Win 32/Cryptor Virus

February 13, 2009 at 18:02:07
Specs: Windows 2000
I am running Windows vista and cannot
connect to the internet via my laptop.
Win 32/Cryptor

How can I get rid of this virus?

See More: Win 32/Cryptor Virus

Report •

February 13, 2009 at 18:46:32
Please download Malwarebytes' Anti-Malware from one of these sites:



Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report •

February 15, 2009 at 18:52:45
Thank you for your response to my post. Sorry
I'm just now getting this done, but I've been working a lot of hours and have not been
on my computer. I really appreciate this very much..

Malwarebytes' Anti-Malware
© Malwarebytes Corporation. All rights reserved.

Version 1.34 (February 11th, 2009)

1. (FIXED) Removing registry keys with corrupt permissions.
2. (FIXED) Removal of drivers now improved.
3. (FIXED) Improved memory usage (more to come!)
4. (FIXED) Certain types of freezing during full scan.
5. (FIXED) Improved full scan times significantly.
6. (ADDED) Better detection techniques for the real-time protection module.
7. (ADDED) Directories now counted as items scanned.
8. (ADDED) Disinfection for certain USB spread infections (Conficker).
9. (ADDED) New command line parameter: /schedule (see help file).

Version 1.33 (January 14th, 2009)

1. (FIXED) Issue with Latvian language file.
2. (FIXED) Improved activation license key checking.
3. (ADDED) Safeguard to prevent users from losing scan results.
4. (ADDED) Created framework for Malwarebytes' scripting language.
5. (ADDED) Updater now has 900+ access points (mirrors).

Version 1.32 (January 4th, 2009)

1. (FIXED) Issues detecting certain types of malware.
2. (FIXED) Miscellaneous problems with heuristics.
3. (ADDED) Better detection for the Vundo infection.
4. (ADDED) Support for Latvian and Croatian languages.

Version 1.31 (December 3rd, 2008)

1. (FIXED) Minor issues with heuristics and false detections.
2. (FIXED) Improved activation license key checking.
3. (FIXED) Removal on reboot now uses RunOnce registry key.
4. (ADDED) Support for Ukrainian language.
5. (ADDED) Heuristics for newer infections.

Version 1.30 (October 22nd, 2008)

1. (FIXED) Minor issues with protection module.
2. (FIXED) Miscellaneous problems with heuristics.

Version 1.29 (October 16th, 2008)

1. (FIXED) Drastically improved heuristics detections.
2. (ADDED) Brand new protection module.
3. (ADDED) Brand new scheduler, protection no longer has to run.
4. (ADDED) Support for Greek and Macedonian languages.

Version 1.28 (September 10th, 2008)

1. (FIXED) Problem with heuristics on Windows 2000.
2. (ADDED) Better malware regeneration prevention on reboot.

Version 1.27 (September 8th, 2008)

1. (FIXED) Main window now brought to front when the scan finishes.
2. (ADDED) Function to restore broken SecurityProviders.
3. (ADDED) Associations are now checked for malicious entries.
4. (ADDED) Heuristics for common infections.
5. (ADDED) New mirror to updates.

Version 1.26 (September 2nd, 2008)

1. (FIXED) Problem repairing certain registry keys.
2. (FIXED) Converted log file names to ISO standard.
3. (FIXED) False positives on limited user accounts.
4. (ADDED) Safeguard to prevent users from losing scan results.
5. (ADDED) Brand new header logo.

Version 1.25 (August 17th, 2008)

1. (FIXED) Problem with ignore list.
2. (FIXED) Problem repairing certain registry keys.
3. (FIXED) Overflow error during removal.
4. (FIXED) Improved detection of multiple components.
5. (FIXED) Drastically improved scan speed.
6. (ADDED) Advanced technology to delete files on reboot.
7. (ADDED) Ability to run a truly silent install.
8. (ADDED) Support for Chinese Simplified, Chinese Traditional and Polish languages.

Version 1.24 (July 30th, 2008)

1. (FIXED) Problem with GUI closing after program update.
2. (FIXED) False positives with Zlob and Vundo heuristics.
3. (FIXED) Improved detection of random named BHOs.
4. (ADDED) Support for Turkish language.

Version 1.23 (July 23rd, 2008)

1. (FIXED) Minor problems with Protection Module.
2. (ADDED) New BHO heuristics.
3. (ADDED) Better heuristics for rootkit detection.
4. (ADDED) New shell extension that supports multiple file scanning.

Version 1.22 (July 20th, 2008)

1. (FIXED) Error 721 (0, 93).
2. (FIXED) Random freezing during scan.
3. (FIXED) Minor problems repairing LSA registry values.
4. (ADDED) New command line parameters: /fullscan and /fullscanterminate.

Version 1.21 (July 18th, 2008)

1. (FIXED) Problem with update hanging up application on first run.
2. (FIXED) Problem quarantining large files.
3. (FIXED) Greatly improved memory scan speed.
4. (FIXED) Updated zib.dll to latest version.
5. (ADDED) Scheduled scanning now creates log files.
6. (ADDED) Advanced heuristic detections for multiple trojans.
7. (ADDED) Direct Disk Access for enumerating folder contents.
8. (ADDED) Direct Disk Access for breaking file headers.

Version 1.20 (July 7th, 2008)

1. (FIXED) Improved overall quality of code.
2. (FIXED) Improved detection of certain malicious components.
3. (FIXED) Minor GUI inconsistencies.
4. (FIXED) Improved error handling.
5. (FIXED) Problem fixing LSP entries.
6. (FIXED) Potential for memory leaks in Protection Module.
7. (ADDED) Support for Russian language.

Version 1.19 (June 28th, 2008)

1. (FIXED) Various problems with update.
2. (FIXED) Improved Protection Module stability and speed.
3. (ADDED) Advanced detection schemes for Trojan.Vundo.
4. (ADDED) Windows version number to log file.
5. (ADDED) Support for Czech language.

Version 1.18 (June 19th, 2008)

1. (FIXED) Created new scheduling interface.
2. (FIXED) Minor glitches with Protection Module.
3. (FIXED) Problem opening help file.
4. (FIXED) System crashes during full scan.
5. (ADDED) Support for Portuguese language.

Version 1.17 (June 10th, 2008)

1. (FIXED) Problem saving certain settings.
2. (FIXED) Optimized removal functions.
3. (FIXED) Problems with scheduler.

Version 1.16 (June 9th, 2008)

1. (FIXED) Errors during scanning.
2. (FIXED) Minor problems during reboot removal.
3. (FIXED) Problems with ignore list buttons.
4. (FIXED) Errors during program unload.
5. (ADDED) Direct disk access to open and read locked files.
6. (ADDED) Ignore button to make ignoring items quicker.

Version 1.15 (June 5th, 2008)

1. (FIXED) Time delay when clicking the scan button.
2. (FIXED) Completely removed COMCTL32.OCX dependency.
3. (FIXED) Minor bug that produced rare false positives.
4. (FIXED) Quarantining files now retains their attributes.
5. (ADDED) Advanced detection of directories, registry entries and rootkits.

Version 1.14 (May 30th, 2008)

1. (FIXED) Major problem with detections.
2. (ADDED) Change log to application directory.

Version 1.13 (May 29th, 2008)

1. (FIXED) Problems with progress bar flickering on Vista.
2. (FIXED) Minor bugs when trying to update multiple times.
3. (FIXED) Problems registering product on Unicode systems.
4. (FIXED) Highly optimized GUID scanning.
5. (ADDED) Support for Slovak and Norwegian languages.
6. (ADDED) Log file name and save date to log file.
7. (ADDED) Better detection for Vundo leftovers.
8. (ADDED) Better rootkit detection with heuristics.
9. (ADDED) New command line parameter: /register. See help file.

Version 1.12 (May 5th, 2008)

1. (FIXED) Improved detection of new malware.
2. (FIXED) Minor changes to help file.
3. (FIXED) Dramatically improved Protection Module loading speed.
4. (FIXED) Minor improvements to scanning speed.
5. (FIXED) Moved drivers to proper locations.
6. (ADDED) Support for Danish language.
7. (ADDED) Registry permission fixing code.

Version 1.11 (April 7th, 2008)

1. (FIXED) Problem restoring items from quarantine.
2. (FIXED) Problem with detecting autorun entries.
3. (FIXED) Problem removing certain registry values.
4. (FIXED) Full scan selects only fixed drives as default.
5. (FIXED) Redesigned about form.

Version 1.10 (April 1st, 2008)

1. (FIXED) Installer missing Romanian translation.
2. (FIXED) Minor problem during memory scan.
3. (FIXED) Improved service scanning techniques.
4. (FIXED) Problems removing certain registry values.
5. (FIXED) Dramatically improved Protection Module speed.
6. (FIXED) Scheduler problems with Protection Module.
7. (ADDED) Advanced file scanning methods.
8. (ADDED) DNS checking and fixing.

Version 1.09 (March 19th, 2008)

1. (FIXED) CD-ROM and Network drives not checked by default.
2. (FIXED) Minor optimizations in Protection Module.
3. (ADDED) Jump to Location option to results list right click menu.
4. (ADDED) Support for Romanian language.
5. (ADDED) New main application icon.
6. (REMOVED) Splash form on program start.

Version 1.08 (March 9th, 2008)

1. (FIXED) Problem creating quick launch icon.
2. (FIXED) Program not closing properly.
3. (FIXED) Errors 708/730 on Unicode systems after update.
4. (FIXED) Problems with Protection Module recognizing updates.
5. (ADDED) Support for Finnish language.
6. (ADDED) Database update after program update.

Version 1.07 (March 5th, 2008)

1. (FIXED) Items in Swedish translation.
2. (FIXED) Minor problems with scanner.

Version 1.06 (March 4th, 2008)

1. (FIXED) Improved certain trojan detections.
2. (FIXED) Problems with Internet Explorer termination.
3. (FIXED) Problems with 0kb files. See CatchMe addition below.
4. (FIXED) Problems loading certain settings.
5. (FIXED) Problems starting scanner from Protection Module.
6. (FIXED) Problems with registration information with limited users.
7. (ADDED) Support for Catalan and Bulgarian languages.
8. (ADDED) Direct disk access using CatchMe.
9. (ADDED) Start with Windows setting to Protection tab.

Version 1.05 (February 21st, 2008)

1. (FIXED) Faster response to scan abort.
2. (FIXED) Minor bug detecting registry values.
3. (FIXED) Better uninstall support.
4. (FIXED) Better abort scan cleanup.
5. (ADDED) Improved Zlob detection.

Version 1.04 (February 18th, 2008)

1. (FIXED) Minor bug in Winsock LSP repair.
2. (FIXED) Improved autostart detection.
3. (FIXED) Flicker of desktop during update.
4. (FIXED) Quarantine problem with restoring files with no folder.
5. (ADDED) CatchMe driver for better file deletion.
6. (ADDED) Delete on reboot for registry items.
7. (ADDED) Support for Swedish language.

Version 1.03 (February 10th, 2008)

1. (FIXED) Bug loading heuristics defintions.
2. (FIXED) Minor update problems.
3. (FIXED) Quarantine items being detected in scan.
4. (FIXED) Error 708 after updating.
5. (FIXED) Problems with ignore list not working on regisry.
6. (ADDED) Folder and file alternate data stream detection.
7. (ADDED) New command line parameter: /updateshowdialog.
8. (ADDED) Advanced detection for certain infections.

Version 1.02 (February 3rd, 2008)

1. (FIXED) Problems with Protection Module.
2. (FIXED) Language resetting to English on reinstall.
3. (FIXED) New log naming conventions.
4. (FIXED) New locations of certain files and registry entries.
5. (ADDED) New mirror to update tab.
6. (ADDED) Help button in about tab.
7. (ADDED) Latest news now gets saved and loaded on start.
8. (ADDED) Support for Albanian and Hungarian languages.

Version 1.01 (January 26th, 2008)

1. (FIXED) FileASSASSIN noticing no file was selected.
2. (FIXED) Problem with registration failing on certain licenses.
3. (FIXED) Minor issues with Protection Module.
4. (ADDED) File selected by FileASSASSIN now displayed.
5. (ADDED) New command line parameter: /minimized.
6. (ADDED) Ability to start scheduled tasks minimized.
7. (ADDED) Update mirrors in update tab.
8. (ADDED) Logs tab to view and delete log files.
9. (ADDED) Support for German language.

I ran another scan after I was finished again
and got a clean scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:22 PM, on 2/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN\Toolbar\3.0.0983.0\msntask.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7354AB7C-29E4-4345-82DE-C0CD55119099}: NameServer =,
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

End of file - 11635 bytes

Report •

February 16, 2009 at 15:29:37
Please download ComboFix to the desktop from one of the following links:


Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your Norton antivirus, Spybot, Windows Defender and any other antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Report •

Related Solutions

Ask Question