Total security locked me out .

View previous topic View next topic Go down

Total security locked me out .

Post by makotochan on Wed Sep 30, 2009 10:06 pm

this is my HJT Log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:10 PM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RapidBIT\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Makotochan\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AOL Radio Toolbar Search Class - {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4e29a0f5-2828-4bc1-bcbf-b2b29247b742} - viveveno.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [5761736127] C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [Install] C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.bat (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Install] C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.bat (User 'Default user')
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: bayunivu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6322 bytes

any help is appreciated ...

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by Belahzur on Wed Sep 30, 2009 10:14 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {4e29a0f5-2828-4bc1-bcbf-b2b29247b742} - viveveno.dll (file missing)
    O4 - HKLM\..\Run: [5761736127] C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.exe
    O4 - HKUS\S-1-5-18\..\Run: [Install] C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.bat (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Install] C:\WINDOWS\system32\config\systemprofile\Application Data\5761736127\5761736127.bat (User 'Default user')
    O20 - AppInit_DLLs: bayunivu.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Wed Sep 30, 2009 10:28 pm

here is the log from malwarebytes


Malwarebytes' Anti-Malware 1.41
Database version: 2878
Windows 5.1.2600 Service Pack 3

9/30/2009 6:27:55 PM
mbam-log-2009-09-30 (18-27-55).txt

Scan type: Quick Scan
Objects scanned: 93140
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Security Tool (Rogue.SecurityTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\16262964 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dutimode.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guvumuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hevayubi(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sanefaju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waremilo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lalolezi.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vavefowi(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\urwjmll.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\qkylatqdtqfmf.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16262964\16262964 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16262964\pc16262964ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Makotochan\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Sun Oct 04, 2009 5:07 am

"bump"

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by Belahzur on Sun Oct 04, 2009 2:41 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Sun Oct 04, 2009 3:24 pm

here is the dds.txt


DDS (Ver_09-09-29.01) - NTFSx86
Run by Makotochan at 11:22:37.25 on Sun 10/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

============== Pseudo HJT Report ===============

uURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SpybotSD TeaTimer] c:\spybot - search & destroy\TeaTimer.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: &AOL Radio Toolbar Search - c:\documents and settings\all users\application data\aol radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: bayunivu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli giwovumo.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-30 20:16 --d----- C:\Spybot - Search & Destroy
2009-09-30 18:21 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 18:21 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 17:51 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-30 17:26 --d-h--- c:\windows\PIF
2009-09-30 17:11 a-dshr-- C:\cmdcons
2009-09-30 17:10 229,888 a------- c:\windows\PEV.exe
2009-09-30 17:10 161,792 a------- c:\windows\SWREG.exe
2009-09-30 17:10 98,816 a------- c:\windows\sed.exe
2009-09-30 16:24 91,136 ---sh--- c:\windows\system32\dezubebo.dll
2009-09-30 16:21 91,136 a------- c:\windows\system32\gafemawe.dll
2009-09-29 18:54 --dsh--- c:\documents and settings\makotochan\IECompatCache
2009-09-29 18:36 --d----- c:\docume~1\makoto~1\applic~1\Malwarebytes
2009-09-29 18:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 18:36 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-29 18:22 --d----- c:\docume~1\alluse~1\applic~1\fs11626254
2009-09-29 18:21 --d----- c:\windows\LastGood(2)
2009-09-28 22:05 150 a------- c:\windows\wininit.ini
2009-09-28 20:19 --d----- c:\program files\Spybot - Search & Destroy
2009-09-28 20:19 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-28 19:55 --d----- c:\program files\Enigma Software Group
2009-09-27 19:23 --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-27 14:52 --d----- c:\windows\tepie
2009-09-23 21:30 --d----- c:\program files\SHOUTcast Source
2009-09-23 21:30 --d----- c:\program files\MONOGRAM AMR SplitterDecoder
2009-09-23 21:30 --d----- c:\program files\CD Audio Reader Filter
2009-09-23 21:30 --d----- c:\program files\OpenSource DTSAC3DD+ Source Filter
2009-09-23 21:30 --d----- c:\program files\RealMedia
2009-09-23 21:30 --d----- c:\program files\DScaler5
2009-09-23 21:30 497,664 a------- c:\windows\system32\ac3filter.acm
2009-09-23 21:30 --d----- c:\program files\AC3Filter
2009-09-23 21:29 --d----- c:\program files\OpenSource Flash Video Splitter
2009-09-23 21:29 --d----- c:\program files\DirectVobSub
2009-09-23 21:29 --d----- c:\program files\Haali
2009-09-23 21:29 --d----- c:\program files\DSP-worx
2009-09-23 21:29 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-09-23 21:29 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-09-23 21:29 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-09-23 21:29 --d----- c:\program files\ffdshow
2009-09-23 21:28 --d----- c:\program files\Zoom Player
2009-09-23 21:28 --d----- c:\docume~1\alluse~1\applic~1\Zoom Player
2009-09-19 10:28 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-09-19 10:28 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-09-19 10:28 60,416 a------- c:\windows\ALCFDRTM.VER
2009-09-19 10:28 60,416 a------- c:\windows\ALCFDRTM.EXE
2009-09-19 10:28 --d----- c:\windows\system32\Lang
2009-09-18 06:39 --d----- c:\windows\system32\appmgmt
2009-09-15 03:19 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-09-14 19:00 --d----- c:\program files\coverXP
2009-09-14 18:55 --d----- c:\program files\Dl_cats
2009-09-14 18:55 40,960 a------- c:\windows\system32\dlcxvs.dll
2009-09-14 18:54 --d----- c:\program files\Dell
2009-09-14 18:54 --d----- c:\program files\Dell Photo AIO Printer 926
2009-09-14 18:53 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-09-14 18:53 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-09-14 18:53 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-09-14 18:53 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-14 18:47 --d----- C:\dell
2009-09-14 17:38 --d----- c:\windows\system32\XPSViewer
2009-09-14 17:37 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-14 17:37 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-14 17:37 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-14 17:37 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-14 17:37 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-14 17:37 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-14 17:37 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-14 17:37 --d----- C:\1fa588c7cdf701e1859d75a2c963961d
2009-09-13 22:45 --d----- c:\program files\RapidBIT
2009-09-13 17:00 --d----- c:\program files\Microsoft Games
2009-09-13 15:10 --d----- c:\program files\PCPitstop
2009-09-12 15:17 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-09 07:33 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-05 10:07 --d----- c:\program files\MSXML 4.0
2009-09-04 19:17 --d----- c:\docume~1\makoto~1\applic~1\DVDFab
2009-09-04 19:05 --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-09-04 18:38 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-09-04 18:38 47,360 a------- c:\docume~1\makoto~1\applic~1\pcouffin.sys
2009-09-04 18:37 --d----- c:\program files\DVD Shrink
2009-09-04 18:35 --d----- c:\program files\Nero
2009-09-04 18:34 --d----- c:\docume~1\alluse~1\applic~1\Nero

==================== Find3M ====================

2009-09-29 18:31 90,112 a------- c:\windows\DUMP2318.tmp
2009-09-29 18:29 90,112 a------- c:\windows\DUMP8b48.tmp
2009-09-29 18:27 90,112 a------- c:\windows\DUMP8bf4.tmp
2009-09-29 18:26 90,112 a------- c:\windows\DUMP8df7.tmp
2009-09-29 17:11 90,112 a------- c:\windows\DUMP9819.tmp
2009-09-29 17:08 90,112 a------- c:\windows\DUMP8d0d.tmp
2009-09-29 17:05 90,112 a------- c:\windows\DUMP9078.tmp
2009-09-29 17:02 90,112 a------- c:\windows\DUMP8d3c.tmp
2009-09-29 16:59 90,112 a------- c:\windows\DUMP8d5b.tmp
2009-09-29 16:56 90,112 a------- c:\windows\DUMP8c23.tmp
2009-09-29 16:54 90,112 a------- c:\windows\DUMP85e9.tmp
2009-09-29 16:51 90,112 a------- c:\windows\DUMP90f5.tmp
2009-09-29 16:48 90,112 a------- c:\windows\DUMP8f7e.tmp
2009-09-29 16:45 90,112 a------- c:\windows\DUMP8fdc.tmp
2009-09-29 15:50 91,136 a--sh--- c:\windows\system32\ruziveki(2).dll
2009-09-01 21:22 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-01 21:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-31 16:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-30 23:07 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-30 23:07 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-30 23:07 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-30 18:04 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll

============= FINISH: 11:23:12.28 ===============

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by Belahzur on Sun Oct 04, 2009 3:39 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\dezubebo.dll
    c:\windows\system32\gafemawe.dll
    c:\docume~1\alluse~1\applic~1\fs11626254
    c:\windows\DUMP*.tmp
    c:\windows\system32\ruziveki(2).dll

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Sun Oct 04, 2009 4:06 pm

here is the OTMoveIt Log :

========== FILES ==========
LoadLibrary failed for c:\windows\system32\dezubebo.dll
c:\windows\system32\dezubebo.dll NOT unregistered.
c:\windows\system32\dezubebo.dll moved successfully.
LoadLibrary failed for c:\windows\system32\gafemawe.dll
c:\windows\system32\gafemawe.dll NOT unregistered.
c:\windows\system32\gafemawe.dll moved successfully.
c:\docume~1\alluse~1\applic~1\fs11626254 moved successfully.
c:\windows\DUMP2318.tmp moved successfully.
c:\windows\DUMP85e9.tmp moved successfully.
c:\windows\DUMP8b48.tmp moved successfully.
c:\windows\DUMP8bf4.tmp moved successfully.
c:\windows\DUMP8c23.tmp moved successfully.
c:\windows\DUMP8d0d.tmp moved successfully.
c:\windows\DUMP8d3c.tmp moved successfully.
c:\windows\DUMP8d5b.tmp moved successfully.
c:\windows\DUMP8df7.tmp moved successfully.
c:\windows\DUMP8f7e.tmp moved successfully.
c:\windows\DUMP8fdc.tmp moved successfully.
c:\windows\DUMP9078.tmp moved successfully.
c:\windows\DUMP90f5.tmp moved successfully.
c:\windows\DUMP9819.tmp moved successfully.
LoadLibrary failed for c:\windows\system32\ruziveki(2).dll
c:\windows\system32\ruziveki(2).dll NOT unregistered.
c:\windows\system32\ruziveki(2).dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTM by OldTimer - Version 3.0.0.6 log created on 10042009_120457

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by Belahzur on Sun Oct 04, 2009 10:49 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Mon Oct 05, 2009 4:05 am

seems ok but my avg free has no components and windows says my computer may be at risk ... tried to repair the installation and got error report :


Local machine: installation failed
Initialization:
Warning: Checking of state of the item file avgcsrvx.exe failed.
File opening failed. %FILE% = ""
Error 0xe001042c
Installation:
Error: Action failed for file avgcsrvx.exe: creating file....
Error 0xe001042c
Warning: Action failed for file avgcsrvx.exe: creating backup....
Error 0x80070005 %DESTINATION% = "C:\Program Files\AVG\AVG8\avgcsrvx.exe.install_backup", %SOURCE% = "C:\Program Files\AVG\AVG8\avgcsrvx.exe"
Rollback:
Error: Action failed for file avgcsrvx.exe: restoring from backup....
Error 0x80070002 %DESTINATION% = "C:\Program Files\AVG\AVG8\avgcsrvx.exe", %SOURCE% = "C:\Program Files\AVG\AVG8\avgcsrvx.exe.install_backup"

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by Belahzur on Mon Oct 05, 2009 5:01 pm

Hello.
I don't like AVG to start with, lets switch you over to another AV instead.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Mon Oct 05, 2009 8:07 pm

here is the uninstall list :

AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Advertising Center
AOL Radio Toolbar
AVG Free 8.5
CD Audio Reader Filter (remove only)
ClassicProŠ v1.13
coverXP (remove only)
Data Lifeguard Tools
DC-Bass Source 1.1.1
Dell Photo AIO Printer 926
DirectVobSub (remove only)
DScaler 5 Mpeg Decoders
DVD Shrink 3.2
DVDFab 6.0.4.0 (28/07/2009)
ffdshow [rev 2527] [2008-12-19]
Guild Wars
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ImgBurn
Java(TM) 6 Update 16
Malwarebytes' Anti-Malware
MaxBlast 3
MechWarrior 4 Mercenaries
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox (2.0.0.20)
Mozilla Thunderbird (2.0.0.23)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NETGEAR GA311 Smart Wizard Utility
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PC Connectivity Solution
RealMedia (remove only)
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SHOUTcast Source (remove only)
SiSoftware Sandra Professional Business 2009.SP3c
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XTeme-G 185.81 XP 32
Zoom Player (remove only)

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total security locked me out .

Post by Belahzur on Mon Oct 05, 2009 10:28 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    AVG Free 8.5

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total security locked me out .

Post by makotochan on Wed Oct 07, 2009 1:04 am

Everything seems to be working fine. The antivir didn't find anything... Thanks a lot I appreciate all the help Bow or Thanks

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26826
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum