WiredWX Hobby Weather ToolsLog in

 


Win32/Cryptor

3 posters

descriptionWin32/Cryptor EmptyWin32/Cryptor

more_horiz
Hi there Geek police,

Was impressed with your previously solutions to this nasty virus. Grateful for assistance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:00, on 29/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\svchost.exe
C:\Users\Mark & Adriana\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Users\Mark & Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mark & Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mark & Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mark & Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mark & Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Users\Mark & Adriana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Spyware Doctor\update.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Users\Mark & Adriana\Documents\Downloads\winlogon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.31.89.222:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\cmds.exe,C:\Users\Mark & Adriana\AppData\Roaming\twain_x86.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark & Adriana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O4 - Global Startup: Update Agent.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://secure.storegate.com/USER/Files/Cabs/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11282 bytes

Many thanks

mday01376

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\cmds.exe,C:\Users\Mark & Adriana\AppData\Roaming\twain_x86.exe,
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Hi Belahzur,

MBAM kept freezing after 16 mins in normal Vista mode detecting only 1 infection. Restarted pc in Safe mode with networking - MBAM detected 8 infections in 5 mins or so. Log posted below.

Malwarebytes' Anti-Malware 1.39
Database version: 2533
Windows 6.0.6002 Service Pack 2

30/07/2009 20:41:43
mbam-log-2009-07-30 (20-41-43).txt

Scan type: Quick Scan
Objects scanned: 80946
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\geyekrwiigvcwd.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\GodLib (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\%windir% (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Media Index (Rogue.SmartProtector) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\System32\geyekrwiigvcwd.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\apnet.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Iexplor701.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\yvfqfno.exe (Worm.Koobface) -> Quarantined and deleted successfully.

Many thanks.

mday01376

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Win32/Cryptor CF_download_FF

Win32/Cryptor CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Hi there,

I followed instructions & allowed Combofix to run in Vista normal mode. After combofix rebooted machine, combofix window said that it was preparing report, but kept receiving error message with a variety of .exe files (e.g. Logonui.exe, Atbroker.exe, dwm.exe, explorer.exe, CF2658.exe, conime.exe, chcp.exe etc) having a bad image. The only way to make machine continue to load was to keep pressing OK button. After at least 100 error messages & clicks on OK, I stopped Combofix by clicking on X to close. Now whenever I open a program (as with Chrome to send this message) I get the following error:
Chrome.exe - Bad Image
globalroot\systemroot\system32\geyekrwiigvcwd.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or other software vendor for support.
The same message happened when I opened Notepad for the Combofix.txt
Contents below:
ComboFix 09-07-31.02 - Mark & Adriana 31/07/2009 16:29:25.1.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1223 [GMT -6:00]
Running from: C:\Users\Mark & Adriana\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\3a6341.msi
C:\WINDOWS\Installer\5fd168.msi
C:\WINDOWS\Installer\WMEncoder.msi
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\drivers\RKHit.sys
C:\Windows\System32\geyekrwiigvcwd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 03:08:23 . 2009-07-31 22:08:44 0 d-----w- C:\PROGRA~2\Spybot - Search & Destroy
2009-07-30 03:08:23 . 2009-07-30 03:08:50 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-30 02:45:01 . 2009-07-03 14:49:08 64160 ----a-w- C:\Windows\system32\drivers\Lbd.sys
2009-07-30 02:42:20 . 2009-07-30 02:42:21 0 dc-h--w- C:\PROGRA~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-30 02:41:25 . 2009-07-30 02:44:57 0 d-----w- C:\PROGRA~2\Lavasoft
2009-07-30 02:41:25 . 2009-07-30 02:41:25 0 d-----w- C:\Program Files\Lavasoft
2009-07-30 02:05:19 . 2009-07-30 02:05:19 0 d-----w- C:\Program Files\FileHippo.com
2009-07-28 11:57:27 . 2009-07-28 11:57:27 0 d-----w- C:\Users\Mark & Adriana\AppData\Roaming\Malwarebytes
2009-07-28 11:57:16 . 2009-07-13 19:36:34 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-07-28 11:57:13 . 2009-07-28 11:57:26 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-28 11:57:13 . 2009-07-28 11:57:13 0 d-----w- C:\PROGRA~2\Malwarebytes
2009-07-28 11:57:13 . 2009-07-13 19:36:12 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-07-25 04:59:40 . 2009-07-25 04:59:40 0 d-----w- C:\Users\Mark & Adriana\AppData\Local\Little_Apps_(http___www.l
2009-07-25 04:03:30 . 2009-07-25 04:58:48 0 d-----w- C:\Program Files\Common Files\Little Registry Cleaner
2009-07-25 04:03:07 . 2009-07-25 04:03:08 0 d-----w- C:\Program Files\Little Registry Cleaner
2009-07-25 03:45:21 . 2009-07-25 03:52:44 0 d-----w- C:\Program Files\Registry Clean Expert
2009-07-21 03:42:17 . 2009-07-21 03:42:17 0 d-----w- C:\Users\Mark & Adriana\AppData\Roaming\Foxit
2009-07-21 03:42:15 . 2009-07-21 03:42:15 0 d-----w- C:\Program Files\Foxit Software
2009-07-21 03:36:48 . 2009-07-21 03:36:48 0 d-----w- C:\Users\Mark & Adriana\AppData\Roaming\iExpert Software
2009-07-15 14:14:20 . 2009-07-15 14:18:38 0 d-----w- C:\PROGRA~2\Ten Thumbs Typing Tutor
2009-07-15 14:12:55 . 2009-07-15 14:12:57 0 d-----w- C:\Program Files\Ten Thumbs Typing Tutor 4.7
2009-07-14 18:06:59 . 2009-06-15 14:53:52 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-14 18:06:59 . 2009-06-15 14:52:19 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-14 18:06:59 . 2009-06-15 12:42:30 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-14 18:06:58 . 2009-06-15 14:52:42 23552 ----a-w- C:\Windows\system32\lpk.dll
2009-07-14 18:06:58 . 2009-06-15 14:51:38 10240 ----a-w- C:\Windows\system32\dciman32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 02:48:56 . 2007-12-28 00:56:14 0 d-----w- C:\PROGRA~2\Google Updater
2009-07-31 01:36:47 . 2008-09-10 07:51:12 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-30 01:48:34 . 2007-08-22 20:26:32 0 d-----w- C:\Program Files\Java
2009-07-30 01:45:28 . 2009-05-23 05:18:07 410984 ----a-w- C:\Windows\system32\deploytk.dll
2009-07-29 12:57:34 . 2008-12-03 04:01:53 0 d-----w- C:\PROGRA~2\Avg8
2009-07-21 21:52:28 . 2009-07-28 19:58:50 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-07-21 21:47:28 . 2009-07-28 19:58:46 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-07-21 21:47:27 . 2009-07-28 19:58:46 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-21 20:13:58 . 2009-07-28 19:58:46 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-21 04:00:24 . 2008-04-23 14:55:22 0 d-----w- C:\Program Files\HP
2009-07-21 03:53:40 . 2008-04-23 14:53:14 0 d-----w- C:\PROGRA~2\HP
2009-07-21 03:52:13 . 2008-06-05 02:08:37 0 d-----w- C:\Program Files\mozilla.org
2009-07-19 05:25:40 . 2007-08-22 20:03:16 0 d-----w- C:\Program Files\Google
2009-07-17 02:26:00 . 2007-12-27 13:01:56 0 d--h--w- C:\Users\Mark & Adriana\AppData\Roaming\Skype
2009-07-14 23:44:26 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-14 23:44:13 . 2007-09-19 01:18:59 0 d-----w- C:\PROGRA~2\Microsoft Help
2009-07-10 20:43:25 . 2008-12-03 04:07:39 335752 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-07-03 15:54:39 . 2009-01-27 23:48:02 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-07-03 15:54:38 . 2008-12-03 04:07:35 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-07-01 06:23:00 . 2008-10-07 23:36:26 0 d--h--w- C:\Users\Mark & Adriana\AppData\Roaming\Thinstall
2009-06-27 13:22:28 . 2008-07-28 07:26:27 0 d-----w- C:\Program Files\PhotoScape
2009-06-27 13:07:50 . 2009-05-17 21:55:33 0 d-----w- C:\Users\Mark & Adriana\AppData\Roaming\FUJIFILM
2009-06-12 03:48:27 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-06-12 03:48:23 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Sidebar
2009-06-12 03:48:22 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Collaboration
2009-06-12 03:48:21 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Journal
2009-06-12 03:48:16 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Photo Gallery
2009-06-12 03:48:06 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Defender
2009-06-12 03:42:15 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-06-12 03:29:38 . 2006-11-02 12:37:35 37665 ----a-w- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-11 01:45:40 . 2007-09-19 01:15:32 0 d-----w- C:\Program Files\Microsoft Works
2009-06-11 01:01:53 . 2009-06-11 01:01:22 0 d-----w- C:\Program Files\Paint.NET
2009-06-10 21:55:10 . 2008-12-06 04:48:15 0 d-----w- C:\PROGRA~2\Rosetta Stone
2009-06-10 20:53:55 . 2009-06-10 20:53:55 0 d-----w- C:\Program Files\Common Files\Macrovision Shared
2009-05-14 00:58:47 . 2008-12-10 01:26:48 123408 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2009-05-04 07:01:34 . 2007-08-22 19:39:43 319456 ----a-w- C:\Windows\DIFxAPI.dll
2009-05-03 14:22:56 . 2009-05-03 14:22:56 76118 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2008-05-31 13:41:13 . 2007-12-29 12:50:17 67696 ----a-w- C:\Program Files\mozilla firefox\components\jar50.dll
2008-05-31 13:41:13 . 2007-12-29 12:50:17 54376 ----a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-05-31 13:41:13 . 2007-12-29 12:50:17 34952 ----a-w- C:\Program Files\mozilla firefox\components\myspell.dll
2008-05-31 13:41:18 . 2007-12-29 12:50:18 46720 ----a-w- C:\Program Files\mozilla firefox\components\spellchk.dll
2008-05-31 13:41:18 . 2007-12-29 12:50:18 172144 ----a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll
2008-12-16 03:20:15 . 2008-12-16 02:42:28 2048 --sha-w- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-12-16 03:20:15 . 2008-12-16 02:42:28 2048 --sha-w- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 00:56:15 68856]
"Google Update"="C:\Users\Mark & Adriana\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 00:34:14 133104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 23:03:28 916240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 21:31:16 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 17:50:02 413696]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 17:39:18 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 23:49:20 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 04:01:58 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 23:32:52 538744]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 22:31:50 102400]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-07-03 15:54:32 1948440]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 21:23:08 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 16:40:36 1348904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-30 01:45:28 148888]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2009-5-17 303104]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-6-27 2641920]
Update Agent.lnk - C:\Program Files\3\3Connect\AutoUpdateSrv.exe [2009-5-3 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mark & Adriana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^realshed.old]
backupExtension=.Startup

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Hello.
The end of the log was cut off, please post the rest.

descriptionWin32/Cryptor EmptyCombfix log 1 0f 3

more_horiz
Hi there, Just re-run Combofix - this time in Safe Mode until re-boot into Normal mode. I had to continually click OK with same error as described above. Did manage to complete log though:

ComboFix 09-07-31.02 - Mark & Adriana 31/07/2009 18:10.2.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1242 [GMT -6:00]
Running from: c:\users\Mark & Adriana\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\3a6341.msi
c:\windows\Installer\5fd168.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\RKHit.sys
c:\windows\System32\geyekrwiigvcwd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-07-30 03:08 . 2009-07-31 22:08 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-30 03:08 . 2009-07-30 03:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-30 02:45 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-30 02:42 . 2009-07-30 02:42 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-30 02:41 . 2009-07-30 02:44 -------- d-----w- c:\progra~2\Lavasoft
2009-07-30 02:41 . 2009-07-30 02:41 -------- d-----w- c:\program files\Lavasoft
2009-07-30 02:05 . 2009-07-30 02:05 -------- d-----w- c:\program files\FileHippo.com
2009-07-28 11:57 . 2009-07-28 11:57 -------- d-----w- c:\users\Mark & Adriana\AppData\Roaming\Malwarebytes
2009-07-28 11:57 . 2009-07-13 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 11:57 . 2009-07-28 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 11:57 . 2009-07-28 11:57 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-28 11:57 . 2009-07-13 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 04:59 . 2009-07-25 04:59 -------- d-----w- c:\users\Mark & Adriana\AppData\Local\Little_Apps_(http___www.l
2009-07-25 04:03 . 2009-07-25 04:58 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2009-07-25 04:03 . 2009-07-25 04:03 -------- d-----w- c:\program files\Little Registry Cleaner
2009-07-25 03:45 . 2009-07-25 03:52 -------- d-----w- c:\program files\Registry Clean Expert
2009-07-21 03:42 . 2009-07-21 03:42 -------- d-----w- c:\users\Mark & Adriana\AppData\Roaming\Foxit
2009-07-21 03:42 . 2009-07-21 03:42 -------- d-----w- c:\program files\Foxit Software
2009-07-21 03:36 . 2009-07-21 03:36 -------- d-----w- c:\users\Mark & Adriana\AppData\Roaming\iExpert Software
2009-07-15 14:14 . 2009-07-15 14:18 -------- d-----w- c:\progra~2\Ten Thumbs Typing Tutor
2009-07-15 14:12 . 2009-07-15 14:12 -------- d-----w- c:\program files\Ten Thumbs Typing Tutor 4.7
2009-07-14 18:06 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 18:06 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 18:06 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 18:06 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 18:06 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 00:01 . 2008-12-03 04:01 -------- d-----w- c:\progra~2\Avg8
2009-07-31 02:48 . 2007-12-28 00:56 -------- d-----w- c:\progra~2\Google Updater
2009-07-31 01:36 . 2008-09-10 07:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 01:48 . 2007-08-22 20:26 -------- d-----w- c:\program files\Java
2009-07-30 01:45 . 2009-05-23 05:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-28 19:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 04:00 . 2008-04-23 14:55 -------- d-----w- c:\program files\HP
2009-07-21 03:53 . 2008-04-23 14:53 -------- d-----w- c:\progra~2\HP
2009-07-21 03:52 . 2008-06-05 02:08 -------- d-----w- c:\program files\mozilla.org
2009-07-19 05:25 . 2007-08-22 20:03 -------- d-----w- c:\program files\Google
2009-07-17 02:26 . 2007-12-27 13:01 -------- d--h--w- c:\users\Mark & Adriana\AppData\Roaming\Skype
2009-07-14 23:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 23:44 . 2007-09-19 01:18 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-10 20:43 . 2008-12-03 04:07 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 15:54 . 2009-01-27 23:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-03 15:54 . 2008-12-03 04:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-01 06:23 . 2008-10-07 23:36 -------- d--h--w- c:\users\Mark & Adriana\AppData\Roaming\Thinstall
2009-06-27 13:22 . 2008-07-28 07:26 -------- d-----w- c:\program files\PhotoScape
2009-06-27 13:07 . 2009-05-17 21:55 -------- d-----w- c:\users\Mark & Adriana\AppData\Roaming\FUJIFILM
2009-06-12 03:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-12 03:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-12 03:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-12 03:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-12 03:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-12 03:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-12 03:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-12 03:29 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-11 01:45 . 2007-09-19 01:15 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 01:01 . 2009-06-11 01:01 -------- d-----w- c:\program files\Paint.NET
2009-06-10 21:55 . 2008-12-06 04:48 -------- d-----w- c:\progra~2\Rosetta Stone
2009-06-10 20:53 . 2009-06-10 20:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-14 00:58 . 2008-12-10 01:26 123408 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-04 07:01 . 2007-08-22 19:39 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-03 14:22 . 2009-05-03 14:22 76118 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2008-05-31 13:41 . 2007-12-29 12:50 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-05-31 13:41 . 2007-12-29 12:50 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-31 13:41 . 2007-12-29 12:50 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-05-31 13:41 . 2007-12-29 12:50 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-05-31 13:41 . 2007-12-29 12:50 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-12-16 03:20 . 2008-12-16 02:42 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-12-16 03:20 . 2008-12-16 02:42 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-31_23.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-22 20:40 . 2009-08-01 00:59 75574 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-01 00:59 87546 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-24 21:54 . 2009-08-01 00:59 14370 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3184346778-380610952-3069833314-1000_UserData.bin
- 2007-12-24 21:42 . 2009-07-31 22:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-24 21:42 . 2009-08-01 00:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-24 21:42 . 2009-08-01 00:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-24 21:42 . 2009-07-31 22:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-24 21:42 . 2009-08-01 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-24 21:42 . 2009-07-31 22:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-22 20:49 . 2009-07-31 22:49 1678416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2007-08-22 20:49 . 2009-08-01 00:31 1678416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.

descriptionWin32/Cryptor EmptyCombofix Log 2 of 3

more_horiz
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 68856]
"Google Update"="c:\users\Mark & Adriana\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-03 1948440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-30 148888]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-5-17 303104]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-6-27 2641920]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-5-3 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mark & Adriana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^realshed.old]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):27,bf,f9,b7,11,eb,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3184346778-380610952-3069833314-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{66DD937E-AE3C-4248-8276-E03B0E662FC4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5A419130-C26E-4A4D-95D9-EA35767E4F2C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D1266DD3-3A9B-4EB2-9CE7-88D472AF7EF7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{2E15ED65-ABB2-4DDE-AE38-1D4D7D2E9AAA}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{A022D2AA-4EFE-4FDB-BA2E-1D99FE6B21EB}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{4DCE4B7C-3F06-4B9F-A0F1-8D893C290A69}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{48F8ABC9-AF9C-43D5-A12E-B134139A5FF3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{020FC91C-96A9-4C91-B3A0-F29D11107746}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6B92138C-67A5-4CBE-897A-6DF31C6689F7}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{4B71DD2E-475F-4A17-AB05-5C57A59EC1D6}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{371BF024-100B-4DE6-9863-47BC453D9E9A}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{A0F9FC39-EBE6-49EC-B900-EBFCF158336A}c:\\program files\\attractel\\zoiper\\zoiper.exe"= UDP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"UDP Query User{A1A5E757-DF8A-4A37-AAE2-0FAAEC044513}c:\\program files\\attractel\\zoiper\\zoiper.exe"= TCP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"TCP Query User{89288A4F-B931-444A-B74F-701B2BF28AC2}c:\\program files\\attractel\\zoiper\\zoiper.exe"= UDP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"UDP Query User{65127F06-2351-4BB3-B308-E0BAAA0D8C0A}c:\\program files\\attractel\\zoiper\\zoiper.exe"= TCP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"TCP Query User{F2E131E7-AD40-4103-ADD2-2DE4F67D3340}c:\\users\\mark & adriana\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\mark & adriana\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{EBBD88EB-EA08-4DCE-B9BE-AA69636D6C48}c:\\users\\mark & adriana\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\mark & adriana\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"{753889AD-EE19-4FBE-B88E-98FE2CA52320}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{AAD24E5F-CA5A-47FF-A83B-0D8A2C8D6E18}c:\\program files\\acoo browser\\acoobrowser.exe"= UDP:c:\program files\acoo browser\acoobrowser.exe:Acoo Browser
"UDP Query User{1EBE616F-AF7E-41B2-8335-E53200C5A3E8}c:\\program files\\acoo browser\\acoobrowser.exe"= TCP:c:\program files\acoo browser\acoobrowser.exe:Acoo Browser
"{726022BF-3003-4960-A583-9B25E32F0059}"= UDP:c:\program files\3\3Connect\Wilog.exe:3Connect
"{E8286F86-E4BE-4F29-A229-1837B0AD7A7A}"= TCP:c:\program files\3\3Connect\Wilog.exe:3Connect
"{4C0EF1F6-2C01-4971-ADD9-1F8DD1294879}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A4C07ECF-D017-4649-B8B2-C970E2E04BA7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{571BC4B4-0AAF-47E6-9561-18C2CFA42A97}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{40E2B9D4-F3A2-4102-9E6F-91BE519FB1EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{50A18888-BBD9-4202-B406-9FFAD309735C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5CE03319-483A-45BD-BBD7-1AD9D875D94F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AE9FABBC-3704-4057-8378-67E0D627B3BF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EE0BEC18-39EA-46C8-993C-24E184969E99}c:\\users\\mark & adriana\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\mark & adriana\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{20CEC1CB-DCB2-4582-BEC9-272E74CC827F}c:\\users\\mark & adriana\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\mark & adriana\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{722DAD41-54E8-410A-83FC-42318CE5BFCD}c:\\windows\\system32\\cmds.exe"= UDP:c:\windows\system32\cmds.exe:
"UDP Query User{44A2D863-79A0-444A-942D-FA63A34B9A3E}c:\\windows\\system32\\cmds.exe"= TCP:c:\windows\system32\cmds.exe:
"TCP Query User{D42D54D3-E89C-4E7A-A657-30B1A005C81B}c:\\users\\mark & adriana\\appdata\\roaming\\twain_x86.exe"= UDP:c:\users\mark & adriana\appdata\roaming\twain_x86.exe:twain_x86.exe
"UDP Query User{BC2A4E12-53E8-4496-B829-9256BAB54560}c:\\users\\mark & adriana\\appdata\\roaming\\twain_x86.exe"= TCP:c:\users\mark & adriana\appdata\roaming\twain_x86.exe:twain_x86.exe
"TCP Query User{5D049E69-6B76-45B3-99CA-7E59C4842937}c:\\windows\\system32\\cmds.exe"= UDP:c:\windows\system32\cmds.exe:
"UDP Query User{ED8DCD26-C8E0-4539-83F2-6B029E44A121}c:\\windows\\system32\\cmds.exe"= TCP:c:\windows\system32\cmds.exe:
"{F442AE91-7D56-4ACD-9219-9139DCE7464E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F7BB48E-7A01-41AE-962A-BCA285F5D966}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D08CA669-8B62-4611-819F-58D394FC5EE5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A400437-A316-4CBD-B140-63A06361ECE9}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29/07/2009 20:45 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02/12/2008 22:07 335752]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/01/2009 17:47 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 08:49 1029456]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [22/08/2007 13:53 7168]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [03/05/2009 23:06 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 11:08 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [28/07/2009 05:57 38160]
S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 08:51 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.

descriptionWin32/Cryptor EmptyCombofix Log 3 0f 3

more_horiz
------- Supplementary Scan -------
.
uStart Page = hxxp://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
uInternet Settings,ProxyServer = 85.31.89.222:8080
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
FF - ProfilePath - c:\users\MARK&A~1\AppData\Roaming\Mozilla\Firefox\Profiles\6optvrgw.default\
FF - prefs.js: browser.startup.homepage - hxxp://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 18:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\windows\System32\Locator.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\microsoft shared\Source Engine\OSE.EXE
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\users\Mark & Adriana\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\toshiba\IVP\ISM\Ivpsvmgr.exe
.
**************************************************************************
.
Completion time: 2009-08-01 19:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 01:31

Pre-Run: 168,577,335,296 bytes free
Post-Run: 168,607,232,000 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,5,6,7,8,9
296 --- E O F --- 2009-07-31 01:34

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
hi there,

3Connect
AC3Filter (remove only)
Acoo Browser (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Software Update
Atheros Driver Installation Program
AusLogics Disk Defrag
Avant Browser (remove only)
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
CD/DVD Drive Acoustic Silencer
Choice Guard
Compatibility Pack for the 2007 Office system
DVD MovieFactory for TOSHIBA
Eraser
Eraser
FileHippo.com Update Checker
Flickr Uploadr 3.0.5
Foxit Reader
Free Internet Eraser 2.50
Free PDF to Word Doc Converter v1.1
FUJIFILM FinePixViewer S Ver.2.1
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Huawei modem
Java(TM) 6 Update 14
Little Registry Cleaner
Malwarebytes' Anti-Malware
Maxthon2 Browser (remove only)
MediaMonkey 3.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobile Partner
Mozilla Firefox (2.0.0.14)
MP3 Player Utilities 4.17
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NewsLeecher v3.9 Final
Paint.NET v3.36
PDFCreator
PhotoScape
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Rosetta Stone 3.2
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
Skype™️ 4.0
Synaptics Pointing Device Driver
Ten Thumbs 4.7
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb971933)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WaveMax Sound Editor 3.8.7
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinRAR archiver
World of Warcraft FREE Trial
Zoiper

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Download Security Check by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionWin32/Cryptor EmptySecurity Check

more_horiz
Hi there,

Link provided did not have Security Check.zip available - only Security Check.exe file. I have downloaded that - not sure if I should run that though?

Many thanks for your patience (& prompt responses).

mday01376 Thank You!

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Yes its that file, please follow the above instructions for running that file.

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
Hello,

When I run the Security Check file, the same error message (as above)appears - this time with find.exe - bad image

On clicking OK Security Check cannot find OS1check2.txt file. After a few OKs on bad image dialogue box message in Security Check black screen is that it cannot recognise objlist.exe, uninstallist.exe or runprocesses.exe. A few more clicks on bad image OK button reveals that Security Check cannot find the file Install.txt

Strange goings on?

mday01376

descriptionWin32/Cryptor EmptyRe: Win32/Cryptor

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum