 04:11 7040776 ----a-w- c:\users\aarons\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-04-24 16:05 . 2009-06-10 14:08 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 14:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 14:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:42 . 2009-06-10 14:08 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 14:08 2033152 ----a-w- c:\windows\system32\win32k.sys
2008-11-25 19:23 . 2008-11-25 19:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 15:06 365960 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-24 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-25 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-25 18:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{81186C55-8290-4E1E-85B5-69D0AD14CBA4}"= Profile=Private|c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{6E3A746A-CDF0-4A4D-8F9F-0572A747B857}"= Profile=Private|c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{425EEA46-5ADA-4A36-BF73-76B673E6DBDD}"= Disabled:c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{D9F9FCCB-04A6-4D34-8B0D-18D1FD488E56}"= Disabled:c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{551BA63F-3E78-4F4E-97F5-BE1E912BB91D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1DB5984E-7B3F-4A01-8A39-6833677F9C26}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E0BC8556-31A3-4CAE-BF8F-567EC035762A}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{3D50022B-A903-4745-BF0D-65FFE60D888B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EF17B71D-495D-40D6-B4EF-E74F46BF74EB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BAB6847C-AFD7-436B-B2DA-8355E9FA0B72}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{F4966AC4-B997-40B1-9D9B-A9C12CB4118A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{02FB4692-277D-4FF1-A94B-4B7F1FA2DCB7}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{ED706661-0A1B-46F8-ADE4-EB28E95566D0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [6/4/2009 7:42 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/4/2009 7:41 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/4/2009 7:42 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/4/2009 9:19 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/4/2009 9:20 AM 298776]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
S2 gupdate1c9c8e179cb1940;Google Update Service (gupdate1c9c8e179cb1940);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2009 11:45 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 15:44]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\aarons\AppData\Roaming\Mozilla\Firefox\Profiles\hjh50uc7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true); .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 17:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-27 17:13
ComboFix-quarantined-files.txt 2009-06-27 21:12

Pre-Run: 175,948,288,000 bytes free
Post-Run: 176,394,309,632 bytes free

243 --- E O F --- 2009-06-26 04:58

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:21 pm

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following if present:

    uTorrent
    Ask Toolbar
  • Click on the Uninstall/Change button at the top.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\DUMP3fec.tmp

Folder::
c:\program files\uTorrent
c:\users\aarons\AppData\Roaming\uTorrent
c:\program files\AskBarDis
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Win sys/32 cryptor virus Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win sys/32 cryptor virus DXwU4
Win sys/32 cryptor virus VvYDg

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:45 pm

more_horiz
ComboFix 09-06-26.02 - aarons 06/27/2009 17:30.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6001.1.1252.1.1033.18.2036.1059 [GMT -4:00]
Running from: c:\users\aarons\Desktop\Combo-Fix.exe
Command switches used :: c:\users\aarons\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\DUMP3fec.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\install.rdf
c:\program files\uTorrent
c:\users\aarons\AppData\Roaming\uTorrent
c:\users\aarons\AppData\Roaming\uTorrent\Angels.and.Demons.CAM.XviD-DEViSE.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Bj167LA.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Bj211JJ.torrent
c:\users\aarons\AppData\Roaming\uTorrent\dht.dat
c:\users\aarons\AppData\Roaming\uTorrent\dht.dat.old
c:\users\aarons\AppData\Roaming\uTorrent\DivX PRO 7.1.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Drag Me To Hell Cam v2 [Read NFO] - Lynks.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Drag.Me.to.Hell.2009.CAM.XviD-Lynks.[www.FilmsBT.com].torrent
c:\users\aarons\AppData\Roaming\uTorrent\Fighting.CAM.XViD-CAMERA.[www.FilmsBT.com].torrent
c:\users\aarons\AppData\Roaming\uTorrent\Gran.Torino.2008.DvDRip-FxM.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Jason Aldean Wide Open(commission release by carpking2007).torrent
c:\users\aarons\AppData\Roaming\uTorrent\Joey + Rory - The Life Of A Song (2008) Sudsy.torrent
c:\users\aarons\AppData\Roaming\uTorrent\KoRn.torrent
c:\users\aarons\AppData\Roaming\uTorrent\resume.dat
c:\users\aarons\AppData\Roaming\uTorrent\resume.dat.old
c:\users\aarons\AppData\Roaming\uTorrent\Rob Zombie.torrent
c:\users\aarons\AppData\Roaming\uTorrent\rss.dat
c:\users\aarons\AppData\Roaming\uTorrent\rss.dat.old
c:\users\aarons\AppData\Roaming\uTorrent\Savior Sorrow.torrent
c:\users\aarons\AppData\Roaming\uTorrent\settings.dat
c:\users\aarons\AppData\Roaming\uTorrent\settings.dat.old
c:\users\aarons\AppData\Roaming\uTorrent\Sugarland - Love On The Inside (2008) - Country [www.torrentazos.com].torrent
c:\users\aarons\AppData\Roaming\uTorrent\The International (2009) [DvdRip] [Xvid] {1337x}-Noir.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Transformers.2.Revenge.of.The.Fallen.CAM.XVID-DNB.torrent
c:\users\aarons\AppData\Roaming\uTorrent\True.Blood.S02E02.English.[DivX_09].HQ-Movie-aXXo.avi.torrent
c:\users\aarons\AppData\Roaming\uTorrent\True.Blood.S02E02.HDTV.XviD-NoTV.avi.torrent
c:\users\aarons\AppData\Roaming\uTorrent\Zac Brown Band [2008] The Foundation [MP3's@320KBPS] Country [h33t][DJ Macdaddy].torrent
c:\windows\DUMP3fec.tmp

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 21:34 . 2009-06-27 21:34 -------- d-----w- c:\users\aarons\AppData\Local\temp
2009-06-27 14:35 . 2009-06-27 14:35 -------- d-----w- c:\program files\Trend Micro
2009-06-27 06:17 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-27 06:17 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-27 06:17 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-27 06:17 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-27 06:17 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-27 06:17 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-27 06:17 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-27 06:16 . 2009-06-27 06:17 -------- d-----w- c:\program files\VSO
2009-06-24 15:00 . 2009-06-24 14:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-23 16:28 . 2009-06-23 16:28 -------- d-----w- c:\users\aarons\AppData\Local\MicroVision Applications
2009-06-22 23:54 . 2009-06-22 23:54 -------- d-----w- c:\program files\DL Software
2009-06-21 03:59 . 1995-07-20 04:00 398416 ------w- c:\windows\system32\VBRUN300.DLL
2009-06-21 03:59 . 1998-11-13 08:07 704272 ----a-w- c:\windows\system32\cdo.dll
2009-06-21 03:59 . 1998-05-12 00:01 385024 ----a-w- c:\windows\system32\VBAR332.DLL
2009-06-21 03:59 . 1997-09-26 04:00 251664 ------w- c:\windows\system32\MSRD2X35.DLL
2009-06-21 03:59 . 1997-09-26 04:00 121104 ------w- c:\windows\system32\MSJINT35.DLL
2009-06-21 03:59 . 1997-09-26 04:00 1037312 ------w- c:\windows\system32\MSJET35.DLL
2009-06-21 03:59 . 1997-07-19 21:55 1347344 ------w- c:\windows\system32\MSVBVM50.DLL
2009-06-21 03:58 . 1997-09-26 04:00 404240 ------w- c:\windows\system32\MSREPL35.DLL
2009-06-21 03:58 . 1997-09-26 04:00 24336 ------w- c:\windows\system32\MSJTER35.DLL
2009-06-21 03:58 . 1997-01-24 04:00 78608 ------w- c:\windows\system32\VB5DB.DLL
2009-06-21 03:58 . 1996-12-05 04:00 77824 ------w- c:\windows\system32\ODBCTL32.DLL
2009-06-21 03:58 . 1997-05-12 21:53 314368 ----a-w- c:\windows\IsUninst.exe
2009-06-18 11:32 . 2009-06-27 20:48 -------- d-----w- C:\MDT
2009-06-18 11:30 . 2009-06-18 11:31 -------- d-----w- c:\users\aarons\AppData\Roaming\CyberLink
2009-06-18 11:30 . 2009-06-18 11:30 -------- d-----w- c:\programdata\CyberLink
2009-06-16 13:06 . 2009-06-16 13:06 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-16 13:06 . 2009-06-04 13:20 352024 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-06-16 13:06 . 2009-06-04 13:19 908568 ----a-w- c:\programdata\avg8\update\backup\avgemc.exe
2009-06-12 16:27 . 2009-06-12 16:27 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA00D.tmp.exe
2009-06-11 16:01 . 2009-06-11 16:01 -------- d-----w- c:\users\aarons\AppData\Local\AVG Security Toolbar
2009-06-10 14:08 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 21:04 . 2009-06-09 21:04 -------- d-----w- c:\programdata\vsosdk
2009-06-09 20:17 . 2009-06-27 06:17 47360 ----a-w- c:\users\aarons\AppData\Roaming\pcouffin.sys
2009-06-09 20:17 . 2009-06-09 20:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-09 20:17 . 2009-06-27 06:51 -------- d-----w- c:\users\aarons\AppData\Roaming\Vso
2009-06-05 07:14 . 2009-06-27 21:01 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 11:41 . 2009-06-11 13:22 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 11:41 . 2009-06-27 20:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-04 11:41 . 2009-06-16 13:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 11:41 . 2009-06-27 20:48 -------- d-----w- c:\programdata\avg8
2009-05-31 22:37 . 2009-05-31 22:37 -------- d-----w- c:\programdata\Downloaded Installations
2009-05-31 22:35 . 2009-05-31 22:35 -------- d-----w- c:\program files\AVG
2009-05-31 15:14 . 2009-06-23 17:14 -------- d-----w- c:\users\aarons\AppData\Local\WeatherBug
2009-05-31 15:14 . 2009-05-31 15:14 -------- d-----w- c:\users\aarons\AppData\Roaming\WeatherBug
2009-05-31 15:14 . 2009-05-31 15:14 -------- d-----w- c:\program files\AWS
2009-05-29 22:06 . 2009-06-27 20:48 -------- d-----w- c:\users\aarons\Tracing
2009-05-29 22:05 . 2009-05-29 22:05 -------- d-----w- c:\program files\Microsoft
2009-05-29 22:05 . 2009-05-29 22:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-29 22:04 . 2009-05-29 22:05 -------- d-----w- c:\program files\Windows Live
2009-05-29 22:02 . 2009-05-29 22:02 -------- d-----w- c:\program files\Common Files\Windows Live

.

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:45 pm

more_horiz
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 06:53 . 2009-04-29 15:44 -------- d-----w- c:\program files\DivX
2009-06-27 06:40 . 2008-11-25 18:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-27 03:31 . 2009-05-17 21:14 -------- d-----w- c:\users\aarons\AppData\Roaming\gtk-2.0
2009-06-24 14:59 . 2008-11-25 17:54 -------- d-----w- c:\program files\Java
2009-06-23 16:32 . 2009-04-29 15:57 -------- d-----w- c:\programdata\Roxio
2009-06-11 13:23 . 2009-06-11 13:23 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-11 13:22 . 2009-06-11 13:23 826344 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-11 13:22 . 2009-06-11 13:23 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-11 13:22 . 2009-06-11 13:23 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-11 13:22 . 2009-06-11 13:23 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-11 13:19 . 2009-06-04 13:17 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-11 07:09 . 2008-11-25 18:04 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 07:08 . 2009-04-29 15:43 -------- d-----w- c:\programdata\Microsoft Help
2009-06-09 22:26 . 2009-02-07 19:11 70176 ----a-w- c:\users\aarons\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-04 13:19 . 2009-06-04 11:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-04 13:17 . 2009-06-04 13:17 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-06-04 11:42 . 2009-06-04 13:20 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-06-04 11:42 . 2009-06-04 13:20 12936 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-06-04 11:42 . 2009-06-04 13:20 90632 ----a-w- c:\programdata\avg8\update\backup\avgtdix.sys
2009-06-04 11:41 . 2009-06-04 13:20 287000 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-06-04 11:41 . 2009-06-04 13:17 443672 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-06-04 11:41 . 2009-06-04 13:17 584472 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-04 11:39 . 2008-11-25 17:57 -------- d-----w- c:\program files\Google
2009-05-25 17:01 . 2008-11-25 17:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-17 21:12 . 2009-05-17 21:12 -------- d-----w- c:\program files\GIMP-2.0
2009-05-14 21:55 . 2009-05-14 21:55 245408 ----a-w- c:\windows\system32\unicows.dll
2009-05-13 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-04 01:00 . 2009-05-03 23:12 -------- d-----w- c:\users\aarons\AppData\Roaming\Paltalk
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w- c:\users\aarons\AppData\Roaming\Roxio
2009-04-29 15:56 . 2008-11-25 18:06 -------- d-----w- c:\programdata\Sonic
2009-04-29 15:53 . 2009-04-29 15:50 -------- d-----w- c:\users\aarons\AppData\Roaming\DivX
2009-04-29 15:50 . 2009-04-29 15:18 -------- d-----w- c:\users\aarons\AppData\Roaming\GetRightToGo
2009-04-29 15:48 . 2009-04-29 15:48 -------- d-----w- c:\program files\Microsoft.NET
2009-04-28 04:11 . 2009-04-28 04:11 7040776 ----a-w- c:\users\aarons\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-04-24 16:05 . 2009-06-10 14:08 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 14:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 14:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:42 . 2009-06-10 14:08 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 14:08 2033152 ----a-w- c:\windows\system32\win32k.sys
2008-11-25 19:23 . 2008-11-25 19:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-24 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-25 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-25 18:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{81186C55-8290-4E1E-85B5-69D0AD14CBA4}"= Profile=Private|c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{6E3A746A-CDF0-4A4D-8F9F-0572A747B857}"= Profile=Private|c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{425EEA46-5ADA-4A36-BF73-76B673E6DBDD}"= Disabled:c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{D9F9FCCB-04A6-4D34-8B0D-18D1FD488E56}"= Disabled:c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{551BA63F-3E78-4F4E-97F5-BE1E912BB91D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1DB5984E-7B3F-4A01-8A39-6833677F9C26}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E0BC8556-31A3-4CAE-BF8F-567EC035762A}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{3D50022B-A903-4745-BF0D-65FFE60D888B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EF17B71D-495D-40D6-B4EF-E74F46BF74EB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BAB6847C-AFD7-436B-B2DA-8355E9FA0B72}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{F4966AC4-B997-40B1-9D9B-A9C12CB4118A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{02FB4692-277D-4FF1-A94B-4B7F1FA2DCB7}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{ED706661-0A1B-46F8-ADE4-EB28E95566D0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [6/4/2009 7:42 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/4/2009 7:41 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/4/2009 7:42 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/4/2009 9:19 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/4/2009 9:20 AM 298776]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
S2 gupdate1c9c8e179cb1940;Google Update Service (gupdate1c9c8e179cb1940);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2009 11:45 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 15:44]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\aarons\AppData\Roaming\Mozilla\Firefox\Profiles\hjh50uc7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true); .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 17:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-27 17:35
ComboFix-quarantined-files.txt 2009-06-27 21:35
ComboFix2.txt 2009-06-27 21:13

Pre-Run: 176,419,135,488 bytes free
Post-Run: 176,399,106,048 bytes free

272 --- E O F --- 2009-06-26 04:58

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:49 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Win sys/32 cryptor virus CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win sys/32 cryptor virus DXwU4
Win sys/32 cryptor virus VvYDg

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:52 pm

more_horiz
Its working alot better. Does this mean its removed the virus?

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus27th June 2009, 9:54 pm

more_horiz
Yep, I'd say so.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Win sys/32 cryptor virus DXwU4
Win sys/32 cryptor virus VvYDg

descriptionWin sys/32 cryptor virus EmptyRe: Win sys/32 cryptor virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum