Crypt.XPACK.Gen3 and other problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Helmut13 » September 30th, 2013, 3:33 pm


I have on a nootbook, which was not used for the last year, several problems. Avira Free Antivirus found the trojan Crypt.XPACK.Gen3, but I can not delete it completely. I also tried to update anitvirus. malwarebytes and windows, but it did not work very well and in the end also the WLAN internet was not working any more.

Here are my logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.40.2
Run by Monika at 21:25:31 on 2013-09-30
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2936.2011 [GMT 2:00]
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
============== Running Processes ================
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k wdisvc
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\monika\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redire ... &site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: Interfaces\{87100946-3E39-4714-B688-E5CE5439CADD} : NameServer =
Notify: igfxcui - igfxdev.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
============= SERVICES / DRIVERS ===============
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-15 36552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-15 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-15 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-15 27648]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-15 84256]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-15 108320]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-15 83792]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-10-15 216072]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-6 112128]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-6 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2012-10-15 31768]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2012-10-15 4463864]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-8-6 1527900]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-30 40776]
=============== Created Last 30 ================
2013-09-30 18:03:40 -------- d-----w- c:\windows\system32\MRT
2013-09-30 18:02:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-30 17:42:03 -------- d-----w- c:\program files\CCleaner
2013-09-30 17:28:35 -------- d-----w- c:\programdata\IsolatedStorage
2013-09-30 17:16:02 -------- d-----w- c:\programdata\Oracle
2013-09-30 17:15:05 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-30 17:15:05 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-30 17:14:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
==================== Find3M ====================
2013-09-30 17:17:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-30 17:17:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
============= FINISH: 21:26:12,89 ===============

DDS (Ver_2012-11-20.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15.10.2012 21:19:29
System Uptime: 30.09.2013 21:00:32 (0 hours ago)
Motherboard: TOSHIBA | | Satellite U400
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 1200/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 151 GiB total, 103,617 GiB free.
D: is FIXED (NTFS) - 146 GiB total, 141,338 GiB free.
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2 - Deutsch
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Avira Free Antivirus
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Conexant HD Audio
DVD MovieFactory for TOSHIBA
Firebird SQL Server - MAGIX Edition (D)
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 40
Java Auto Updater
MAGIX Digital Foto Maker SE (D)
MAGIX Foto Suite (D)
MAGIX Online Druck Service (D)
Malwarebytes Anti-Malware Version
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myphotobook 3.5
O2Micro Flash Memory Card Reader Driver (x86)
Online Armor 6.0
Picasa 2
Synaptics Pointing Device Driver
TOSHIBA Benutzerhandbücher
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
Windows Media Encoder 9-Reihe
==== End Of File ===========================

Thank you very much for your help!

Re: Crypt.XPACK.Gen3 and other problems

Unread postby Wingman » October 1st, 2013, 12:08 pm

Operating Systems no longer supported by Microsoft
It appears you are using a computer with an unsupported Operating System. Windows Vista (SP1) - Support ended on 12 July 2011

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

There are good help sites available for you to check about your WLAN connectivity problems and updating to a new service pack:
WhattheTech...formerly TomCoyote
Registration is free.

This topic is now closed.
User avatar
Posts: 14054
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

