WiredWX Hobby Weather ToolsLog in

 


win32 cryptor

2 posters

descriptionwin32 cryptor Emptywin32 cryptor

more_horiz
i had the win32 cryptor used malwarebytes ithank its gone but now my sound does not work can some one help please

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:08:44, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200770641703
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: jitodiyo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: Ipefdll - {46C43316-768A-42B4-9665-2682C131058C} - C:\WINDOWS\system32\v32occab.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 14236 bytes

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O20 - AppInit_DLLs: jitodiyo.dll
    O21 - SSODL: Ipefdll - {46C43316-768A-42B4-9665-2682C131058C} - C:\WINDOWS\system32\v32occab.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
Malwarebytes' Anti-Malware 1.41
Database version: 3215
Windows 5.1.2600 Service Pack 3

11/22/2009 6:48:48 PM
mbam-log-2009-11-22 (18-48-48).txt

Scan type: Quick Scan
Objects scanned: 154025
Time elapsed: 18 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
and still know sound

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
well i thank its fixed i ran CC and it fixed the registry i got sound now thanks for your help

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
well i thought it was fixed its not

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    win32 cryptor CF_download_FF

    win32 cryptor CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    win32 cryptor Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    win32 cryptor Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
ComboFix 09-11-24.02 - Mike 11/24/2009 17:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.582 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Mike\Application Data\iniasd.txt
c:\documents and settings\Mike\Application Data\inst.exe
c:\documents and settings\Mike\Cookies\feki.ban
c:\documents and settings\Mike\Cookies\ososo._sy
c:\program files\Common Files\opyrykego.vbs
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\INSTALL.LOG
c:\windows\hojaf._sy
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004443_.tmp.dll
c:\windows\system32\_004444_.tmp.dll
c:\windows\system32\_004445_.tmp.dll
c:\windows\system32\_004446_.tmp.dll
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004448_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004456_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004462_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004471_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004474_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004501_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004514_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004522_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dataset.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\jiho.vbs
c:\windows\system32\o4Patch.exe
c:\windows\system32\payojuvi.exe
c:\windows\system32\Process.exe
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET63F.tmp
c:\windows\system32\SET75E.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sstray.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\bupehcph.job

