How to remove System Security on Vista

View previous topic View next topic Go down

How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 7:36 pm

Hello. I am one of those lucky who has got ''System Security''. It doesn't allow me to run any applications. I have downloaded Ice Sword, DDS, HijackThis, MBAM. Of course, none of them work, but these might be needed to get rid of System Security. I will now try to run DDS in a safe mode with networking. If that works, I will post DDS.txt in the next reply.

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Origin on Sat Jun 13, 2009 7:37 pm

ok waiting for you response.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Here it is (it was too big to post, so I divided it into two replies)

Post by vyt4as on Sat Jun 13, 2009 7:51 pm

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Vytas at 20:43:38.67 on 13/06/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSEARCH PAGE = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
BHO: {f5b9edb6-883d-4b24-a791-571b4da72e36} - c:\windows\system32\rulituzi.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe"
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [eDSMSNfix] "c:\acer\empowering technology\eDSMSNfix.exe"
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [boyikosegi] Rundll32.exe "c:\windows\system32\jahinepa.dll",s
mRun: [17997794] c:\programdata\17997794\17997794.exe
mRun: [98007786] c:\programdata\98007786\98007786.exe
mRun: [CPM139b2832] Rundll32.exe "c:\windows\system32\tijayoni.dll",a
mRun: [10a81bae] rundll32.exe "c:\windows\system32\yasisuge.dll",b
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {9A348FCE-C544-4A13-B718-66FCBA67DC57} = 85.255.112.39,85.255.112.40
TCP: {E55A131D-4C32-467C-B8F6-72FF7A99A561} = 85.255.112.39,85.255.112.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\firalozu.dll c:\windows\system32\jimikene.dll c:\windows\system32\tijayoni.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tijayoni.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\tijayoni.dll
LSA: Notification Packages = scecli c:\windows\system32\jimikene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\vytas\appdata\roaming\mozilla\firefox\profiles\2w0v2hf2.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - component: c:\users\vytas\appdata\roaming\mozilla\firefox\profiles\2w0v2hf2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\videolan\vlc\npvlc.dll

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

second part

Post by vyt4as on Sat Jun 13, 2009 7:52 pm

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-13 19:39 0 a------- c:\windows\system32\x2.dat
2009-06-12 23:49 186,170,688 a------- c:\windows\MEMORY.DMP
2009-06-12 23:11 1,398,061 ---sh--- c:\windows\system32\egusisay.ini
2009-06-12 23:11 --d----- c:\programdata\98007786
2009-06-12 23:11 --d----- c:\programdata\17997794
2009-06-12 23:11 --d----- c:\progra~2\98007786
2009-06-12 23:11 --d----- c:\progra~2\17997794
2009-06-12 11:11 1,398,070 ---sh--- c:\windows\system32\egetunip.ini
2009-06-12 00:30 1,398,088 ---sh--- c:\windows\system32\ulakirow.ini
2009-06-11 09:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-11 09:34 1,398,088 ---sh--- c:\windows\system32\enomoyup.ini
2009-06-10 19:15 1,398,048 ---sh--- c:\windows\system32\idivewav.ini
2009-06-10 07:15 1,398,070 ---sh--- c:\windows\system32\univozof.ini
2009-06-10 07:14 1,398,048 ---sh--- c:\windows\system32\ufohizuz.ini
2009-06-09 12:03 1,398,070 ---sh--- c:\windows\system32\ozudefeh.ini
2009-06-09 00:03 1,398,048 ---sh--- c:\windows\system32\uzoduyob.ini
2009-06-08 12:43 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-08 12:43 --d----- c:\programdata\Avira
2009-06-08 12:43 --d----- c:\program files\Avira
2009-06-08 12:43 --d----- c:\progra~2\Avira
2009-06-08 12:15 --d----- c:\windows\pss
2009-06-08 12:03 1,398,061 ---sh--- c:\windows\system32\abegaday.ini
2009-06-07 19:34 --d----- c:\program files\CCleaner
2009-06-07 18:41 1,398,048 ---sh--- c:\windows\system32\udayibow.ini
2009-06-06 16:56 1,398,070 ---sh--- c:\windows\system32\ivapogej.ini
2009-06-06 16:55 1,398,048 ---sh--- c:\windows\system32\ohidaruj.ini
2009-06-05 17:33 1,398,070 ---sh--- c:\windows\system32\adazipar.ini
2009-06-04 23:13 1,398,079 ---sh--- c:\windows\system32\erumavop.ini
2009-06-04 11:13 1,398,079 ---sh--- c:\windows\system32\ufaputud.ini
2009-06-03 23:11 1,398,048 ---sh--- c:\windows\system32\osugeken.ini
2009-06-03 11:11 1,398,088 ---sh--- c:\windows\system32\isawamab.ini
2009-06-02 23:11 1,398,088 ---sh--- c:\windows\system32\efikivew.ini
2009-06-02 11:12 1,398,088 ---sh--- c:\windows\system32\owekiwid.ini
2009-06-01 23:17 1,398,088 ---sh--- c:\windows\system32\aworokob.ini
2009-06-01 10:09 1,398,088 ---sh--- c:\windows\system32\isafugaz.ini
2009-05-31 18:28 1,398,061 ---sh--- c:\windows\system32\irogeyun.ini
2009-05-30 17:06 1,398,061 ---sh--- c:\windows\system32\oniwakeb.ini
2009-05-29 22:49 1,398,061 ---sh--- c:\windows\system32\okisikin.ini
2009-05-29 10:02 1,398,079 ---sh--- c:\windows\system32\ugihojom.ini
2009-05-28 19:17 1,398,061 ---sh--- c:\windows\system32\ukibunis.ini
2009-05-27 14:33 1,398,061 ---sh--- c:\windows\system32\urivodoz.ini
2009-05-27 14:33 1,398,061 ---sh--- c:\windows\system32\upotizag.ini
2009-05-26 22:00 1,398,048 ---sh--- c:\windows\system32\obohewej.ini
2009-05-26 10:01 1,398,070 ---sh--- c:\windows\system32\ijozuzuj.ini
2009-05-25 21:58 1,398,061 ---sh--- c:\windows\system32\ezivoyoh.ini
2009-05-25 09:57 1,398,048 ---sh--- c:\windows\system32\iwaroyiv.ini
2009-05-24 22:39 172,032 a------- c:\windows\system32\igfxres.dll
2009-05-24 18:43 --d----- c:\programdata\zewehapo
2009-05-24 18:43 --d----- c:\programdata\lowagora
2009-05-24 18:43 --d----- c:\progra~2\zewehapo
2009-05-24 18:43 --d----- c:\progra~2\lowagora
2009-05-23 16:35 --d----- c:\programdata\rewebafe
2009-05-23 16:35 --d----- c:\programdata\fisawuve
2009-05-23 16:35 --d----- c:\progra~2\rewebafe
2009-05-23 16:35 --d----- c:\progra~2\fisawuve
2009-05-22 15:10 --d----- c:\programdata\wufidipe
2009-05-22 15:10 --d----- c:\programdata\kuvikave
2009-05-22 15:10 --d----- c:\progra~2\wufidipe
2009-05-22 15:10 --d----- c:\progra~2\kuvikave
2009-05-22 03:10 --d----- c:\programdata\wuteluga
2009-05-22 03:10 --d----- c:\programdata\hizemeki
2009-05-22 03:10 --d----- c:\progra~2\wuteluga
2009-05-22 03:10 --d----- c:\progra~2\hizemeki
2009-05-21 15:09 --d----- c:\programdata\simetuwi
2009-05-21 15:09 --d----- c:\programdata\howayofa
2009-05-21 15:09 --d----- c:\progra~2\simetuwi
2009-05-21 15:09 --d----- c:\progra~2\howayofa
2009-05-20 23:57 --d----- c:\programdata\nosukiwe
2009-05-20 23:57 --d----- c:\programdata\geruwupe
2009-05-20 23:57 --d----- c:\progra~2\nosukiwe
2009-05-20 23:57 --d----- c:\progra~2\geruwupe
2009-05-20 11:57 --d----- c:\programdata\vitumepa
2009-05-20 11:57 --d----- c:\programdata\hulebaru
2009-05-20 11:57 --d----- c:\progra~2\vitumepa
2009-05-20 11:57 --d----- c:\progra~2\hulebaru
2009-05-19 17:03 --d----- c:\programdata\vugehoye
2009-05-19 17:03 --d----- c:\programdata\sizehapu
2009-05-19 17:03 --d----- c:\progra~2\vugehoye
2009-05-19 17:03 --d----- c:\progra~2\sizehapu
2009-05-19 01:32 --d----- c:\programdata\pahewuja
2009-05-19 01:32 --d----- c:\programdata\lelukiwi
2009-05-19 01:32 --d----- c:\progra~2\pahewuja
2009-05-19 01:32 --d----- c:\progra~2\lelukiwi
2009-05-18 13:32 --d----- c:\programdata\zidukisu
2009-05-18 13:32 --d----- c:\programdata\rijebehu
2009-05-18 13:32 --d----- c:\progra~2\zidukisu
2009-05-18 13:32 --d----- c:\progra~2\rijebehu
2009-05-17 20:32 --d----- c:\programdata\kusavapu
2009-05-17 20:32 --d----- c:\programdata\gofuhuvo
2009-05-17 20:32 --d----- c:\progra~2\kusavapu
2009-05-17 20:32 --d----- c:\progra~2\gofuhuvo
2009-05-17 08:33 --d----- c:\programdata\powohefa
2009-05-17 08:33 --d----- c:\programdata\nidenefe
2009-05-17 08:33 --d----- c:\progra~2\powohefa
2009-05-17 08:33 --d----- c:\progra~2\nidenefe
2009-05-16 18:11 --d----- c:\programdata\wizisili
2009-05-16 18:11 --d----- c:\programdata\dagenijo
2009-05-16 18:11 --d----- c:\progra~2\wizisili
2009-05-16 18:11 --d----- c:\progra~2\dagenijo
2009-05-16 06:12 --d----- c:\programdata\pojovosa
2009-05-16 06:12 --d----- c:\programdata\jahomayo
2009-05-16 06:12 --d----- c:\progra~2\pojovosa
2009-05-16 06:12 --d----- c:\progra~2\jahomayo
2009-05-15 16:00 --d----- c:\programdata\zorihumu
2009-05-15 16:00 --d----- c:\programdata\kefunuya
2009-05-15 16:00 --d----- c:\progra~2\zorihumu
2009-05-15 16:00 --d----- c:\progra~2\kefunuya
2009-05-15 01:47 --d----- c:\programdata\seyamoyu
2009-05-15 01:47 --d----- c:\programdata\hisukeba
2009-05-15 01:47 --d----- c:\programdata\fahumaki
2009-05-15 01:47 --d----- c:\progra~2\seyamoyu
2009-05-15 01:47 --d----- c:\progra~2\hisukeba
2009-05-15 01:47 --d----- c:\progra~2\fahumaki
2009-05-15 01:46 --d----- c:\programdata\leramada
2009-05-15 01:46 --d----- c:\programdata\kejepuha
2009-05-15 01:46 --d----- c:\programdata\fomasopi
2009-05-15 01:46 --d----- c:\progra~2\leramada
2009-05-15 01:46 --d----- c:\progra~2\kejepuha
2009-05-15 01:46 --d----- c:\progra~2\fomasopi

==================== Find3M ====================

2009-06-13 19:39 538,430 a--sh--- c:\windows\system32\kijudawi.exe
2009-06-13 19:39 81,408 a--sh--- c:\windows\system32\kufisobe.dll
2009-06-13 19:39 79,872 a--sh--- c:\windows\system32\davotudo.dll
2009-06-13 19:39 15,360 a--sh--- c:\windows\system32\zawomebe.exe
2009-06-12 23:11 538,430 a--sh--- c:\windows\system32\kebizoru.exe
2009-06-12 23:11 81,920 a--sh--- c:\windows\system32\tijayoni.dll
2009-06-12 23:11 79,360 a--sh--- c:\windows\system32\yasisuge.dll
2009-06-12 11:11 81,920 a--sh--- c:\windows\system32\lenevode.dll
2009-06-12 00:30 81,920 a--sh--- c:\windows\system32\tayunazi.dll
2009-06-11 09:34 48,640 a--sh--- c:\windows\system32\momolane.dll
2009-06-11 09:33 80,896 a--sh--- c:\windows\system32\lujiyafa.dll
2009-06-10 23:34 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-10 19:15 80,384 -------- c:\windows\system32\vawevidi.dll
2009-06-10 19:15 82,432 a------- c:\windows\system32\huyavamu.VIR
2009-06-10 07:15 80,384 a--sh--- c:\windows\system32\fozovinu.dll
2009-06-10 07:15 82,432 a------- c:\windows\system32\kofumaje.VIR
2009-06-10 07:14 82,432 a--sh--- c:\windows\system32\dawesiye.dll
2009-06-10 07:14 80,384 -------- c:\windows\system32\zuzihofu.dll
2009-06-09 00:03 80,896 a--sh--- c:\windows\system32\jipilere.dll
2009-06-09 00:03 79,360 -------- c:\windows\system32\boyudozu.dll
2009-04-25 15:45 304,160 a------- C:\PA207.DAT
2009-03-12 20:15 51,200 a------- c:\windows\inf\infpub.dat
2009-03-12 20:15 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-12 20:15 86,016 a------- c:\windows\inf\infstor.dat
2008-12-12 11:38 174 a--sh--- c:\program files\desktop.ini
2008-11-14 00:16 210 a------- c:\users\vytas\appdata\roaming\wklnhst.dat
2008-06-12 03:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-22 11:22 32 a------- c:\programdata\ezsid.dat
2008-02-22 11:22 32 a------- c:\progra~2\ezsid.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-11-07 18:10 80 ---sh--- c:\windows\system32\82D200A335.dll
2009-03-11 09:34 48,640 a--sh--- c:\windows\system32\jahinepa.dll
2009-03-11 09:34 48,640 a--sh--- c:\windows\system32\jimikene.dll
2009-03-11 09:34 48,640 a--sh--- c:\windows\system32\rulituzi.dll

============= FINISH: 20:45:05.95 ===============

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Origin on Sat Jun 13, 2009 7:52 pm


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Belahzur on Sat Jun 13, 2009 7:54 pm

Does IceSword work in safe mode with networking? we need to get rid of them false alerts and their run values before running any of our other tools.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Combo-Fix log (again in two parts)

Post by vyt4as on Sat Jun 13, 2009 8:16 pm

ComboFix 09-06-13.02 - Vytas 13/06/2009 20:57.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1257.370.1033.18.1526.1084 [GMT 1:00]
Running from: c:\users\Vytas\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\17997794
c:\programdata\98007786
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\freshplay
c:\users\Vytas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\programdata\17997794\17997794.exe
c:\programdata\17997794\17997794.glu
c:\programdata\17997794\pc17997794cnf
c:\programdata\17997794\pc17997794ins
c:\programdata\98007786\98007786.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\freshplay\Uninstall.lnk
c:\windows\system32\abegaday.ini
c:\windows\system32\adazipar.ini
c:\windows\system32\aworokob.ini
c:\windows\system32\boyudozu.dll
c:\windows\system32\dawesiye.dll
c:\windows\system32\efikivew.ini
c:\windows\system32\egetunip.ini
c:\windows\system32\egusisay.ini
c:\windows\system32\enomoyup.ini
c:\windows\system32\erumavop.ini
c:\windows\system32\ezivoyoh.ini
c:\windows\system32\fozovinu.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\idivewav.ini
c:\windows\system32\ijozuzuj.ini
c:\windows\system32\irogeyun.ini
c:\windows\system32\isafugaz.ini
c:\windows\system32\isawamab.ini
c:\windows\system32\ivapogej.ini
c:\windows\system32\iwaroyiv.ini
c:\windows\system32\jimikene.dll
c:\windows\system32\jipilere.dll
c:\windows\system32\obohewej.ini
c:\windows\system32\ohidaruj.ini
c:\windows\system32\okisikin.ini
c:\windows\system32\oniwakeb.ini
c:\windows\system32\osugeken.ini
c:\windows\system32\owekiwid.ini
c:\windows\system32\ozudefeh.ini
c:\windows\system32\skinboxer43.dll
c:\windows\system32\u2g.f
c:\windows\system32\udayibow.ini
c:\windows\system32\ufaputud.ini
c:\windows\system32\ufohizuz.ini
c:\windows\system32\ugihojom.ini
c:\windows\system32\ukibunis.ini
c:\windows\system32\ulakirow.ini
c:\windows\system32\univozof.ini
c:\windows\system32\upotizag.ini
c:\windows\system32\urivodoz.ini
c:\windows\system32\uzoduyob.ini
c:\windows\system32\vawevidi.dll
c:\windows\system32\zuzihofu.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 18:39 . 2009-06-13 18:39 0 ----a-w- c:\windows\system32\x2.dat
2009-06-11 08:56 . 2009-06-08 22:38 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-08 22:38 . 2009-06-08 22:38 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-08 22:38 . 2009-06-08 22:38 73064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-08 11:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-08 11:43 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-08 11:43 . 2009-06-08 11:43 -------- d-----w- c:\programdata\Avira
2009-06-08 11:43 . 2009-06-08 11:43 -------- d-----w- c:\program files\Avira
2009-06-08 11:13 . 2009-06-08 11:13 655872 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcr90.dll
2009-06-08 11:13 . 2009-06-08 11:13 601088 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\PresenterScreen.uno.dll
2009-06-08 11:13 . 2009-06-08 11:13 568832 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcp90.dll
2009-06-08 11:13 . 2009-06-08 11:13 224768 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcm90.dll
2009-06-07 18:34 . 2009-06-08 11:22 -------- d-----w- c:\program files\CCleaner
2009-05-24 21:39 . 2007-08-24 18:26 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-05-24 17:43 . 2009-05-24 17:43 -------- d-----w- c:\programdata\zewehapo
2009-05-24 17:43 . 2009-05-24 17:43 -------- d-----w- c:\programdata\lowagora
2009-05-23 15:35 . 2009-05-23 15:35 -------- d-----w- c:\programdata\rewebafe
2009-05-23 15:35 . 2009-05-23 15:35 -------- d-----w- c:\programdata\fisawuve
2009-05-22 14:10 . 2009-05-22 14:31 -------- d-----w- c:\programdata\kuvikave
2009-05-22 14:10 . 2009-05-22 14:10 -------- d-----w- c:\programdata\wufidipe
2009-05-22 02:10 . 2009-05-22 02:10 -------- d-----w- c:\programdata\wuteluga
2009-05-22 02:10 . 2009-05-22 02:10 -------- d-----w- c:\programdata\hizemeki
2009-05-21 14:09 . 2009-05-21 14:10 -------- d-----w- c:\programdata\simetuwi
2009-05-21 14:09 . 2009-05-21 14:09 -------- d-----w- c:\programdata\howayofa
2009-05-20 22:57 . 2009-05-20 22:57 -------- d-----w- c:\programdata\nosukiwe
2009-05-20 22:57 . 2009-05-20 22:57 -------- d-----w- c:\programdata\geruwupe
2009-05-20 10:57 . 2009-05-20 10:57 -------- d-----w- c:\programdata\vitumepa
2009-05-20 10:57 . 2009-05-20 10:57 -------- d-----w- c:\programdata\hulebaru
2009-05-19 16:03 . 2009-05-20 16:25 -------- d-----w- c:\programdata\vugehoye
2009-05-19 16:03 . 2009-05-19 16:03 -------- d-----w- c:\programdata\sizehapu
2009-05-19 00:32 . 2009-05-19 08:06 -------- d-----w- c:\programdata\lelukiwi
2009-05-19 00:32 . 2009-05-19 00:32 -------- d-----w- c:\programdata\pahewuja
2009-05-18 12:32 . 2009-05-18 12:53 -------- d-----w- c:\programdata\rijebehu
2009-05-18 12:32 . 2009-05-18 12:32 -------- d-----w- c:\programdata\zidukisu
2009-05-17 19:32 . 2009-05-17 19:53 -------- d-----w- c:\programdata\gofuhuvo
2009-05-17 19:32 . 2009-05-17 19:32 -------- d-----w- c:\programdata\kusavapu
2009-05-17 07:33 . 2009-05-17 07:54 -------- d-----w- c:\programdata\nidenefe
2009-05-17 07:33 . 2009-05-17 07:33 -------- d-----w- c:\programdata\powohefa
2009-05-16 17:11 . 2009-05-16 20:13 -------- d-----w- c:\programdata\wizisili
2009-05-16 17:11 . 2009-05-16 17:11 -------- d-----w- c:\programdata\dagenijo
2009-05-16 05:12 . 2009-05-16 15:44 -------- d-----w- c:\programdata\jahomayo
2009-05-16 05:12 . 2009-05-16 05:12 -------- d-----w- c:\programdata\pojovosa
2009-05-15 15:00 . 2009-05-15 15:21 -------- d-----w- c:\programdata\kefunuya
2009-05-15 15:00 . 2009-05-15 15:00 -------- d-----w- c:\programdata\zorihumu
2009-05-15 00:47 . 2009-05-27 13:33 -------- d-----w- c:\programdata\seyamoyu
2009-05-15 00:47 . 2009-05-27 13:33 -------- d-----w- c:\programdata\hisukeba
2009-05-15 00:47 . 2009-05-27 13:33 -------- d-----w- c:\programdata\fahumaki
2009-05-15 00:46 . 2009-05-15 01:08 -------- d-----w- c:\programdata\kejepuha
2009-05-15 00:46 . 2009-05-15 00:46 -------- d-----w- c:\programdata\leramada
2009-05-15 00:46 . 2009-05-15 00:46 -------- d-----w- c:\programdata\fomasopi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 18:39 . 2009-03-13 18:39 81408 --sha-w- c:\windows\system32\kufisobe.dll
2009-06-13 18:39 . 2009-03-13 18:39 79872 --sha-w- c:\windows\system32\davotudo.dll
2009-06-13 18:39 . 2009-03-13 18:39 538430 --sha-w- c:\windows\system32\kijudawi.exe
2009-06-13 18:39 . 2009-03-13 18:39 15360 --sha-w- c:\windows\system32\zawomebe.exe
2009-06-12 22:54 . 2007-11-01 11:41 1356 ----a-w- c:\users\Vytas\AppData\Local\d3d9caps.dat
2009-06-12 22:28 . 2007-10-11 14:42 -------- d-----w- c:\users\Vytas\AppData\Roaming\Skype
2009-06-12 22:11 . 2009-03-12 22:11 538430 --sha-w- c:\windows\system32\kebizoru.exe
2009-06-12 22:11 . 2009-03-12 22:11 81920 --sha-w- c:\windows\system32\tijayoni.dll
2009-06-12 22:11 . 2009-03-12 22:11 79360 --sha-w- c:\windows\system32\yasisuge.dll
2009-06-12 10:11 . 2009-03-12 10:11 81920 --sha-w- c:\windows\system32\lenevode.dll
2009-06-11 23:30 . 2009-03-11 23:30 81920 --sha-w- c:\windows\system32\tayunazi.dll
2009-06-11 08:34 . 2009-03-11 08:33 48640 --sha-w- c:\windows\system32\momolane.dll
2009-06-11 08:33 . 2009-03-11 08:33 80896 --sha-w- c:\windows\system32\lujiyafa.dll
2009-06-10 18:23 . 2007-10-28 22:00 -------- d-----w- c:\users\Vytas\AppData\Roaming\uTorrent
2009-06-10 18:15 . 2009-03-10 18:15 82432 ----a-w- c:\windows\system32\huyavamu.VIR
2009-06-10 06:15 . 2009-03-10 06:15 82432 ----a-w- c:\windows\system32\kofumaje.VIR
2009-06-09 11:21 . 2009-05-09 16:32 1 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-30 21:52 . 2009-03-16 18:14 -------- d-----w- c:\users\Vytas\AppData\Roaming\RayV
2009-05-26 15:53 . 2008-03-09 20:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\dvdcss
2009-05-24 17:43 . 2009-02-24 17:43 81920 --sha-w- c:\programdata\lowagora\lowagora.dll
2009-05-24 17:43 . 2009-02-24 17:43 78848 --sha-w- c:\programdata\zewehapo\zewehapo.dll
2009-05-23 15:35 . 2009-02-23 15:35 81920 --sha-w- c:\programdata\fisawuve\fisawuve.dll
2009-05-23 15:35 . 2009-02-23 15:35 78848 --sha-w- c:\programdata\rewebafe\rewebafe.dll
2009-05-22 14:10 . 2009-02-22 14:10 81920 --sha-w- c:\programdata\wufidipe\wufidipe.dll
2009-05-22 14:10 . 2009-02-22 14:10 78848 ------w- c:\programdata\kuvikave\kuvikave.dll
2009-05-22 02:10 . 2009-02-22 02:10 81920 --sha-w- c:\programdata\wuteluga\wuteluga.dll
2009-05-22 02:10 . 2009-02-22 02:10 78848 --sha-w- c:\programdata\hizemeki\hizemeki.dll
2009-05-21 14:09 . 2009-02-21 14:09 81920 --sha-w- c:\programdata\howayofa\howayofa.dll
2009-05-21 14:09 . 2009-02-21 14:09 78848 --sha-w- c:\programdata\simetuwi\simetuwi.dll
2009-05-20 22:57 . 2009-02-20 22:57 81920 --sha-w- c:\programdata\geruwupe\geruwupe.dll
2009-05-20 22:57 . 2009-02-20 22:57 78848 --sha-w- c:\programdata\nosukiwe\nosukiwe.dll
2009-05-20 10:57 . 2009-02-20 10:57 81920 --sha-w- c:\programdata\hulebaru\hulebaru.dll
2009-05-20 10:57 . 2009-02-20 10:57 78848 --sha-w- c:\programdata\vitumepa\vitumepa.dll
2009-05-19 16:03 . 2009-02-19 16:03 81920 --sha-w- c:\programdata\sizehapu\sizehapu.dll
2009-05-19 16:03 . 2009-02-19 16:03 78848 ------w- c:\programdata\vugehoye\vugehoye.dll
2009-05-19 00:32 . 2009-02-19 00:32 81920 --sha-w- c:\programdata\pahewuja\pahewuja.dll
2009-05-19 00:32 . 2009-02-19 00:32 78848 --sha-w- c:\programdata\lelukiwi\lelukiwi.dll
2009-05-18 12:32 . 2009-02-18 12:32 81920 --sha-w- c:\programdata\zidukisu\zidukisu.dll
2009-05-18 12:32 . 2009-02-18 12:32 78848 ------w- c:\programdata\rijebehu\rijebehu.dll
2009-05-17 19:32 . 2009-02-17 19:32 81920 --sha-w- c:\programdata\kusavapu\kusavapu.dll
2009-05-17 19:32 . 2009-02-17 19:32 78848 ------w- c:\programdata\gofuhuvo\gofuhuvo.dll
2009-05-17 07:33 . 2009-02-17 07:33 81920 --sha-w- c:\programdata\powohefa\powohefa.dll
2009-05-17 07:33 . 2009-02-17 07:33 78848 ------w- c:\programdata\nidenefe\nidenefe.dll
2009-05-16 17:11 . 2009-02-16 17:11 78848 ------w- c:\programdata\wizisili\wizisili.dll
2009-05-16 17:11 . 2009-02-16 17:11 81920 --sha-w- c:\programdata\dagenijo\dagenijo.dll
2009-05-16 05:12 . 2009-02-16 05:12 81920 --sha-w- c:\programdata\pojovosa\pojovosa.dll
2009-05-16 05:12 . 2009-02-16 05:12 79360 ------w- c:\programdata\jahomayo\jahomayo.dll
2009-05-15 15:00 . 2009-02-15 15:00 81408 --sha-w- c:\programdata\zorihumu\zorihumu.dll
2009-05-15 15:00 . 2009-02-15 15:00 80384 ------w- c:\programdata\kefunuya\kefunuya.dll
2009-05-15 00:47 . 2009-05-14 12:41 -------- d-----w- c:\programdata\werusizo
2009-05-15 00:47 . 2009-05-14 12:41 -------- d-----w- c:\programdata\rumorojo
2009-05-15 00:47 . 2009-05-14 12:41 -------- d-----w- c:\programdata\mehahoda
2009-05-15 00:47 . 2009-02-15 00:46 48640 --sha-w- c:\programdata\leramada\leramada.dll
2009-05-15 00:46 . 2009-02-15 00:46 81408 --sha-w- c:\programdata\fomasopi\fomasopi.dll
2009-05-15 00:46 . 2009-02-15 00:46 79872 ------w- c:\programdata\kejepuha\kejepuha.dll
2009-05-14 13:08 . 2009-05-14 12:46 -------- d-----w- c:\programdata\pibiluta
2009-05-14 12:46 . 2009-05-14 12:46 -------- d-----w- c:\programdata\fenenefu
2009-05-14 12:46 . 2009-02-14 12:46 81408 --sha-w- c:\programdata\fenenefu\fenenefu.dll
2009-05-14 12:46 . 2009-02-14 12:46 79872 ------w- c:\programdata\pibiluta\pibiluta.dll
2009-05-14 09:13 . 2007-10-12 16:19 -------- d-----w- c:\program files\Java
2009-05-12 17:02 . 2007-10-11 22:55 77560 ----a-w- c:\users\Vytas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-12 14:28 . 2009-05-12 14:27 -------- d-----w- c:\users\Vytas\AppData\Roaming\vlc
2009-05-09 16:43 . 2009-05-09 16:43 568832 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcp90.dll
2009-05-09 16:43 . 2009-05-09 16:43 251392 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll
2009-05-09 16:43 . 2009-05-09 16:43 655872 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcr90.dll
2009-05-09 16:43 . 2009-05-09 16:43 224768 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcm90.dll
2009-05-09 16:32 . 2009-05-09 16:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\OpenOffice.org
2009-05-09 16:29 . 2009-05-09 16:29 -------- d-----w- c:\program files\JRE
2009-05-09 16:29 . 2009-05-09 16:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-09 16:29 . 2007-10-12 16:24 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-05-08 10:06 . 2007-10-12 16:33 1 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-08 10:05 . 2007-10-12 16:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\OpenOffice.org2
2009-05-07 14:59 . 2006-02-18 21:36 -------- d-----w- c:\programdata\Microsoft Help
2009-05-06 15:30 . 2009-05-06 15:30 4030464 ----a-w- c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll
2009-05-06 02:19 . 2006-02-18 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-25 14:45 . 2007-11-05 07:41 304160 ----a-w- C:\PA207.DAT
2007-11-07 17:10 . 2007-10-19 18:53 80 --sh--w- c:\windows\System32\82D200A335.dll
2009-03-11 08:34 . 2009-03-11 08:34 48640 --sha-w- c:\windows\System32\jahinepa.dll
2009-03-11 08:34 . 2009-03-11 08:34 48640 --sha-w- c:\windows\System32\rulituzi.dll
.

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

HAD TO DIVIDE INTO THREE PARTS!!!! Combo-Fix log, second part

Post by vyt4as on Sat Jun 13, 2009 8:18 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5b9edb6-883d-4b24-a791-571b4da72e36}]
2009-03-11 08:34 48640 --sha-w- c:\windows\System32\rulituzi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-11 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-15 151552]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"boyikosegi"="c:\windows\system32\jahinepa.dll" [2009-03-11 48640]
"CPM139b2832"="c:\windows\system32\tijayoni.dll" [2009-06-12 81920]
"10a81bae"="c:\windows\system32\yasisuge.dll" [2009-06-12 79360]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\tijayoni.dll" [2009-06-12 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tijayoni.dll [2009-06-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Vytas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Vytas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C674345-AB38-420D-ADCB-880C71E211BF}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{934EE960-5AC5-4EFC-BD21-BE300E41E7E5}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{21CD2AA2-171D-484A-BB08-56D415F74080}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{C365711E-460A-4FA7-A3D3-1F0940834708}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{197F7394-69E7-4235-8B77-7DE5854C4C65}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A447E83B-15A5-49CE-A268-9D2FAC8A6B8F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{AE2C0325-DF72-48B5-A753-6F120D6A723C}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DDA7DB8E-8EB4-472C-AFEE-6E95C227D36F}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B064514E-5EB2-4DAF-8D1E-1A3D5C8C9ECC}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{27992243-B8C0-4FB6-AA99-99D547DACA6B}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{993D6ABB-AB59-4384-80A3-BE3976C4151C}c:\\users\\vytas\\torrent\\bitlord\\bitlord.exe"= UDP:c:\users\vytas\torrent\bitlord\bitlord.exe:bitlord.exe
"UDP Query User{C4D09542-2D1F-4633-B766-8C3BB2113E75}c:\\users\\vytas\\torrent\\bitlord\\bitlord.exe"= TCP:c:\users\vytas\torrent\bitlord\bitlord.exe:bitlord.exe
"TCP Query User{A62760E9-A402-4C14-956D-CE3FF78D10F1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{870880C0-8959-49C5-B47D-F352C2ECC5DC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E605572A-D08D-4B34-A06D-B98DC0109039}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{258F375F-C093-486F-BDE4-2035AC340249}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{6302627F-78DB-4AD8-AA6F-66A4B2D1EFF2}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{39F202A4-D703-4E43-9802-CAB224C9EB6A}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{6ECF4940-9039-4FD1-8E85-50BA2228B9D8}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A087F7C9-A8EF-4039-9CF9-7BBA9451E1E5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{F83A3053-FDE8-426D-AA75-B82A3E80D298}c:\\users\\vytas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xqosznp2\\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe"= UDP:c:\users\vytas\appdata\local\microsoft\windows\temporary internet files\content.ie5\xqosznp2\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe:matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe
"UDP Query User{C6B8BF40-B162-46DB-9367-95BD65A9E8AD}c:\\users\\vytas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xqosznp2\\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe"= TCP:c:\users\vytas\appdata\local\microsoft\windows\temporary internet files\content.ie5\xqosznp2\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe:matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe
"{07D5B6C5-7AA6-497D-9D7D-F2A42629242C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7037883A-42BA-40A3-BB65-A67CBC3B0344}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{3E293C57-DC93-41F7-BF74-F89EC25BB513}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{5E77CD09-3562-4AD0-99EA-DE38DC39C0A0}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{478130DB-CF2A-4E8F-B2AB-5D1A67090707}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{A4728541-ED19-495D-A92B-23AAE741DFD2}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{04C6B41C-0294-47DC-A0D5-F20317955B48}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"TCP Query User{C910B94E-666A-4486-8E12-2725E6974205}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5E68B499-C08A-4BE4-B52B-844ACC95182B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9FA4FD8C-CB4E-4FBD-9B9C-D3FE27E59718}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{7D69AFFD-4091-48B0-9902-6C41DD538419}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{26EFD1CD-E594-4B50-A4D8-B6AA7FC389C0}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{6D6DF124-5734-434D-A84D-02D7D5861202}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{ED68082A-18BE-4E6A-9274-0C3599F8284E}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{749B813D-2452-4DD5-B843-4CD63CD4958F}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{035B9404-EEFD-4E0A-A67D-ECB8FC6E1C47}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{A579B498-F014-44E2-BC42-24153734996E}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"TCP Query User{55BBF1F0-195F-4CF2-8BCC-9D27618E590A}c:\\program files\\rayv\\rayv\\rayv.exe"= UDP:c:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{C74EF491-7C9F-4A7F-8611-0D2FB8A21CDD}c:\\program files\\rayv\\rayv\\rayv.exe"= TCP:c:\program files\rayv\rayv\rayv.exe:RayV
"{8289C3A5-9C43-48B1-87B2-5F065CB5E6A4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AC513A01-8D01-4C94-A563-BC9AA591D8FA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B1957CB7-D462-4CE2-9E52-B5BA6F79E25D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BD8DB11C-1020-4BE3-8BA9-F89AB171CC7E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{3AD53E66-CF11-4D5F-A40C-2B6CD8EADFDE}"= UDP:c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll:RayV
"{2DA93637-512A-4C9C-9997-3280E67F59E5}"= TCP:c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll:RayV
"{5A624976-B2C5-418B-A61C-E40E72EAFD40}"= UDP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{EE30D934-C0C7-40A2-9C2A-01C106411C05}"= TCP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{BC9DCA11-4E84-421C-B4F1-38F91C686139}"= UDP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{FE004356-6285-4088-9407-1A7D7DAFDA64}"= TCP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{AD72758E-98CE-424E-85B4-029A6DD92C41}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00455BFE-B646-43A4-B338-31E22B39396E}"= UDP:c:\windows\explorer.exe:Explorer
"{65315912-E277-4CFB-A562-F9FEDEE846DD}"= TCP:c:\windows\explorer.exe:Explorer
"{6C772113-48AE-4994-85B5-104083AA437F}"= UDP:c:\windows\System32\wbem\unsecapp.exe:unsecapp
"{7DB66448-B6B7-4FBD-B569-85AF267A98D1}"= TCP:c:\windows\System32\wbem\unsecapp.exe:unsecapp
"{59E219E1-5F12-40E9-958B-64D26907DDE4}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{6856A873-36D9-4639-A5BB-2B053DA3AC84}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{CA5E5DD1-B74A-4412-A5C3-3AF0D6FF7AE7}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{869FB900-7D8D-4328-9EB1-CFA3314AADEC}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{4B98C406-EE8E-41DF-9664-5E5BBA403CB0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{82302EE5-EB36-4D17-8F31-C0F350CD8E93}c:\\videolan\\vlc\\vlc.exe"= UDP:c:\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5FA5744A-C7F4-4873-9854-6AF2102CC0C5}c:\\videolan\\vlc\\vlc.exe"= TCP:c:\videolan\vlc\vlc.exe:VLC media player
"{D7320055-6390-48E4-ACF6-A11F8493C80D}"= UDP:c:\windows\explorer.exe:Explorer
"{6DFE98AE-B6E2-46D2-91AA-ED9109544DB5}"= TCP:c:\windows\explorer.exe:Explorer
"{FBB4C326-8D49-4A9C-918B-BECD1250420A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{706EE4CC-F4E4-4EA1-BBE2-8D084F3FB2CE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B3AEC15-B4DF-4873-AAEE-ECE190FF3965}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F29304E-D5AF-4D4E-BDC1-DA54A58654A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C39C021-7A26-4F22-9A53-DC0EF721128C}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{0491BD6A-16E8-44A1-B122-D5F7C7612264}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{EE56C679-1D1B-4ADE-9DC1-09888E642392}"= UDP:c:\windows\System32\wininit.exe:wininit
"{D83DB6EC-6448-40AB-9C12-37004C10538F}"= TCP:c:\windows\System32\wininit.exe:wininit
"{DFA18192-AE8F-4F6F-95AB-1E935B70CB14}"= UDP:c:\windows\System32\wininit.exe:wininit
"{1240459C-3ACC-437F-BD89-840945E58CF6}"= TCP:c:\windows\System32\wininit.exe:wininit
"{89393309-D78C-401F-B29B-B0840F801B55}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC2C9180-7DBC-4765-9574-3E202093FB5B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FE47A921-147B-4F37-A836-80EBE5422974}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08B1A77A-C52D-44C9-961E-9A6D4C4D745C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{442CB81D-F9A8-4F03-BF6A-212FD019A83E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{973A7A3A-2EF3-4712-8C59-416E911F7342}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9F6DCBBA-AB2D-453C-B664-785E87646F71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C20CB86D-35AF-4B3F-B183-157EA59F59A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4145E541-3205-4E09-94AF-8680F502A19B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2C94847C-403F-4A06-B60E-0DF7A7747C1E}"= UDP:c:\windows\System32\lsass.exe:lsass
"{CCEAAF47-C3D5-4C25-8022-B646A0863F9A}"= TCP:c:\windows\System32\lsass.exe:lsass
"{2BF684A7-3449-4674-AD12-8441FC4F3D2D}"= UDP:c:\windows\System32\lsass.exe:lsass
"{5D6DB2B9-C73B-4FE6-B60E-25F830C0237E}"= TCP:c:\windows\System32\lsass.exe:lsass
"{907A90EF-453D-4FFB-B834-8F19CCBF14F7}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{0C1BD637-E820-482D-8D02-2D82C4836410}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{5451595A-3BC3-436E-A252-6BE16A69D637}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{7C77FBB1-7C2F-4701-A11C-61646716716B}"= TCP:c:\windows\System32\taskeng.exe:taskeng

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Combo-Fix log, third part

Post by vyt4as on Sat Jun 13, 2009 8:19 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/06/2009 09:56 64160]
S2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};c:\program files\Acer\Acer Arcade\000.fcl [18/02/2006 22:30 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [18/02/2006 23:11 50688]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/06/2009 12:43 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1005904]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/11/2007 08:22 131200]
S3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [12/03/2009 20:12 23096]
S3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [12/03/2009 20:12 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{568CCD67-AA67-4F96-B113-EB3A9D0CB3C4}.job
- c:\windows\system32\msfeedssync.exe [2008-08-29 10:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-17997794 - c:\programdata\17997794\17997794.exe
HKLM-Run-98007786 - c:\programdata\98007786\98007786.exe
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Vytas\AppData\Roaming\Mozilla\Firefox\Profiles\2w0v2hf2.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Vytas\AppData\Roaming\Mozilla\Firefox\Profiles\2w0v2hf2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: c:\videolan\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 21:03
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Vytas\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506
c:\users\Vytas\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session
c:\users\Vytas\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}]
"ImagePath"="\??\c:\program files\Acer\Acer Arcade\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,49,ec,56,32,10,1f,4f,80,3d,90,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,49,ec,56,32,10,1f,4f,80,3d,90,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2128)
c:\windows\system32\tijayoni.dll
c:\windows\system32\yasisuge.dll
c:\windows\system32\rulituzi.dll
c:\windows\system32\jahinepa.dll
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\TV\PCMRM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\TV\PCMBM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppM1Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\TV\PCMBM1Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\EditMovie\MDTLM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppTLM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\EditMovie\MDTLM1Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppTLM1Splter.ax
c:\program files\Essentials Codec Pack\VSFilter.dll
c:\program files\Essentials Codec Pack\MpegSplitter.ax
c:\program files\Essentials Codec Pack\MpaSplitter.ax
c:\program files\Essentials Codec Pack\AviSplitter.ax
c:\program files\Essentials Codec Pack\OggSplitter.ax
c:\program files\Essentials Codec Pack\MP4Splitter.ax
c:\program files\Essentials Codec Pack\WavPackDSSplitter.ax
c:\program files\Essentials Codec Pack\MatroskaSplitter.ax
c:\program files\Essentials Codec Pack\FLVSplitter.ax
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\conime.exe
c:\windows\System32\CF32701.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\igfxsrvc.exe
c:\users\Vytas\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\igfxext.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\WUDFHost.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wercon.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-13 21:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 20:10

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 2,881,867,776 bytes free

489 --- E O F --- 2009-02-13 03:03

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Belahzur on Sat Jun 13, 2009 8:26 pm

Hello.
I want to get an uninstall list.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 8:37 pm

Couldn't eun Ice Sword (Initialize failed, error code: 1073740951).
Here is uninstall_list.txt from HijackThis:

AC3Filter (remove only)
Acer Arcade
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11
Aegisub 2.1.2 Release Preview r1987
AMCap
Apple Software Update
Audacity 1.2.6
AutoFLAC 1.2
Avira AntiVir Personal - Free Antivirus
BackStreet Browser 3.1
Blaze Media Pro
CCleaner (remove only)
DivX Content Uploader
DivX Web Player
Exact Audio Copy 0.99pb3
Flickr Uploadr 2.5.0.15
FLV Player 1.3.3
foobar2000 v0.9.4.5
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ 2.10.13 runtime environment
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Internet RadioFan 1.3.0
Java 3D 1.5.1
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Launch Manager
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.0.11)
MSConfig CleanUp 1.2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Need For Speed - Porsche Unleashed 2000
Norton PC Checkup
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Olympus Digital Wave Player
OpenOffice.org 3.0
PC Camera
PicLens for Internet Explorer
QuickTime
RayV
Realtek High Definition Audio Driver
Skype™ 4.0
SMSC Fast Infrared Driver
SPSS Statistics 17.0
Synaptics Pointing Device Driver
The GIMP 2.2.17
Transcribe! 7.51
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
VobSub v2.23 (Remove Only)
Windows Essentials Media Codec Pack 1.0
Windows Media Player Firefox Plugin
WinRAR archyvų programa
Wireless Manager
Xvid 1.1.3 final uninstall

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Origin on Sat Jun 13, 2009 8:51 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\kufisobe.dll
c:\windows\system32\davotudo.dll
c:\windows\system32\kijudawi.exe
c:\windows\system32\zawomebe.exe
c:\users\Vytas\AppData\Local\d3d9caps.dat
c:\windows\system32\kebizoru.exe
c:\windows\system32\tijayoni.dll
c:\windows\system32\yasisuge.dll
c:\windows\system32\lenevode.dll
c:\windows\system32\tayunazi.dll
c:\windows\system32\momolane.dll
c:\windows\system32\lujiyafa.dll
c:\users\Vytas\AppData\Roaming\uTorrent
c:\windows\system32\huyavamu.VIR
c:\windows\system32\kofumaje.VIR
c:\programdata\lowagora\lowagora.dll
c:\programdata\zewehapo\zewehapo.dll
c:\programdata\fisawuve\fisawuve.dll
c:\programdata\rewebafe\rewebafe.dll
c:\programdata\wufidipe\wufidipe.dll
c:\programdata\kuvikave\kuvikave.dll
c:\programdata\wuteluga\wuteluga.dll
c:\programdata\hizemeki\hizemeki.dll
c:\programdata\howayofa\howayofa.dll
c:\programdata\simetuwi\simetuwi.dll
c:\programdata\geruwupe\geruwupe.dll
c:\programdata\nosukiwe\nosukiwe.dll
c:\programdata\hulebaru\hulebaru.dll
c:\programdata\vitumepa\vitumepa.dll
c:\programdata\sizehapu\sizehapu.dll
c:\programdata\vugehoye\vugehoye.dll
c:\programdata\pahewuja\pahewuja.dll
c:\programdata\lelukiwi\lelukiwi.dll
c:\programdata\zidukisu\zidukisu.dll
c:\programdata\rijebehu\rijebehu.dll
c:\programdata\kusavapu\kusavapu.dll
c:\programdata\gofuhuvo\gofuhuvo.dll
c:\programdata\powohefa\powohefa.dll
c:\programdata\nidenefe\nidenefe.dll
c:\programdata\wizisili\wizisili.dll
c:\programdata\dagenijo\dagenijo.dll
c:\programdata\jahomayo\jahomayo.dll
c:\programdata\zorihumu\zorihumu.dll
c:\programdata\kefunuya\kefunuya.dll
c:\programdata\werusizo
c:\programdata\rumorojo
c:\programdata\mehahoda
c:\programdata\leramada\leramada.dll
c:\programdata\fomasopi\fomasopi.dll
c:\programdata\kejepuha\kejepuha.dll
c:\programdata\pibiluta
c:\programdata\fenenefu
c:\programdata\fenenefu\fenenefu.dll
c:\programdata\pibiluta\pibiluta.dll
C:\PA207.DAT
c:\windows\System32\82D200A335.dll
c:\windows\System32\jahinepa.dll
c:\windows\System32\rulituzi.dll



Folder::
c:\programdata\zewehapo
c:\programdata\lowagora
c:\programdata\rewebafe
c:\programdata\fisawuve
c:\programdata\kuvikave
c:\programdata\wufidipe
c:\programdata\wuteluga
c:\programdata\hizemeki
c:\programdata\simetuwi
c:\programdata\howayofa
c:\programdata\nosukiwe
c:\programdata\geruwupe
c:\programdata\vitumepa
c:\programdata\hulebaru
c:\programdata\vugehoye
c:\programdata\sizehapu
c:\programdata\lelukiwi
c:\programdata\pahewuja
c:\programdata\rijebehu
c:\programdata\zidukisu
c:\programdata\gofuhuvo
c:\programdata\kusavapu
c:\programdata\nidenefe
c:\programdata\powohefa
c:\programdata\wizisili
c:\programdata\dagenijo
c:\programdata\jahomayo
c:\programdata\pojovosa
c:\programdata\kefunuya
c:\programdata\seyamoyu
c:\programdata\hisukeba
c:\programdata\fahumaki
c:\programdata\kejepuha
c:\programdata\leramada
c:\programdata\fomasopi
c:\users\Vytas\AppData\Roaming\uTorrent


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5b9edb6-883d-4b24-a791-571b4da72e36}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boyikosegi"=-
"CPM139b2832"=-
"10a81bae"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 9:01 pm

I cannot remove these Java updates. When i try to, it says: 'The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contanct your support personnel for assistance'. What shall I do? P.S. i am in a safe mode.

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Origin on Sat Jun 13, 2009 9:09 pm

Skip that, please do the ComboFix instructions.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

first part

Post by vyt4as on Sat Jun 13, 2009 9:35 pm

ComboFix 09-06-13.02 - Vytas 13/06/2009 22:19.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1257.370.1033.18.1526.1113 [GMT 1:00]
Running from: c:\users\Vytas\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Vytas\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\PA207.DAT"
"c:\programdata\dagenijo\dagenijo.dll"
"c:\programdata\fenenefu"
"c:\programdata\fenenefu\fenenefu.dll"
"c:\programdata\fisawuve\fisawuve.dll"
"c:\programdata\fomasopi\fomasopi.dll"
"c:\programdata\geruwupe\geruwupe.dll"
"c:\programdata\gofuhuvo\gofuhuvo.dll"
"c:\programdata\hizemeki\hizemeki.dll"
"c:\programdata\howayofa\howayofa.dll"
"c:\programdata\hulebaru\hulebaru.dll"
"c:\programdata\jahomayo\jahomayo.dll"
"c:\programdata\kefunuya\kefunuya.dll"
"c:\programdata\kejepuha\kejepuha.dll"
"c:\programdata\kusavapu\kusavapu.dll"
"c:\programdata\kuvikave\kuvikave.dll"
"c:\programdata\lelukiwi\lelukiwi.dll"
"c:\programdata\leramada\leramada.dll"
"c:\programdata\lowagora\lowagora.dll"
"c:\programdata\mehahoda"
"c:\programdata\nidenefe\nidenefe.dll"
"c:\programdata\nosukiwe\nosukiwe.dll"
"c:\programdata\pahewuja\pahewuja.dll"
"c:\programdata\pibiluta"
"c:\programdata\pibiluta\pibiluta.dll"
"c:\programdata\powohefa\powohefa.dll"
"c:\programdata\rewebafe\rewebafe.dll"
"c:\programdata\rijebehu\rijebehu.dll"
"c:\programdata\rumorojo"
"c:\programdata\simetuwi\simetuwi.dll"
"c:\programdata\sizehapu\sizehapu.dll"
"c:\programdata\vitumepa\vitumepa.dll"
"c:\programdata\vugehoye\vugehoye.dll"
"c:\programdata\werusizo"
"c:\programdata\wizisili\wizisili.dll"
"c:\programdata\wufidipe\wufidipe.dll"
"c:\programdata\wuteluga\wuteluga.dll"
"c:\programdata\zewehapo\zewehapo.dll"
"c:\programdata\zidukisu\zidukisu.dll"
"c:\programdata\zorihumu\zorihumu.dll"
"c:\users\Vytas\AppData\Local\d3d9caps.dat"
"c:\users\Vytas\AppData\Roaming\uTorrent"
"c:\windows\System32\82D200A335.dll"
"c:\windows\system32\davotudo.dll"
"c:\windows\system32\huyavamu.VIR"
"c:\windows\System32\jahinepa.dll"
"c:\windows\system32\kebizoru.exe"
"c:\windows\system32\kijudawi.exe"
"c:\windows\system32\kofumaje.VIR"
"c:\windows\system32\kufisobe.dll"
"c:\windows\system32\lenevode.dll"
"c:\windows\system32\lujiyafa.dll"
"c:\windows\system32\momolane.dll"
"c:\windows\System32\rulituzi.dll"
"c:\windows\system32\tayunazi.dll"
"c:\windows\system32\tijayoni.dll"
"c:\windows\system32\yasisuge.dll"
"c:\windows\system32\zawomebe.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\dagenijo
c:\programdata\fahumaki
c:\programdata\fisawuve
c:\programdata\fomasopi
c:\programdata\geruwupe
c:\programdata\gofuhuvo
c:\programdata\hisukeba
c:\programdata\hizemeki
c:\programdata\howayofa
c:\programdata\hulebaru
c:\programdata\jahomayo
c:\programdata\kefunuya
c:\programdata\kejepuha
c:\programdata\kusavapu
c:\programdata\kuvikave
c:\programdata\lelukiwi
c:\programdata\leramada
c:\programdata\lowagora
c:\programdata\nidenefe
c:\programdata\nosukiwe
c:\programdata\pahewuja
c:\programdata\pojovosa
c:\programdata\powohefa
c:\programdata\rewebafe
c:\programdata\rijebehu
c:\programdata\seyamoyu
c:\programdata\simetuwi
c:\programdata\sizehapu
c:\programdata\vitumepa
c:\programdata\vugehoye
c:\programdata\wizisili
c:\programdata\wufidipe
c:\programdata\wuteluga
c:\programdata\zewehapo
c:\programdata\zidukisu
c:\users\Vytas\AppData\Roaming\uTorrent
C:\PA207.DAT
c:\programdata\dagenijo\dagenijo.dll
c:\programdata\fahumaki\fahumaki.dll.tmp
c:\programdata\fenenefu\fenenefu.dll
c:\programdata\fisawuve\fisawuve.dll
c:\programdata\fomasopi\fomasopi.dll
c:\programdata\geruwupe\geruwupe.dll
c:\programdata\gofuhuvo\gofuhuvo.dll
c:\programdata\gofuhuvo\ovuhufog.ini
c:\programdata\hisukeba\hisukeba.dll.tmp
c:\programdata\hizemeki\hizemeki.dll
c:\programdata\howayofa\howayofa.dll
c:\programdata\hulebaru\hulebaru.dll
c:\programdata\jahomayo\jahomayo.dll
c:\programdata\jahomayo\oyamohaj.ini
c:\programdata\kefunuya\ayunufek.ini
c:\programdata\kefunuya\kefunuya.dll
c:\programdata\kejepuha\ahupejek.ini
c:\programdata\kejepuha\kejepuha.dll
c:\programdata\kusavapu\kusavapu.dll
c:\programdata\kuvikave\evakivuk.ini
c:\programdata\kuvikave\kuvikave.dll
c:\programdata\lelukiwi\iwikulel.ini
c:\programdata\lelukiwi\lelukiwi.dll
c:\programdata\leramada\leramada.dll
c:\programdata\lowagora\lowagora.dll
c:\programdata\nidenefe\efenedin.ini
c:\programdata\nidenefe\nidenefe.dll
c:\programdata\nosukiwe\nosukiwe.dll
c:\programdata\pahewuja\pahewuja.dll
c:\programdata\pibiluta\pibiluta.dll
c:\programdata\pojovosa\pojovosa.dll
c:\programdata\powohefa\powohefa.dll
c:\programdata\rewebafe\efabewer.ini
c:\programdata\rewebafe\rewebafe.dll
c:\programdata\rijebehu\rijebehu.dll
c:\programdata\rijebehu\uhebejir.ini
c:\programdata\seyamoyu\seyamoyu.dll.tmp
c:\programdata\simetuwi\iwutemis.ini
c:\programdata\simetuwi\simetuwi.dll
c:\programdata\sizehapu\sizehapu.dll
c:\programdata\vitumepa\vitumepa.dll
c:\programdata\vugehoye\eyoheguv.ini
c:\programdata\vugehoye\vugehoye.dll
c:\programdata\wizisili\ilisiziw.ini
c:\programdata\wizisili\wizisili.dll
c:\programdata\wufidipe\wufidipe.dll
c:\programdata\wuteluga\wuteluga.dll
c:\programdata\zewehapo\zewehapo.dll
c:\programdata\zidukisu\zidukisu.dll
c:\programdata\zorihumu\zorihumu.dll
c:\users\Vytas\AppData\Local\d3d9caps.dat
c:\users\Vytas\AppData\Roaming\uTorrent\Angel-A (2005) DVDRip (XVid) - French audio_English subtitles.torrent
c:\users\Vytas\AppData\Roaming\uTorrent\Angel [2005] [Soundtrack] [[You must be registered and logged in to see this link.]
c:\users\Vytas\AppData\Roaming\uTorrent\dht.dat
c:\users\Vytas\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Vytas\AppData\Roaming\uTorrent\resume.dat
c:\users\Vytas\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Vytas\AppData\Roaming\uTorrent\rss.dat
c:\users\Vytas\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Vytas\AppData\Roaming\uTorrent\settings.dat
c:\users\Vytas\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Vytas\AppData\Roaming\uTorrent\utorrent.lng
c:\windows\System32\82D200A335.dll
c:\windows\system32\davotudo.dll
c:\windows\system32\egusisay.ini
c:\windows\system32\huyavamu.VIR
c:\windows\System32\jahinepa.dll
c:\windows\system32\kebizoru.exe
c:\windows\system32\kijudawi.exe
c:\windows\system32\kofumaje.VIR
c:\windows\system32\kufisobe.dll
c:\windows\system32\lenevode.dll
c:\windows\system32\lujiyafa.dll
c:\windows\system32\momolane.dll
c:\windows\System32\rulituzi.dll
c:\windows\system32\tayunazi.dll
c:\windows\system32\tijayoni.dll
c:\windows\system32\yasisuge.dll
c:\windows\system32\zawomebe.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 21:22 . 2009-06-13 21:24 -------- d-----w- c:\users\Vytas\AppData\Local\temp
2009-06-13 18:39 . 2009-06-13 18:39 0 ----a-w- c:\windows\system32\x2.dat
2009-06-11 08:56 . 2009-06-08 22:38 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-08 22:38 . 2009-06-08 22:38 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-08 22:38 . 2009-06-08 22:38 73064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-08 11:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-08 11:43 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-08 11:43 . 2009-06-08 11:43 -------- d-----w- c:\programdata\Avira
2009-06-08 11:43 . 2009-06-08 11:43 -------- d-----w- c:\program files\Avira
2009-06-08 11:13 . 2009-06-08 11:13 655872 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcr90.dll
2009-06-08 11:13 . 2009-06-08 11:13 601088 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\PresenterScreen.uno.dll
2009-06-08 11:13 . 2009-06-08 11:13 568832 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcp90.dll
2009-06-08 11:13 . 2009-06-08 11:13 224768 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcm90.dll
2009-06-07 18:34 . 2009-06-08 11:22 -------- d-----w- c:\program files\CCleaner
2009-05-24 21:39 . 2007-08-24 18:26 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-05-15 15:00 . 2009-06-13 21:19 -------- d-----w- c:\programdata\zorihumu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 21:19 . 2009-05-14 12:46 -------- d-----w- c:\programdata\pibiluta
2009-06-13 21:19 . 2009-05-14 12:46 -------- d-----w- c:\programdata\fenenefu
2009-06-12 22:28 . 2007-10-11 14:42 -------- d-----w- c:\users\Vytas\AppData\Roaming\Skype
2009-06-09 11:21 . 2009-05-09 16:32 1 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-30 21:52 . 2009-03-16 18:14 -------- d-----w- c:\users\Vytas\AppData\Roaming\RayV
2009-05-26 15:53 . 2008-03-09 20:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\dvdcss
2009-05-15 00:47 . 2009-05-14 12:41 -------- d-----w- c:\programdata\werusizo
2009-05-15 00:47 . 2009-05-14 12:41 -------- d-----w- c:\programdata\rumorojo
2009-05-15 00:47 . 2009-05-14 12:41 -------- d-----w- c:\programdata\mehahoda
2009-05-14 09:13 . 2007-10-12 16:19 -------- d-----w- c:\program files\Java
2009-05-12 17:02 . 2007-10-11 22:55 77560 ----a-w- c:\users\Vytas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-12 14:28 . 2009-05-12 14:27 -------- d-----w- c:\users\Vytas\AppData\Roaming\vlc
2009-05-09 16:43 . 2009-05-09 16:43 568832 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcp90.dll
2009-05-09 16:43 . 2009-05-09 16:43 251392 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll
2009-05-09 16:43 . 2009-05-09 16:43 655872 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcr90.dll
2009-05-09 16:43 . 2009-05-09 16:43 224768 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcm90.dll
2009-05-09 16:32 . 2009-05-09 16:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\OpenOffice.org
2009-05-09 16:29 . 2009-05-09 16:29 -------- d-----w- c:\program files\JRE
2009-05-09 16:29 . 2009-05-09 16:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-09 16:29 . 2007-10-12 16:24 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-05-08 10:06 . 2007-10-12 16:33 1 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-08 10:05 . 2007-10-12 16:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\OpenOffice.org2
2009-05-07 14:59 . 2006-02-18 21:36 -------- d-----w- c:\programdata\Microsoft Help
2009-05-06 15:30 . 2009-05-06 15:30 4030464 ----a-w- c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll
2009-05-06 02:19 . 2006-02-18 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-01 08:05 . 2009-06-13 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-01 08:05 . 2009-06-13 20:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-01 08:05 . 2009-06-13 20:02 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-01 08:05 . 2009-06-13 18:36 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-01 08:05 . 2009-06-13 20:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-06-01 08:05 . 2009-06-13 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-06-13 20:10 610142 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-13 20:10 103924 c:\windows\System32\perfc009.dat

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

second one

Post by vyt4as on Sat Jun 13, 2009 9:36 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-11 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-15 151552]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Vytas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Vytas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C674345-AB38-420D-ADCB-880C71E211BF}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{934EE960-5AC5-4EFC-BD21-BE300E41E7E5}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{21CD2AA2-171D-484A-BB08-56D415F74080}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{C365711E-460A-4FA7-A3D3-1F0940834708}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{197F7394-69E7-4235-8B77-7DE5854C4C65}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A447E83B-15A5-49CE-A268-9D2FAC8A6B8F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{AE2C0325-DF72-48B5-A753-6F120D6A723C}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DDA7DB8E-8EB4-472C-AFEE-6E95C227D36F}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B064514E-5EB2-4DAF-8D1E-1A3D5C8C9ECC}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{27992243-B8C0-4FB6-AA99-99D547DACA6B}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{993D6ABB-AB59-4384-80A3-BE3976C4151C}c:\\users\\vytas\\torrent\\bitlord\\bitlord.exe"= UDP:c:\users\vytas\torrent\bitlord\bitlord.exe:bitlord.exe
"UDP Query User{C4D09542-2D1F-4633-B766-8C3BB2113E75}c:\\users\\vytas\\torrent\\bitlord\\bitlord.exe"= TCP:c:\users\vytas\torrent\bitlord\bitlord.exe:bitlord.exe
"TCP Query User{A62760E9-A402-4C14-956D-CE3FF78D10F1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{870880C0-8959-49C5-B47D-F352C2ECC5DC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E605572A-D08D-4B34-A06D-B98DC0109039}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{258F375F-C093-486F-BDE4-2035AC340249}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{6302627F-78DB-4AD8-AA6F-66A4B2D1EFF2}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{39F202A4-D703-4E43-9802-CAB224C9EB6A}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{6ECF4940-9039-4FD1-8E85-50BA2228B9D8}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A087F7C9-A8EF-4039-9CF9-7BBA9451E1E5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{F83A3053-FDE8-426D-AA75-B82A3E80D298}c:\\users\\vytas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xqosznp2\\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe"= UDP:c:\users\vytas\appdata\local\microsoft\windows\temporary internet files\content.ie5\xqosznp2\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe:matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe
"UDP Query User{C6B8BF40-B162-46DB-9367-95BD65A9E8AD}c:\\users\\vytas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xqosznp2\\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe"= TCP:c:\users\vytas\appdata\local\microsoft\windows\temporary internet files\content.ie5\xqosznp2\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe:matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe
"{07D5B6C5-7AA6-497D-9D7D-F2A42629242C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7037883A-42BA-40A3-BB65-A67CBC3B0344}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{3E293C57-DC93-41F7-BF74-F89EC25BB513}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{5E77CD09-3562-4AD0-99EA-DE38DC39C0A0}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{478130DB-CF2A-4E8F-B2AB-5D1A67090707}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{A4728541-ED19-495D-A92B-23AAE741DFD2}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{04C6B41C-0294-47DC-A0D5-F20317955B48}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"TCP Query User{C910B94E-666A-4486-8E12-2725E6974205}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5E68B499-C08A-4BE4-B52B-844ACC95182B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9FA4FD8C-CB4E-4FBD-9B9C-D3FE27E59718}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{7D69AFFD-4091-48B0-9902-6C41DD538419}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{26EFD1CD-E594-4B50-A4D8-B6AA7FC389C0}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{6D6DF124-5734-434D-A84D-02D7D5861202}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{ED68082A-18BE-4E6A-9274-0C3599F8284E}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{749B813D-2452-4DD5-B843-4CD63CD4958F}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{035B9404-EEFD-4E0A-A67D-ECB8FC6E1C47}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{A579B498-F014-44E2-BC42-24153734996E}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"TCP Query User{55BBF1F0-195F-4CF2-8BCC-9D27618E590A}c:\\program files\\rayv\\rayv\\rayv.exe"= UDP:c:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{C74EF491-7C9F-4A7F-8611-0D2FB8A21CDD}c:\\program files\\rayv\\rayv\\rayv.exe"= TCP:c:\program files\rayv\rayv\rayv.exe:RayV
"{8289C3A5-9C43-48B1-87B2-5F065CB5E6A4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AC513A01-8D01-4C94-A563-BC9AA591D8FA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B1957CB7-D462-4CE2-9E52-B5BA6F79E25D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BD8DB11C-1020-4BE3-8BA9-F89AB171CC7E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{3AD53E66-CF11-4D5F-A40C-2B6CD8EADFDE}"= UDP:c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll:RayV
"{2DA93637-512A-4C9C-9997-3280E67F59E5}"= TCP:c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll:RayV
"{5A624976-B2C5-418B-A61C-E40E72EAFD40}"= UDP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{EE30D934-C0C7-40A2-9C2A-01C106411C05}"= TCP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{BC9DCA11-4E84-421C-B4F1-38F91C686139}"= UDP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{FE004356-6285-4088-9407-1A7D7DAFDA64}"= TCP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{AD72758E-98CE-424E-85B4-029A6DD92C41}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00455BFE-B646-43A4-B338-31E22B39396E}"= UDP:c:\windows\explorer.exe:Explorer
"{65315912-E277-4CFB-A562-F9FEDEE846DD}"= TCP:c:\windows\explorer.exe:Explorer
"{6C772113-48AE-4994-85B5-104083AA437F}"= UDP:c:\windows\System32\wbem\unsecapp.exe:unsecapp
"{7DB66448-B6B7-4FBD-B569-85AF267A98D1}"= TCP:c:\windows\System32\wbem\unsecapp.exe:unsecapp
"{59E219E1-5F12-40E9-958B-64D26907DDE4}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{6856A873-36D9-4639-A5BB-2B053DA3AC84}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{CA5E5DD1-B74A-4412-A5C3-3AF0D6FF7AE7}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{869FB900-7D8D-4328-9EB1-CFA3314AADEC}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{4B98C406-EE8E-41DF-9664-5E5BBA403CB0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{82302EE5-EB36-4D17-8F31-C0F350CD8E93}c:\\videolan\\vlc\\vlc.exe"= UDP:c:\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5FA5744A-C7F4-4873-9854-6AF2102CC0C5}c:\\videolan\\vlc\\vlc.exe"= TCP:c:\videolan\vlc\vlc.exe:VLC media player
"{D7320055-6390-48E4-ACF6-A11F8493C80D}"= UDP:c:\windows\explorer.exe:Explorer
"{6DFE98AE-B6E2-46D2-91AA-ED9109544DB5}"= TCP:c:\windows\explorer.exe:Explorer
"{FBB4C326-8D49-4A9C-918B-BECD1250420A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{706EE4CC-F4E4-4EA1-BBE2-8D084F3FB2CE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B3AEC15-B4DF-4873-AAEE-ECE190FF3965}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F29304E-D5AF-4D4E-BDC1-DA54A58654A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C39C021-7A26-4F22-9A53-DC0EF721128C}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{0491BD6A-16E8-44A1-B122-D5F7C7612264}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{EE56C679-1D1B-4ADE-9DC1-09888E642392}"= UDP:c:\windows\System32\wininit.exe:wininit
"{D83DB6EC-6448-40AB-9C12-37004C10538F}"= TCP:c:\windows\System32\wininit.exe:wininit
"{DFA18192-AE8F-4F6F-95AB-1E935B70CB14}"= UDP:c:\windows\System32\wininit.exe:wininit
"{1240459C-3ACC-437F-BD89-840945E58CF6}"= TCP:c:\windows\System32\wininit.exe:wininit
"{89393309-D78C-401F-B29B-B0840F801B55}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC2C9180-7DBC-4765-9574-3E202093FB5B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FE47A921-147B-4F37-A836-80EBE5422974}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08B1A77A-C52D-44C9-961E-9A6D4C4D745C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{442CB81D-F9A8-4F03-BF6A-212FD019A83E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{973A7A3A-2EF3-4712-8C59-416E911F7342}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9F6DCBBA-AB2D-453C-B664-785E87646F71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C20CB86D-35AF-4B3F-B183-157EA59F59A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4145E541-3205-4E09-94AF-8680F502A19B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2C94847C-403F-4A06-B60E-0DF7A7747C1E}"= UDP:c:\windows\System32\lsass.exe:lsass
"{CCEAAF47-C3D5-4C25-8022-B646A0863F9A}"= TCP:c:\windows\System32\lsass.exe:lsass
"{2BF684A7-3449-4674-AD12-8441FC4F3D2D}"= UDP:c:\windows\System32\lsass.exe:lsass
"{5D6DB2B9-C73B-4FE6-B60E-25F830C0237E}"= TCP:c:\windows\System32\lsass.exe:lsass
"{907A90EF-453D-4FFB-B834-8F19CCBF14F7}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{0C1BD637-E820-482D-8D02-2D82C4836410}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{5451595A-3BC3-436E-A252-6BE16A69D637}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{7C77FBB1-7C2F-4701-A11C-61646716716B}"= TCP:c:\windows\System32\taskeng.exe:taskeng

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

third part

Post by vyt4as on Sat Jun 13, 2009 9:37 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/06/2009 09:56 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1005904]
S2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};c:\program files\Acer\Acer Arcade\000.fcl [18/02/2006 22:30 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [18/02/2006 23:11 50688]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/06/2009 12:43 108289]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/11/2007 08:22 131200]
S3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [12/03/2009 20:12 23096]
S3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [12/03/2009 20:12 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{568CCD67-AA67-4F96-B113-EB3A9D0CB3C4}.job
- c:\windows\system32\msfeedssync.exe [2008-08-29 10:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-boyikosegi - c:\windows\system32\jahinepa.dll
HKLM-Run-CPM139b2832 - c:\windows\system32\tijayoni.dll
HKLM-Run-10a81bae - c:\windows\system32\yasisuge.dll
HKLM-RunOnce- - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Vytas\AppData\Roaming\Mozilla\Firefox\Profiles\2w0v2hf2.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Vytas\AppData\Roaming\Mozilla\Firefox\Profiles\2w0v2hf2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: c:\videolan\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 22:24
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}]
"ImagePath"="\??\c:\program files\Acer\Acer Arcade\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,49,ec,56,32,10,1f,4f,80,3d,90,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,49,ec,56,32,10,1f,4f,80,3d,90,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1420)
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\TV\PCMRM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\TV\PCMBM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppM1Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\TV\PCMBM1Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\EditMovie\MDTLM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppTLM2Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\EditMovie\MDTLM1Splter.ax
c:\program files\Acer\Acer Arcade\Kernel\Burner\ppTLM1Splter.ax
c:\program files\Essentials Codec Pack\VSFilter.dll
c:\program files\Essentials Codec Pack\MpegSplitter.ax
c:\program files\Essentials Codec Pack\MpaSplitter.ax
c:\program files\Essentials Codec Pack\AviSplitter.ax
c:\program files\Essentials Codec Pack\OggSplitter.ax
c:\program files\Essentials Codec Pack\MP4Splitter.ax
c:\program files\Essentials Codec Pack\WavPackDSSplitter.ax
c:\program files\Essentials Codec Pack\MatroskaSplitter.ax
c:\program files\Essentials Codec Pack\FLVSplitter.ax
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
c:\windows\HelpPane.exe
.
**************************************************************************
.
Completion time: 2009-06-13 22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 21:29
ComboFix2.txt 2009-06-13 20:10

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 5,860,388,864 bytes free

492 --- E O F --- 2009-02-13 03:03

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 9:38 pm

Btw, it said that it uploaded files into server for further analysis

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Belahzur on Sat Jun 13, 2009 9:42 pm

Hello.

Still some malware left.
[/LIST]
Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\programdata\zorihumu
c:\windows\system32\x2.dat

Folder::
c:\programdata\pibiluta
c:\programdata\fenenefu
c:\programdata\werusizo
c:\programdata\rumorojo
c:\programdata\mehahoda

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{993D6ABB-AB59-4384-80A3-BE3976C4151C}c:\\users\\vytas\\torrent\\bitlord\\bitlord.exe"=-
"UDP Query User{C4D09542-2D1F-4633-B766-8C3BB2113E75}c:\\users\\vytas\\torrent\\bitlord\\bitlord.exe"=-
"TCP Query User{A62760E9-A402-4C14-956D-CE3FF78D10F1}c:\\program files\\emule\\emule.exe"=-
"UDP Query User{870880C0-8959-49C5-B47D-F352C2ECC5DC}c:\\program files\\emule\\emule.exe"=-
"TCP Query User{6302627F-78DB-4AD8-AA6F-66A4B2D1EFF2}c:\\program files\\bitlord\\bitlord.exe"=-
"UDP Query User{39F202A4-D703-4E43-9802-CAB224C9EB6A}c:\\program files\\bitlord\\bitlord.exe"=-
"TCP Query User{6ECF4940-9039-4FD1-8E85-50BA2228B9D8}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{A087F7C9-A8EF-4039-9CF9-7BBA9451E1E5}c:\\program files\\utorrent\\utorrent.exe"=-
"TCP Query User{F83A3053-FDE8-426D-AA75-B82A3E80D298}c:\\users\\vytas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xqosznp2\\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe"=-
"UDP Query User{C6B8BF40-B162-46DB-9367-95BD65A9E8AD}c:\\users\\vytas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xqosznp2\\matrix_1___matrix_2___matrix_3___animatrix_[hun_voice][1].exe"=-
"TCP Query User{C910B94E-666A-4486-8E12-2725E6974205}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{5E68B499-C08A-4BE4-B52B-844ACC95182B}c:\\program files\\utorrent\\utorrent.exe"=-
{8289C3A5-9C43-48B1-87B2-5F065CB5E6A4}"=-
"{AC513A01-8D01-4C94-A563-BC9AA591D8FA}"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 9:56 pm

ComboFix 09-06-13.02 - Vytas 13/06/2009 22:50.3 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1257.370.1033.18.1526.1095 [GMT 1:00]
Running from: c:\users\Vytas\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Vytas\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\fenenefu
c:\programdata\mehahoda
c:\programdata\pibiluta
c:\programdata\rumorojo
c:\programdata\werusizo
c:\programdata\zorihumu
c:\programdata\mehahoda\mehahoda.dll.tmp
c:\programdata\pibiluta\atulibip.ini
c:\programdata\rumorojo\rumorojo.dll.tmp
c:\programdata\werusizo\werusizo.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 21:52 . 2009-06-13 21:53 -------- d-----w- c:\users\Vytas\AppData\Local\temp
2009-06-13 18:39 . 2009-06-13 18:39 0 ----a-w- c:\windows\system32\x2.dat
2009-06-11 08:56 . 2009-06-08 22:38 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-08 22:38 . 2009-06-08 22:38 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-08 22:38 . 2009-06-08 22:38 73064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-08 11:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-08 11:43 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-08 11:43 . 2009-06-08 11:43 -------- d-----w- c:\programdata\Avira
2009-06-08 11:43 . 2009-06-08 11:43 -------- d-----w- c:\program files\Avira
2009-06-08 11:13 . 2009-06-08 11:13 655872 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcr90.dll
2009-06-08 11:13 . 2009-06-08 11:13 601088 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\PresenterScreen.uno.dll
2009-06-08 11:13 . 2009-06-08 11:13 568832 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcp90.dll
2009-06-08 11:13 . 2009-06-08 11:13 224768 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\15E5.tmp_\sun-presenter-screen.oxt\msvcm90.dll
2009-06-07 18:34 . 2009-06-08 11:22 -------- d-----w- c:\program files\CCleaner
2009-05-24 21:39 . 2007-08-24 18:26 172032 ----a-w- c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 21:33 . 2009-06-13 21:33 680 ----a-w- c:\users\Vytas\AppData\Local\d3d9caps.dat
2009-06-12 22:28 . 2007-10-11 14:42 -------- d-----w- c:\users\Vytas\AppData\Roaming\Skype
2009-06-09 11:21 . 2009-05-09 16:32 1 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-30 21:52 . 2009-03-16 18:14 -------- d-----w- c:\users\Vytas\AppData\Roaming\RayV
2009-05-26 15:53 . 2008-03-09 20:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\dvdcss
2009-05-14 09:13 . 2007-10-12 16:19 -------- d-----w- c:\program files\Java
2009-05-12 17:02 . 2007-10-11 22:55 77560 ----a-w- c:\users\Vytas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-12 14:28 . 2009-05-12 14:27 -------- d-----w- c:\users\Vytas\AppData\Roaming\vlc
2009-05-09 16:43 . 2009-05-09 16:43 568832 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcp90.dll
2009-05-09 16:43 . 2009-05-09 16:43 251392 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll
2009-05-09 16:43 . 2009-05-09 16:43 655872 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcr90.dll
2009-05-09 16:43 . 2009-05-09 16:43 224768 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\ADE5.tmp_\sun-presentation-minimizer.oxt\msvcm90.dll
2009-05-09 16:32 . 2009-05-09 16:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\OpenOffice.org
2009-05-09 16:29 . 2009-05-09 16:29 -------- d-----w- c:\program files\JRE
2009-05-09 16:29 . 2009-05-09 16:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-09 16:29 . 2007-10-12 16:24 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-05-08 10:06 . 2007-10-12 16:33 1 ----a-w- c:\users\Vytas\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-08 10:05 . 2007-10-12 16:32 -------- d-----w- c:\users\Vytas\AppData\Roaming\OpenOffice.org2
2009-05-07 14:59 . 2006-02-18 21:36 -------- d-----w- c:\programdata\Microsoft Help
2009-05-06 15:30 . 2009-05-06 15:30 4030464 ----a-w- c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll
2009-05-06 02:19 . 2006-02-18 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-01 08:05 . 2009-06-13 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-01 08:05 . 2009-06-13 20:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-01 08:05 . 2009-06-13 20:02 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-01 08:05 . 2009-06-13 18:36 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-01 08:05 . 2009-06-13 20:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-06-01 08:05 . 2009-06-13 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-06-13 20:10 610142 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-13 20:10 103924 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-11 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-15 151552]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Vytas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Vytas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 9:57 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C674345-AB38-420D-ADCB-880C71E211BF}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{934EE960-5AC5-4EFC-BD21-BE300E41E7E5}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{21CD2AA2-171D-484A-BB08-56D415F74080}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{C365711E-460A-4FA7-A3D3-1F0940834708}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{197F7394-69E7-4235-8B77-7DE5854C4C65}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A447E83B-15A5-49CE-A268-9D2FAC8A6B8F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{AE2C0325-DF72-48B5-A753-6F120D6A723C}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DDA7DB8E-8EB4-472C-AFEE-6E95C227D36F}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B064514E-5EB2-4DAF-8D1E-1A3D5C8C9ECC}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{27992243-B8C0-4FB6-AA99-99D547DACA6B}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{E605572A-D08D-4B34-A06D-B98DC0109039}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{258F375F-C093-486F-BDE4-2035AC340249}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{07D5B6C5-7AA6-497D-9D7D-F2A42629242C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7037883A-42BA-40A3-BB65-A67CBC3B0344}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{3E293C57-DC93-41F7-BF74-F89EC25BB513}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{5E77CD09-3562-4AD0-99EA-DE38DC39C0A0}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{478130DB-CF2A-4E8F-B2AB-5D1A67090707}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{A4728541-ED19-495D-A92B-23AAE741DFD2}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{04C6B41C-0294-47DC-A0D5-F20317955B48}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"TCP Query User{9FA4FD8C-CB4E-4FBD-9B9C-D3FE27E59718}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{7D69AFFD-4091-48B0-9902-6C41DD538419}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{26EFD1CD-E594-4B50-A4D8-B6AA7FC389C0}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{6D6DF124-5734-434D-A84D-02D7D5861202}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{ED68082A-18BE-4E6A-9274-0C3599F8284E}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{749B813D-2452-4DD5-B843-4CD63CD4958F}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{035B9404-EEFD-4E0A-A67D-ECB8FC6E1C47}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{A579B498-F014-44E2-BC42-24153734996E}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"TCP Query User{55BBF1F0-195F-4CF2-8BCC-9D27618E590A}c:\\program files\\rayv\\rayv\\rayv.exe"= UDP:c:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{C74EF491-7C9F-4A7F-8611-0D2FB8A21CDD}c:\\program files\\rayv\\rayv\\rayv.exe"= TCP:c:\program files\rayv\rayv\rayv.exe:RayV
"{8289C3A5-9C43-48B1-87B2-5F065CB5E6A4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"TCP Query User{B1957CB7-D462-4CE2-9E52-B5BA6F79E25D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BD8DB11C-1020-4BE3-8BA9-F89AB171CC7E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{3AD53E66-CF11-4D5F-A40C-2B6CD8EADFDE}"= UDP:c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll:RayV
"{2DA93637-512A-4C9C-9997-3280E67F59E5}"= TCP:c:\users\Vytas\AppData\Roaming\RayV\Viewer\RayV.dll:RayV
"{5A624976-B2C5-418B-A61C-E40E72EAFD40}"= UDP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{EE30D934-C0C7-40A2-9C2A-01C106411C05}"= TCP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{BC9DCA11-4E84-421C-B4F1-38F91C686139}"= UDP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{FE004356-6285-4088-9407-1A7D7DAFDA64}"= TCP:c:\program files\Olympus\DeviceDetector\DevDtct2.exe:DevDtct2
"{AD72758E-98CE-424E-85B4-029A6DD92C41}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00455BFE-B646-43A4-B338-31E22B39396E}"= UDP:c:\windows\explorer.exe:Explorer
"{65315912-E277-4CFB-A562-F9FEDEE846DD}"= TCP:c:\windows\explorer.exe:Explorer
"{6C772113-48AE-4994-85B5-104083AA437F}"= UDP:c:\windows\System32\wbem\unsecapp.exe:unsecapp
"{7DB66448-B6B7-4FBD-B569-85AF267A98D1}"= TCP:c:\windows\System32\wbem\unsecapp.exe:unsecapp
"{59E219E1-5F12-40E9-958B-64D26907DDE4}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{6856A873-36D9-4639-A5BB-2B053DA3AC84}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{CA5E5DD1-B74A-4412-A5C3-3AF0D6FF7AE7}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{869FB900-7D8D-4328-9EB1-CFA3314AADEC}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{4B98C406-EE8E-41DF-9664-5E5BBA403CB0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{82302EE5-EB36-4D17-8F31-C0F350CD8E93}c:\\videolan\\vlc\\vlc.exe"= UDP:c:\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5FA5744A-C7F4-4873-9854-6AF2102CC0C5}c:\\videolan\\vlc\\vlc.exe"= TCP:c:\videolan\vlc\vlc.exe:VLC media player
"{D7320055-6390-48E4-ACF6-A11F8493C80D}"= UDP:c:\windows\explorer.exe:Explorer
"{6DFE98AE-B6E2-46D2-91AA-ED9109544DB5}"= TCP:c:\windows\explorer.exe:Explorer
"{FBB4C326-8D49-4A9C-918B-BECD1250420A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{706EE4CC-F4E4-4EA1-BBE2-8D084F3FB2CE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B3AEC15-B4DF-4873-AAEE-ECE190FF3965}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F29304E-D5AF-4D4E-BDC1-DA54A58654A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C39C021-7A26-4F22-9A53-DC0EF721128C}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{0491BD6A-16E8-44A1-B122-D5F7C7612264}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{EE56C679-1D1B-4ADE-9DC1-09888E642392}"= UDP:c:\windows\System32\wininit.exe:wininit
"{D83DB6EC-6448-40AB-9C12-37004C10538F}"= TCP:c:\windows\System32\wininit.exe:wininit
"{DFA18192-AE8F-4F6F-95AB-1E935B70CB14}"= UDP:c:\windows\System32\wininit.exe:wininit
"{1240459C-3ACC-437F-BD89-840945E58CF6}"= TCP:c:\windows\System32\wininit.exe:wininit
"{89393309-D78C-401F-B29B-B0840F801B55}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC2C9180-7DBC-4765-9574-3E202093FB5B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FE47A921-147B-4F37-A836-80EBE5422974}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08B1A77A-C52D-44C9-961E-9A6D4C4D745C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{442CB81D-F9A8-4F03-BF6A-212FD019A83E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{973A7A3A-2EF3-4712-8C59-416E911F7342}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9F6DCBBA-AB2D-453C-B664-785E87646F71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C20CB86D-35AF-4B3F-B183-157EA59F59A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4145E541-3205-4E09-94AF-8680F502A19B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2C94847C-403F-4A06-B60E-0DF7A7747C1E}"= UDP:c:\windows\System32\lsass.exe:lsass
"{CCEAAF47-C3D5-4C25-8022-B646A0863F9A}"= TCP:c:\windows\System32\lsass.exe:lsass
"{2BF684A7-3449-4674-AD12-8441FC4F3D2D}"= UDP:c:\windows\System32\lsass.exe:lsass
"{5D6DB2B9-C73B-4FE6-B60E-25F830C0237E}"= TCP:c:\windows\System32\lsass.exe:lsass
"{907A90EF-453D-4FFB-B834-8F19CCBF14F7}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{0C1BD637-E820-482D-8D02-2D82C4836410}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{5451595A-3BC3-436E-A252-6BE16A69D637}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{7C77FBB1-7C2F-4701-A11C-61646716716B}"= TCP:c:\windows\System32\taskeng.exe:taskeng

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sat Jun 13, 2009 9:57 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/06/2009 09:56 64160]
S2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};c:\program files\Acer\Acer Arcade\000.fcl [18/02/2006 22:30 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [18/02/2006 23:11 50688]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/06/2009 12:43 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1005904]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/11/2007 08:22 131200]
S3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [12/03/2009 20:12 23096]
S3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [12/03/2009 20:12 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{568CCD67-AA67-4F96-B113-EB3A9D0CB3C4}.job
- c:\windows\system32\msfeedssync.exe [2008-08-29 10:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Vytas\AppData\Roaming\Mozilla\Firefox\Profiles\2w0v2hf2.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Vytas\AppData\Roaming\Mozilla\Firefox\Profiles\2w0v2hf2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: c:\videolan\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 22:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}]
"ImagePath"="\??\c:\program files\Acer\Acer Arcade\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,49,ec,56,32,10,1f,4f,80,3d,90,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,49,ec,56,32,10,1f,4f,80,3d,90,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-13 22:54
ComboFix-quarantined-files.txt 2009-06-13 21:54
ComboFix2.txt 2009-06-13 21:30
ComboFix3.txt 2009-06-13 20:10

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 5,854,154,752 bytes free

274 --- E O F --- 2009-02-13 03:03

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Belahzur on Sat Jun 13, 2009 10:23 pm

Hello.
Delete this file in bold:
c:\windows\system32\x2.dat

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sun Jun 14, 2009 7:35 am

Did what you've said and switched to normal mode. It seems fine. I have just downloaded and now running Spybot-S&D scan. So am I clean now? Big and warm thank you, Belahzur!!!!

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by vyt4as on Sun Jun 14, 2009 8:03 am

Damn... Avira AntiVir found C:\Windows\System32\fiyifine.dll.tmp (virus TR/Vundo.Gen). It is one of the files that was found by Avira AntiVir when problems with System Security started. I don't get those pop-ups and I can open any application, but it seems that something is still left. However, I think antivirus programs has deleted fiyifine.dll.tmp (which couldn't be done before your treatment), since no more warnings come up from AntiVir - before you helped they came out every second. Any ideas? How can I be sure that there is no bugs left?

vyt4as
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-06-13
OS : Vista

View user profile

Back to top Go down

Re: How to remove System Security on Vista

Post by Belahzur on Sun Jun 14, 2009 12:17 pm

Probably a leftover, just delete it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum