MBAM doesn't start, problems with other programs

[Guest cerealkillah]

Again nothing - normal mode, safe mode, the same story. 15-20minutes 50 stages complete and 2 hours removing TEMP folder and nothing.

[Psychotic]

OK, then try again to install Malwarebytes Antimalware:

 

 

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

[Guest cerealkillah]

Nothing changed since the beginning: I get "Runtime Error 339 Component 'ieframe.dll' or one of its dependencies not correctly registered: a file is missing or invalid"

[Psychotic]

Seems to be a problem...

 

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.



Once that is done then go to step 3 and allow it to run SFC by clicking Do it




On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair Windows Firewall
• Repair Windows Updates
  

then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

[Guest cerealkillah]

Ok, I'll try it. But one quick question. If I run a sfc /scannow scan I should put in cd with the same windows version (ijcluding service pack), right? I just realised that my windows cd was SP2 but on my PC i've got SP3 (from windows update). Why didn't I get alert that my cd was wrong?

[Psychotic]

Looks like only files had to be restored that weren´t affected by the Service Pack

[Guest cerealkillah]

Still nothing... But I'm still thinking about that files moved to quarantine by NOD32 at the startup the day everything started to fall apart. The things that NOD32 classified as "probably a variant of Win32/Kryptik.KRS trojan". There are Spyware doctor files (which it turns out doesn't work as well), Ad watch files, and among other dlls this "ieframe" that Malwarebytes says is missing. I could restore them from quarantine, but I'm afraid to let something loose and the real problems will start then.

[Psychotic]

what happened with the windows repair?

[Guest cerealkillah]

It did some repairs (6 out of 6 if I remenber correctly), told me to restart windows which I did. After the restart I tried to run MBAM and the message was the same as the last time.

[Guest cerealkillah]

I can attach the logs here, if you want me to.

[Psychotic]

restore ieframe.dll from the quarantine and upload it here: http://www.bleepingcomputer.com/submit-malware.php?channel=156

[Guest cerealkillah]

The file is too big. Maximum size is 5MB, this one is 10MB

[Psychotic]

then check it via VT:

 

 

Scan file(s) via VirusTotal

Please check the file in the code box via Virustotal

• Click browse
• copy the following into the search box

• and click open.
• click Send File.

please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.

[Guest cerealkillah]

You forgot to write what I should type in the search box but I chose browse and then picked ieframe.dll from disk. All  was clear https://www.virustotal.com/pl/file/7dc26b1dab620f09afe093b9f8d520e7814d078f12726a106c44564c5779c769/analysis/1374594382/

Meanwhile, while I was out all the icons from my desktop disappeared. After rebooting everything's ok (I mean the desktop, other programs still don't work)

[Psychotic]

Show me the logs of the anti malware programs were the detected system files were removed.

[Guest cerealkillah]

OK, here's the log from NOd32 (detected threats)

Everything that starts on 3.07.13 (the earlier threats are things I accidentally brought from work on my pendrive - instantly removed then)

nod32.txt

[Psychotic]

Here you have 95% of your system issues - any of these files is required for running windows correctly!

Restore the files and restart the machine. Try MBAM again.

13-07-03 11:55:31	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ctfmon.exe	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:55:28	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\siteguard.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:26	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\sdn.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:26	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\scheduler.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:25	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\regscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:24	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\PWindow.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:23	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\pscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:23	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\processguard.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:22	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\popupblocker.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:22	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\networkguard.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:21	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\memory.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:21	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\lspscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:20	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\keyloggerguard.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:19	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\itoollib.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:18	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\iSDhelp.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:17	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\immunizer.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:16	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\iesdsg.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:15	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\iesdpb.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:14	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\iemonitor.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:12	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\hostsscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:11	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\genscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:10	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\diskscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:10	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\browserscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:09	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\bhoscanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:08	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\BAScanner.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:07	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\Tools\actstartup.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:06	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\chilkatxml.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:55:00	Startup scanner	file	Operating memory » C:\WINDOWS\system32\vbscript.dll	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:54:57	Startup scanner	file	Operating memory » C:\WINDOWS\system32\msscript.ocx	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:54:56	Startup scanner	file	Operating memory » C:\WINDOWS\system32\LZ32.DLL	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:54:55	Startup scanner	file	Operating memory » C:\WINDOWS\system32\oledlg.dll	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:54:55	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\vcl70.bpl	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:54:53	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\rtl70.bpl	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined		13-07-03 11:54:52	Startup scanner	file	Operating memory » C:\WINDOWS\system32\snmpapi.dll	probably a variant of Win32/Kryptik.KRS trojan	unable to clean	CELERON\asa	13-07-03 11:54:52	Startup scanner	file	Operating memory » C:\WINDOWS\system32\inetmib1.dll	probably a variant of Win32/Kryptik.KRS trojan	unable to clean	CELERON\asa	13-07-03 11:54:34	Startup scanner	file	Operating memory » C:\Program Files\Spyware Doctor\swdoctor.exe	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:54:21	Startup scanner	file	Operating memory » C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:52:52	Startup scanner	file	Operating memory » C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:50:28	Startup scanner	file	Operating memory » C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:50:20	Startup scanner	file	Operating memory » C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:50:17	Startup scanner	file	Operating memory » C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:50:16	Startup scanner	file	Operating memory » C:\WINDOWS\system32\olepro32.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:50:13	Startup scanner	file	Operating memory » C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:50:09	Startup scanner	file	Operating memory » C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:50:08	Startup scanner	file	Operating memory » C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:50:06	Startup scanner	file	Operating memory » C:\WINDOWS\system32\KsUser.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:50:06	Startup scanner	file	Operating memory » C:\WINDOWS\system32\DSOUND.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:50:04	Startup scanner	file	Operating memory » C:\WINDOWS\system32\HHCTRL.OCX	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:44:58	Startup scanner	file	Operating memory » C:\WINDOWS\RTHDCPL.EXE	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:44:53	Startup scanner	file	Operating memory » C:\WINDOWS\system32\igfxpers.exe	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:44:52	Startup scanner	file	Operating memory » C:\WINDOWS\system32\hkcmd.exe	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:44:50	Startup scanner	file	Operating memory » C:\WINDOWS\system32\igfxress.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:42:50	Startup scanner	file	Operating memory » C:\WINDOWS\system32\igfxres.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:40:49	Startup scanner	file	Operating memory » C:\WINDOWS\system32\igfxsrvc.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:38:48	Startup scanner	file	Operating memory » C:\WINDOWS\system32\hccutils.DLL	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:38:47	Startup scanner	file	Operating memory » C:\WINDOWS\system32\igfxtray.exe	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:36:46	Startup scanner	file	Operating memory » C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1100GC.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:41	Startup scanner	file	Operating memory » C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hp1100su.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:40	Startup scanner	file	Operating memory » C:\WINDOWS\system32\inetpp.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:39	Startup scanner	file	Operating memory » C:\WINDOWS\system32\win32spl.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:37	Startup scanner	file	Operating memory » C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:36	Startup scanner	file	Operating memory » C:\WINDOWS\system32\usbmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:35	Startup scanner	file	Operating memory » C:\WINDOWS\system32\tcpmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:35	Startup scanner	file	Operating memory » C:\WINDOWS\system32\pjlmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:32	Startup scanner	file	Operating memory » C:\WINDOWS\system32\pdf995mon.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:28	Startup scanner	file	Operating memory » C:\WINDOWS\system32\HP1100LM.DLL	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:25	Startup scanner	file	Operating memory » C:\WINDOWS\system32\E_FLBCAE.DLL	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:24	Startup scanner	file	Operating memory » C:\WINDOWS\system32\cnbjmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:23	Startup scanner	file	Operating memory » C:\WINDOWS\system32\localspl.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:17	Startup scanner	file	Operating memory » C:\WINDOWS\system32\spoolsv.exe	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:15	Startup scanner	file	Operating memory » C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting - quarantined	CELERON\asa	13-07-03 11:34:10	Startup scanner	file	Operating memory » C:\WINDOWS\System32\hhsetup.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:09	Startup scanner	file	Operating memory » C:\WINDOWS\System32\mmcshext.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:03	Startup scanner	file	Operating memory » C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:53	Startup scanner	file	Operating memory » C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:31:45	Startup scanner	file	Operating memory » C:\WINDOWS\System32\davclnt.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:44	Startup scanner	file	Operating memory » C:\WINDOWS\System32\NETRAP.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:43	Startup scanner	file	Operating memory » C:\WINDOWS\System32\NETUI1.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:42	Startup scanner	file	Operating memory » C:\WINDOWS\System32\NETUI0.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:41	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ntlanman.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:40	Startup scanner	file	Operating memory » C:\WINDOWS\system32\BatMeter.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:39	Startup scanner	file	Operating memory » C:\WINDOWS\system32\stobject.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:38	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ntshrui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:31	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ieframe.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:29:18	Startup scanner	file	Operating memory » C:\WINDOWS\system32\msutb.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:17	Startup scanner	file	Operating memory » C:\WINDOWS\system32\themeui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:16	Startup scanner	file	Operating memory » c:\windows\system32\ssdpsrv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:15	Startup scanner	file	Operating memory » c:\windows\system32\regsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:15	Startup scanner	file	Operating memory » c:\windows\system32\lmhsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:31	Startup scanner	file	Operating memory » c:\windows\system32\dnsrslvr.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:28	Startup scanner	file	Operating memory » c:\windows\system32\WUDFPlatform.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:28:22	Startup scanner	file	Operating memory » c:\windows\system32\wudfsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:28:14	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wuapi.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:13	Startup scanner	file	Operating memory » C:\WINDOWS\system32\msxml3.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:12	Startup scanner	file	Operating memory » C:\WINDOWS\System32\RASDLG.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:10	Startup scanner	file	Operating memory » C:\WINDOWS\System32\adptif.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:10	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ipxwan.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:09	Startup scanner	file	Operating memory » C:\WINDOWS\System32\RASQEC.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:08	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ntlsapi.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:07	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rasppp.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:06	Startup scanner	file	Operating memory » C:\WINDOWS\System32\HID.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:05	Startup scanner	file	Operating memory » C:\WINDOWS\System32\hidphone.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:05	Startup scanner	file	Operating memory » C:\WINDOWS\System32\h323.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:04	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ipconf.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:03	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ndptsp.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:02	Startup scanner	file	Operating memory » C:\WINDOWS\System32\kmddsp.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:01	Startup scanner	file	Operating memory » C:\WINDOWS\system32\modemui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:00	Startup scanner	file	Operating memory » C:\WINDOWS\System32\unimdmat.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:59	Startup scanner	file	Operating memory » C:\WINDOWS\System32\uniplat.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:58	Startup scanner	file	Operating memory » C:\WINDOWS\System32\unimdm.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:57	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rastapi.dll	probably a variant of Win32/Kryptik.KRS trojan	unable to clean	CELERON\asa	13-07-03 11:27:51	Startup scanner	file	Operating memory » c:\windows\system32\tapisrv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:49	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rasmans.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:48	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\wbemess.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:48	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\wmiprvsd.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:47	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\repdrvfs.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:46	Startup scanner	file	Operating memory » C:\WINDOWS\system32\colbact.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:45	Startup scanner	file	Operating memory » C:\WINDOWS\system32\SSDPAPI.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:44	Startup scanner	file	Operating memory » c:\windows\system32\ipnathlp.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:43	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\esscli.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:42	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\wbemcore.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:41	Startup scanner	file	Operating memory » c:\windows\system32\wscsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:40	Startup scanner	file	Operating memory » c:\windows\system32\wuauserv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:40	Startup scanner	file	Operating memory » c:\windows\system32\browser.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:39	Startup scanner	file	Operating memory » c:\windows\system32\trkwks.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:38	Startup scanner	file	Operating memory » C:\WINDOWS\system32\VSSAPI.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:37	Startup scanner	file	Operating memory » c:\windows\system32\wbem\wmisvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:36	Startup scanner	file	Operating memory » c:\windows\system32\srsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:35	Startup scanner	file	Operating memory » c:\windows\system32\seclogon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:35	Startup scanner	file	Operating memory » c:\windows\system32\srvsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:34	Startup scanner	file	Operating memory » c:\windows\pchealth\helpctr\binaries\pchsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:33	Startup scanner	file	Operating memory » c:\windows\system32\es.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:33	Startup scanner	file	Operating memory » C:\WINDOWS\System32\WZCSAPI.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:32	Startup scanner	file	Operating memory » C:\WINDOWS\System32\OneX.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:31	Startup scanner	file	Operating memory » C:\WINDOWS\System32\dot3dlg.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:30	Startup scanner	file	Operating memory » C:\WINDOWS\System32\credui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:30	Startup scanner	file	Operating memory » C:\WINDOWS\System32\netman.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:29	Startup scanner	file	Operating memory » c:\windows\system32\ersvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:28	Startup scanner	file	Operating memory » c:\windows\system32\dmserver.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:28	Startup scanner	file	Operating memory » c:\windows\system32\certcli.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:27	Startup scanner	file	Operating memory » c:\windows\system32\cryptsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:26	Startup scanner	file	Operating memory » c:\windows\system32\qmgr.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:25	Startup scanner	file	Operating memory » c:\windows\system32\wkssvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:25	Startup scanner	file	Operating memory » c:\windows\system32\audiosrv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:24	Startup scanner	file	Operating memory » C:\WINDOWS\System32\MSIDLE.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:23	Startup scanner	file	Operating memory » c:\windows\system32\schedsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:22	Startup scanner	file	Operating memory » C:\WINDOWS\System32\raschap.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:17	Startup scanner	file	Operating memory » C:\WINDOWS\system32\iertutil.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:25:07	Startup scanner	file	Operating memory » C:\WINDOWS\system32\urlmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:06	Startup scanner	file	Operating memory » C:\WINDOWS\system32\WININET.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:05	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rastls.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:04	Startup scanner	file	Operating memory » c:\windows\system32\dot3api.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:48	Startup scanner	file	Operating memory » c:\windows\system32\EapolQec.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:43	Startup scanner	file	Operating memory » c:\windows\system32\wzcsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:40	Startup scanner	file	Operating memory » c:\windows\system32\dhcpcsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:38	Startup scanner	file	Operating memory » C:\WINDOWS\System32\wshisn.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:37	Startup scanner	file	Operating memory » c:\windows\system32\mstlsapi.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:36	Startup scanner	file	Operating memory » c:\windows\system32\ICAAPI.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:34	Startup scanner	file	Operating memory » C:\WINDOWS\system32\psbase.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:32	Startup scanner	file	Operating memory » C:\WINDOWS\system32\pstorsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:27	Startup scanner	file	Operating memory » C:\WINDOWS\system32\WINIPSEC.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:25	Startup scanner	file	Operating memory » C:\WINDOWS\system32\oakley.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:16	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ipsecsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	

[Guest cerealkillah]

I only managed to restore part of the files,. For others i get "Restoring file from quarantine failed" Tomorrow I'll make a list of files which weren't extracted. I'll try to that manually, but I don't know if I manage to do that. Malwarebytes still doesn't work. I regained control over Spyware doctor and Ad aware, but that doesn't help.

[Psychotic]

create that list. We´ll fix them with other methods when you´re finished.

[Guest cerealkillah]

Here's the list of files that NOD32 couldn't restore. If I want to manually restore them to the folder they were removed from, I get the message that the file already exists.

13-07-03 11:55:31	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ctfmon.exe	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:54:56	Startup scanner	file	Operating memory » C:\WINDOWS\system32\LZ32.DLL	probably a variant of Win32/Kryptik.KRS trojan	unable to clean		13-07-03 11:34:40	Startup scanner	file	Operating memory » C:\WINDOWS\system32\inetpp.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:39	Startup scanner	file	Operating memory » C:\WINDOWS\system32\win32spl.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:37	Startup scanner	file	Operating memory » C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:34:36	Startup scanner	file	Operating memory » C:\WINDOWS\system32\usbmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:35	Startup scanner	file	Operating memory » C:\WINDOWS\system32\tcpmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:35	Startup scanner	file	Operating memory » C:\WINDOWS\system32\pjlmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:24	Startup scanner	file	Operating memory » C:\WINDOWS\system32\cnbjmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:23	Startup scanner	file	Operating memory » C:\WINDOWS\system32\localspl.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:17	Startup scanner	file	Operating memory » C:\WINDOWS\system32\spoolsv.exe	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:34:03	Startup scanner	file	Operating memory » C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:45	Startup scanner	file	Operating memory » C:\WINDOWS\System32\davclnt.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:44	Startup scanner	file	Operating memory » C:\WINDOWS\System32\NETRAP.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:43	Startup scanner	file	Operating memory » C:\WINDOWS\System32\NETUI1.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:42	Startup scanner	file	Operating memory » C:\WINDOWS\System32\NETUI0.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:41	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ntlanman.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:40	Startup scanner	file	Operating memory » C:\WINDOWS\system32\BatMeter.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:39	Startup scanner	file	Operating memory » C:\WINDOWS\system32\stobject.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:31:38	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ntshrui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:18	Startup scanner	file	Operating memory » C:\WINDOWS\system32\msutb.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:17	Startup scanner	file	Operating memory » C:\WINDOWS\system32\themeui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:16	Startup scanner	file	Operating memory » c:\windows\system32\ssdpsrv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:15	Startup scanner	file	Operating memory » c:\windows\system32\regsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:29:15	Startup scanner	file	Operating memory » c:\windows\system32\lmhsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:31	Startup scanner	file	Operating memory » c:\windows\system32\dnsrslvr.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:12	Startup scanner	file	Operating memory » C:\WINDOWS\System32\RASDLG.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:10	Startup scanner	file	Operating memory » C:\WINDOWS\System32\adptif.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:10	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ipxwan.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:09	Startup scanner	file	Operating memory » C:\WINDOWS\System32\RASQEC.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:08	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ntlsapi.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:07	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rasppp.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:06	Startup scanner	file	Operating memory » C:\WINDOWS\System32\HID.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:05	Startup scanner	file	Operating memory » C:\WINDOWS\System32\hidphone.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:05	Startup scanner	file	Operating memory » C:\WINDOWS\System32\h323.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:04	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ipconf.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:03	Startup scanner	file	Operating memory » C:\WINDOWS\System32\ndptsp.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:02	Startup scanner	file	Operating memory » C:\WINDOWS\System32\kmddsp.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:01	Startup scanner	file	Operating memory » C:\WINDOWS\system32\modemui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:28:00	Startup scanner	file	Operating memory » C:\WINDOWS\System32\unimdmat.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:59	Startup scanner	file	Operating memory » C:\WINDOWS\System32\uniplat.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:58	Startup scanner	file	Operating memory » C:\WINDOWS\System32\unimdm.tsp	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:57	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rastapi.dll	probably a variant of Win32/Kryptik.KRS trojan	unable to clean	CELERON\asa	13-07-03 11:27:51	Startup scanner	file	Operating memory » c:\windows\system32\tapisrv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:49	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rasmans.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:48	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\wbemess.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:48	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\wmiprvsd.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:47	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\repdrvfs.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:46	Startup scanner	file	Operating memory » C:\WINDOWS\system32\colbact.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:45	Startup scanner	file	Operating memory » C:\WINDOWS\system32\SSDPAPI.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:44	Startup scanner	file	Operating memory » c:\windows\system32\ipnathlp.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:43	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\esscli.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:42	Startup scanner	file	Operating memory » C:\WINDOWS\system32\wbem\wbemcore.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:41	Startup scanner	file	Operating memory » c:\windows\system32\wscsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:40	Startup scanner	file	Operating memory » c:\windows\system32\wuauserv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:40	Startup scanner	file	Operating memory » c:\windows\system32\browser.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:39	Startup scanner	file	Operating memory » c:\windows\system32\trkwks.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:38	Startup scanner	file	Operating memory » C:\WINDOWS\system32\VSSAPI.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:37	Startup scanner	file	Operating memory » c:\windows\system32\wbem\wmisvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:36	Startup scanner	file	Operating memory » c:\windows\system32\srsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:35	Startup scanner	file	Operating memory » c:\windows\system32\seclogon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:35	Startup scanner	file	Operating memory » c:\windows\system32\srvsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:34	Startup scanner	file	Operating memory » c:\windows\pchealth\helpctr\binaries\pchsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:33	Startup scanner	file	Operating memory » c:\windows\system32\es.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:33	Startup scanner	file	Operating memory » C:\WINDOWS\System32\WZCSAPI.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:32	Startup scanner	file	Operating memory » C:\WINDOWS\System32\OneX.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:31	Startup scanner	file	Operating memory » C:\WINDOWS\System32\dot3dlg.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:30	Startup scanner	file	Operating memory » C:\WINDOWS\System32\credui.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:30	Startup scanner	file	Operating memory » C:\WINDOWS\System32\netman.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:29	Startup scanner	file	Operating memory » c:\windows\system32\ersvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:28	Startup scanner	file	Operating memory » c:\windows\system32\dmserver.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:28	Startup scanner	file	Operating memory » c:\windows\system32\certcli.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:27	Startup scanner	file	Operating memory » c:\windows\system32\cryptsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:26	Startup scanner	file	Operating memory » c:\windows\system32\qmgr.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:25	Startup scanner	file	Operating memory » c:\windows\system32\wkssvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:25	Startup scanner	file	Operating memory » c:\windows\system32\audiosrv.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:24	Startup scanner	file	Operating memory » C:\WINDOWS\System32\MSIDLE.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:23	Startup scanner	file	Operating memory » c:\windows\system32\schedsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:27:22	Startup scanner	file	Operating memory » C:\WINDOWS\System32\raschap.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:17	Startup scanner	file	Operating memory » C:\WINDOWS\system32\iertutil.dll	probably a variant of Win32/Kryptik.KRS trojan	cleaned by deleting (after the next restart) - quarantined	CELERON\asa	13-07-03 11:25:07	Startup scanner	file	Operating memory » C:\WINDOWS\system32\urlmon.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:06	Startup scanner	file	Operating memory » C:\WINDOWS\system32\WININET.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:05	Startup scanner	file	Operating memory » C:\WINDOWS\System32\rastls.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:25:04	Startup scanner	file	Operating memory » c:\windows\system32\dot3api.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:48	Startup scanner	file	Operating memory » c:\windows\system32\EapolQec.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:43	Startup scanner	file	Operating memory » c:\windows\system32\wzcsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:40	Startup scanner	file	Operating memory » c:\windows\system32\dhcpcsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:38	Startup scanner	file	Operating memory » C:\WINDOWS\System32\wshisn.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:37	Startup scanner	file	Operating memory » c:\windows\system32\mstlsapi.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:36	Startup scanner	file	Operating memory » c:\windows\system32\ICAAPI.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:34	Startup scanner	file	Operating memory » C:\WINDOWS\system32\psbase.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:32	Startup scanner	file	Operating memory » C:\WINDOWS\system32\pstorsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:27	Startup scanner	file	Operating memory » C:\WINDOWS\system32\WINIPSEC.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:25	Startup scanner	file	Operating memory » C:\WINDOWS\system32\oakley.DLL	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa	13-07-03 11:24:16	Startup scanner	file	Operating memory » C:\WINDOWS\system32\ipsecsvc.dll	probably a variant of Win32/Kryptik.KRS trojan	error while cleaning	CELERON\asa		

[Psychotic]

If they are existing, everything should be fine now.

Let´s check:

 

 

System File Check (offline mode)

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt
  

Select Command Prompt

• In the command window:
• type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your system drive letter and system path (for example, D:\windows\) and close the notepad.
• enter the following command:
  

sfc /scannow /offbootdir=d:\ /offwindir=d:\windows


Replace the red and pink parts with the informations you obtained from the last step of this tutorial.

Note: Depending on how your computer is setup, the Command Prompt, when used from outside of Windows, doesn't always assign drive letters in the same way that you see them from inside Windows. In other words, Windows might be at C:\Windows when you're using it, but D:\Windows from the Command Prompt in System Recovery Options.

[Guest cerealkillah]

There's no "repair your computer" option in my advanced boot options. I guess XP doesn't have this option. My windows CD doesn't help either...

[Psychotic]

Then do the following in normal mode:

 

 

System File Check

For Windows XP:

• Press the Windows- and the R-key simultanously.
• Within the text box that jus opened, write cmd and hit Enter.
  

For Windows Vista/7:

• Press the Windows key to open the start menu.
• Don´t highlight anything, just write cmd.
• The start menu will offer you an entry named cmd.
• Right click it and select "run as administrator"
  

Within the opening window, write the following:

sfc /scannow

(See the blank within).

• Hit enter. Your system will be checked for damaged system files.
• Tell me the result of that scan in here (as the tool produces no log).
  

[Guest cerealkillah]

Weird... I ran sfc, I had to insert my CD (just like the last time - to copy some essential files to dll cache) and then scan went to an end. Out of curiosity i ran sfc again without the CD - worked ok. After I restarted my computer I ran sfc and I had to put my CD once again.

[Psychotic]

Are your programs working now?