-- Previous Run --

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-24 12:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-24 12:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 11:40 . 2009-11-24 23:53 -------- d-----w- C:\Combo-Fix
2009-11-23 15:36 . 2009-11-23 15:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-23 14:41 . 2009-11-23 14:41 119756 ----a-w- c:\windows\system32\pnpiknt.dll
2009-11-23 14:41 . 2009-11-23 14:41 2486272 ----a-w- c:\windows\system32\patalime.dll
2009-11-23 14:41 . 2009-11-23 14:41 1052672 ----a-w- c:\windows\system32\avifecat.exe
2009-11-23 14:41 . 2009-11-23 14:41 1327104 ----a-w- c:\windows\system32\vgaboipv.dll
2009-11-23 14:41 . 2009-11-23 14:41 1024000 ----a-w- c:\windows\system32\olebodev.dll
2009-11-23 02:12 . 2004-05-20 16:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-11-22 18:15 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 18:15 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 18:05 . 2009-11-22 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 17:43 . 2009-11-22 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 12:08 . 2009-11-22 12:08 -------- d-----w- c:\program files\Trend Micro
2009-11-20 01:24 . 2009-11-20 01:24 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 01:23 . 2009-11-20 01:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Mozilla
2009-11-12 23:15 . 2009-11-12 23:17 -------- d-----w- C:\$AVG
2009-11-12 23:14 . 2009-11-16 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 21:58 . 2009-11-10 21:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!
2009-11-07 02:05 . 2009-11-07 02:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 23:54 . 2008-01-19 23:16 -------- d-----w- c:\program files\Steam
2009-11-24 23:50 . 2008-07-26 13:05 154962 ----a-w- c:\windows\system32\webohker32.dll
2009-11-24 09:10 . 2009-09-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-24 09:10 . 2009-09-13 20:18 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 01:40 . 2008-01-20 14:28 -------- d-----w- c:\program files\Google
2009-11-22 18:15 . 2009-01-22 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 18:11 . 2008-01-22 01:00 -------- d-----w- c:\program files\BitLord
2009-11-22 18:09 . 2008-05-11 19:47 -------- d-----w- c:\program files\FrostWire
2009-11-22 17:47 . 2008-01-19 21:44 -------- d-----w- c:\program files\Java
2009-11-21 21:04 . 2008-02-24 15:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Vso
2009-11-16 02:53 . 2008-10-05 21:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 23:15 . 2008-08-17 12:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:15 . 2008-08-17 12:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-12 23:14 . 2008-06-08 18:02 -------- d-----w- c:\program files\AVG
2009-11-03 02:42 . 2009-10-02 17:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 03:47 . 2009-10-20 03:47 -------- d-----r- c:\documents and settings\Guest\Application Data\Brother
2009-10-20 03:30 . 2009-10-20 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\ScanSoft
2009-10-20 03:28 . 2009-10-20 03:28 -------- d-----w- c:\documents and settings\Guest\Application Data\PC-FAX TX
2009-10-14 17:29 . 2009-10-14 17:29 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-10-11 12:31 . 2009-06-11 16:24 -------- d-----w- c:\program files\Common Files\Motive
2009-10-05 04:00 . 2009-10-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 03:30 . 2008-06-18 00:05 -------- d-----w- c:\program files\Yahoo!
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-09-30 13:09 . 2009-01-22 16:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 13:17 . 2009-09-27 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 12:22 . 2009-09-27 12:22 71776 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 12:22 . 2009-09-27 12:22 -------- d-----w- c:\documents and settings\Guest\Application Data\AT&T
2009-09-25 10:54 . 2009-09-25 10:54 12911 ----a-w- c:\windows\qevasityj.dat
2009-09-25 10:54 . 2009-09-25 10:54 11669 ----a-w- c:\documents and settings\Mike\Application Data\sefu.dat
2009-09-25 10:54 . 2009-09-25 10:54 11451 ----a-w- c:\program files\Common Files\yxuxasox._sy
2009-09-25 02:36 . 2008-01-23 22:56 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-09-25 02:16 . 2008-01-23 22:59 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-09-18 12:30 . 2008-01-19 18:57 71776 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-07-26 13:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 20:42 . 2009-08-31 20:42 14892 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2007-09-16 00:28 . 2007-11-22 12:23 54512984 ----a-w- c:\program files\GoogleSketchUpProWEN.exe
2009-08-17 04:42 . 2009-08-17 04:42 3 --sha-w- c:\windows\system32\bivulota.dll
.

------- Sigcheck -------

[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" [2009-11-16 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Libancap"= {52B2767C-4F36-4CAD-A2AC-F79419FE618D} - c:\windows\system32\olebodev.dll [2009-11-23 1024000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-12 23:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\condition zero\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\zombie panic! source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of juarez - bound in blood sp demo\\CoJBiBDemo_x86.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\fuel - demo\\FUEL.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ATT-SST\\McciTrayApp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 6:35 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 6:35 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/12/2009 5:14 PM 285392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/19/2008 9:21 AM 598856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/19/2008 12:59 PM 20160]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [1/20/2008 3:56 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\cja22u8f.default\
FF - plugin: c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-serfing.sys
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuaudio.exe UninstallGUI
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe steam://uninstall/10
AddRemove-Steam App 100 - c:\program files\Steam\steam.exe steam://uninstall/100
AddRemove-Steam App 12850 - c:\program files\Steam\steam.exe steam://uninstall/12850
AddRemove-Steam App 20 - c:\program files\Steam\steam.exe steam://uninstall/20
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe steam://uninstall/215
AddRemove-Steam App 220 - c:\program files\Steam\steam.exe steam://uninstall/220
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe steam://uninstall/240
AddRemove-Steam App 30 - c:\program files\Steam\steam.exe steam://uninstall/30
AddRemove-Steam App 320 - c:\program files\Steam\steam.exe steam://uninstall/320
AddRemove-Steam App 33290 - c:\program files\Steam\steam.exe steam://uninstall/33290
AddRemove-Steam App 50 - c:\program files\Steam\steam.exe steam://uninstall/50
AddRemove-Steam App 60 - c:\program files\Steam\steam.exe steam://uninstall/60
AddRemove-Steam App 80 - c:\program files\Steam\steam.exe steam://uninstall/80



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 18:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\vgaboipv.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\delabdde\pnposmic\dborpol.dll

- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\vgaboipv.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\delabdde\pnposmic\dborpol.dll
.
Completion time: 2009-11-24 18:16
ComboFix-quarantined-files.txt 2009-11-25 00:15

Pre-Run: 68,492,820,480 bytes free
Post-Run: 68,464,914,432 bytes free

- - End Of File - - B8510F08818E223B1B75F34FAFB6049A

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\pnpiknt.dll
    c:\windows\system32\patalime.dll
    c:\windows\system32\avifecat.exe
    c:\windows\system32\vgaboipv.dll
    c:\windows\system32\olebodev.dll
    c:\windows\system32\webohker32.dll
    c:\windows\system32\bivulota.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Libancap"=-

    FCopy::
    c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    win32 cryptor Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
ComboFix 09-11-25.03 - Mike 11/25/2009 21:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.574 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\avifecat.exe"
"c:\windows\system32\bivulota.dll"
"c:\windows\system32\olebodev.dll"
"c:\windows\system32\patalime.dll"
"c:\windows\system32\pnpiknt.dll"
"c:\windows\system32\vgaboipv.dll"
"c:\windows\system32\webohker32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\avifecat.exe
c:\windows\system32\bivulota.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\patalime.dll
c:\windows\system32\pnpiknt.dll
c:\windows\system32\vgaboipv.dll
c:\windows\system32\webohker32.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 03:58 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-11-26 03:58 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-11-24 12:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-24 12:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 11:40 . 2009-11-24 23:53 -------- d-----w- C:\Combo-Fix
2009-11-23 15:36 . 2009-11-23 15:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-23 02:12 . 2004-05-20 16:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-11-22 18:15 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 18:15 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 18:05 . 2009-11-22 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 17:43 . 2009-11-22 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 12:08 . 2009-11-22 12:08 -------- d-----w- c:\program files\Trend Micro
2009-11-20 01:24 . 2009-11-20 01:24 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 01:23 . 2009-11-20 01:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Mozilla
2009-11-12 23:15 . 2009-11-12 23:17 -------- d-----w- C:\$AVG
2009-11-12 23:14 . 2009-11-16 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 21:58 . 2009-11-10 21:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!
2009-11-07 02:05 . 2009-11-07 02:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 04:20 . 2008-01-19 23:16 -------- d-----w- c:\program files\Steam
2009-11-25 09:10 . 2009-09-13 20:18 -------- d-----w- c:\program files\Microsoft Works
2009-11-25 09:03 . 2009-09-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-23 01:40 . 2008-01-20 14:28 -------- d-----w- c:\program files\Google
2009-11-22 18:15 . 2009-01-22 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 18:11 . 2008-01-22 01:00 -------- d-----w- c:\program files\BitLord
2009-11-22 18:09 . 2008-05-11 19:47 -------- d-----w- c:\program files\FrostWire
2009-11-22 17:47 . 2008-01-19 21:44 -------- d-----w- c:\program files\Java
2009-11-21 21:04 . 2008-02-24 15:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Vso
2009-11-16 02:53 . 2008-10-05 21:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 23:15 . 2008-08-17 12:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:15 . 2008-08-17 12:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-12 23:14 . 2008-06-08 18:02 -------- d-----w- c:\program files\AVG
2009-11-03 02:42 . 2009-10-02 17:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 03:47 . 2009-10-20 03:47 -------- d-----r- c:\documents and settings\Guest\Application Data\Brother
2009-10-20 03:30 . 2009-10-20 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\ScanSoft
2009-10-20 03:28 . 2009-10-20 03:28 -------- d-----w- c:\documents and settings\Guest\Application Data\PC-FAX TX
2009-10-14 17:29 . 2009-10-14 17:29 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-10-11 12:31 . 2009-06-11 16:24 -------- d-----w- c:\program files\Common Files\Motive
2009-10-05 04:00 . 2009-10-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 03:30 . 2008-06-18 00:05 -------- d-----w- c:\program files\Yahoo!
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-09-30 13:09 . 2009-01-22 16:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 13:17 . 2009-09-27 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 12:22 . 2009-09-27 12:22 71776 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 12:22 . 2009-09-27 12:22 -------- d-----w- c:\documents and settings\Guest\Application Data\AT&T
2009-09-25 10:54 . 2009-09-25 10:54 12911 ----a-w- c:\windows\qevasityj.dat
2009-09-25 10:54 . 2009-09-25 10:54 11669 ----a-w- c:\documents and settings\Mike\Application Data\sefu.dat
2009-09-25 10:54 . 2009-09-25 10:54 11451 ----a-w- c:\program files\Common Files\yxuxasox._sy
2009-09-25 02:36 . 2008-01-23 22:56 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-09-25 02:16 . 2008-01-23 22:59 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-09-18 12:30 . 2008-01-19 18:57 71776 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-07-26 13:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 20:42 . 2009-08-31 20:42 14892 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2007-09-16 00:28 . 2007-11-22 12:23 54512984 ----a-w- c:\program files\GoogleSketchUpProWEN.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-25_00.09.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 04:12 . 2009-11-26 04:12 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
- 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-07-26 13:05 . 2009-03-21 14:06 120015 c:\windows\system32\delabdde\ipxarfat.dll
+ 2008-08-30 02:06 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-06-25 22:59 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-07-26 13:05 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-04-04 23:08 . 2009-04-04 23:08 343058432 c:\windows\Installer\47a7364.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" [2009-11-16 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-12 23:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\condition zero\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\zombie panic! source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of juarez - bound in blood sp demo\\CoJBiBDemo_x86.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\fuel - demo\\FUEL.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ATT-SST\\McciTrayApp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 6:35 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 6:35 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/12/2009 5:14 PM 285392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/19/2008 9:21 AM 598856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/19/2008 12:59 PM 20160]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [1/20/2008 3:56 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\cja22u8f.default\
FF - plugin: c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-11-25 22:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 04:28
ComboFix2.txt 2009-11-25 00:16

Pre-Run: 68,018,831,360 bytes free
Post-Run: 67,939,594,240 bytes free

- - End Of File - - 7FC24674FA77902338E3A830A085FCE7

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
i do get this error when i click on sound storm by nvida Error Message: "Incorrect size returned during FXMANAGER_ALLOCATE

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
ACDSee Pro 2
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AltoMP3 Gold 5.20
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
AT&T Toolbar
AT&T Wireless Connection Tool
AVG Free 9.0
Battlefield 2142
Bonjour
Brother MFL-Pro Suite
CCleaner
Coupon Printer for Windows
Defraggler (remove only)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
DVDFab Platinum
DVDFab Platinum 2.82
DVDFab Platinum 4.0.5.5
EndItAll 2.0
GameFlood
GameSpy Comrade
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
Guild Wars
HijackThis 2.0.2
History Sweeper 2.89
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB976098-v2)
iPod To Computer Transfer 5.3
iTunes
Java(TM) 6 Update 17
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.5.5)
MSN
MSXML 6 Service Pack 2 (KB954459)
Nero 6 Ultra Edition
NVIDIA Drivers
NvMixer
PaperPort
PowerDVD
Protected Music Converter 0.99b
PunkBuster Services
QuickTime
Razer Copperhead
RzE's CS Helper
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Sid Meier's Civilization 4
SoftV92 Data Fax Modem with SmartCP
Steam
System Requirements Lab
TurboTax 2008
TurboTax 2008 waliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB973687)
Ventrilo Client
WinAVIVideoConverter
Window Washer
Windows Defender
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar

descriptionwin32 cryptor EmptyRe: win32 cryptor

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum