Antivirus 2009 has completely taken over my computer.

View previous topic View next topic Go down

Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 7:57 pm

My computer has been taken over and I cannot run any real antivirus scans. Sometimes IE will not open and when it does it never take you to the adress you type in. Everything i try do to it takes over and does wierd stuff. System restore has been turn off and I cannot turn it back on. Registry editing has been disabled. I need help please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:42 PM, on 12/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winloggn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5XX24LI0\hijackgpthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcBQJbY.dll
O2 - BHO: (no name) - {99829BB4-6EED-4BE8-9365-9E0077D6162B} - C:\WINDOWS\system32\jkkKbCtT.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {AC89739A-09F7-4DE6-B214-30838D557610} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [559178071] "C:\Documents and Settings\All Users\Application Data\25626139\559178071.exe"
O4 - HKLM\..\Run: [b05ad889] rundll32.exe "C:\WINDOWS\system32\dffdcyjj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: eBay Search - [You must be registered and logged in to see this link.] Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: PackageCab - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: fuxdih.dll zzaccl.dll gwhipb.dll, gzhify.dll dcdndg.dll xwtypu.dll fteaxo.dll
O20 - Winlogon Notify: ddcBQJbY - C:\WINDOWS\SYSTEM32\ddcBQJbY.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

--
End of file - 11440 bytes

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 9:20 pm

Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcBQJbY.dll
    O2 - BHO: (no name) - {99829BB4-6EED-4BE8-9365-9E0077D6162B} - C:\WINDOWS\system32\jkkKbCtT.dll
    O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
    O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {AC89739A-09F7-4DE6-B214-30838D557610} - (no file)
    O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winloggn.exe
    O4 - HKLM\..\Run: [559178071] "C:\Documents and Settings\All Users\Application Data\25626139\559178071.exe"
    O4 - HKLM\..\Run: [b05ad889] rundll32.exe "C:\WINDOWS\system32\dffdcyjj.dll",b
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winloggn.exe
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe
    O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
    O20 - AppInit_DLLs: fuxdih.dll zzaccl.dll gwhipb.dll, gzhify.dll dcdndg.dll xwtypu.dll fteaxo.dll
    O20 - Winlogon Notify: ddcBQJbY - C:\WINDOWS\SYSTEM32\ddcBQJbY.dll
    O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll


  • Press "Fix Checked"
  • Close Hijack This.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 10:10 pm

Ok I did the hijackthis thing and after I pressed fix checked I got 6 error messages stacked up together that all said Registry editing has been disabled by your administrator.

When I try to go to download Malwarebytes I get redirected and/or IE cannot display the webpage

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 10:15 pm

Hello.


  • Now open a new notepad file.
  • Input this into the notepad file:

    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Add.Settings

    [Add.Settings]
    HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000000

  • Save this as fixreg.inf, save it to your desktop.
  • Right click fixreg.inf and select install.


Registry editing is now enabled again, do the Hijack This fixed again.
See if it will allow you to get MBAM, if not we'll use something else to take out what we can see and that should halt the re-directs for the time being.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 10:33 pm

Hi,

Installed fixreg.inf but now it would let me do hijack again. It says it is already running but it isn't. and still will not let me go to MBAM

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 10:40 pm

Do you know how to open the Task Manager?
If so, open it and locate Hijack This and end the process.

If not, here's how.
Right click anywhere on the task bar > Open "Task Manager"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 10:43 pm

It Is not running in the task manager

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 10:47 pm

Okay.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\ddcBQJbY.dll
C:\WINDOWS\system32\jkkKbCtT.dll
C:\WINDOWS\system32\tyshb36rfjdf.dll
C:\WINDOWS\system32\dffdcyjj.dll
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\fuxdih.dll
C:\WINDOWS\system32\zzaccl.dll
C:\WINDOWS\system32\gwhipb.dll
C:\WINDOWS\system32\gzhify.dll
C:\WINDOWS\system32\dcdndg.dll
C:\WINDOWS\system32\xwtypu.dll
C:\WINDOWS\system32\fteaxo.dll

Folders to delete:
C:\Documents and Settings\All Users\Application Data\25626139
C:\Documents and Settings\Administrator\Application Data\gadcom
C:\Documents and Settings\Administrator\Application Data\Twain

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 10:51 pm

It Won't let me, says Internet Explorer cannot display the webpage

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 10:57 pm

tdss rootkit. Annoyed or Unimpress

Have uploaded the avenger here:
[You must be registered and logged in to see this link.]

Download from there and follow my instructions carefully.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 11:10 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqlt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\WINDOWS\system32\ddcBQJbY.dll" deleted successfully.
File "C:\WINDOWS\system32\jkkKbCtT.dll" deleted successfully.
File "C:\WINDOWS\system32\tyshb36rfjdf.dll" deleted successfully.
File "C:\WINDOWS\system32\dffdcyjj.dll" deleted successfully.
File "C:\WINDOWS\system32\prunnet.exe" deleted successfully.
File "C:\WINDOWS\system32\fuxdih.dll" deleted successfully.
File "C:\WINDOWS\system32\zzaccl.dll" deleted successfully.
File "C:\WINDOWS\system32\gwhipb.dll" deleted successfully.
File "C:\WINDOWS\system32\gzhify.dll" deleted successfully.
File "C:\WINDOWS\system32\dcdndg.dll" deleted successfully.
File "C:\WINDOWS\system32\xwtypu.dll" deleted successfully.
File "C:\WINDOWS\system32\fteaxo.dll" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\25626139" deleted successfully.
Folder "C:\Documents and Settings\Administrator\Application Data\gadcom" deleted successfully.
Folder "C:\Documents and Settings\Administrator\Application Data\Twain" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 11:11 pm

That has disabled the rootkit now, you can access MBAM link.
Please run MBAM now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 11:31 pm

OK it let me download it and is now running the scan.
I really want to thank you for all of the time you are taking to help me.
Will let you know when the scan is finished but it has already found 45 infected objects in 3 minutes

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 11:34 pm

Scan is finished here is the log

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 2

12/28/2008 5:27:58 PM
mbam-log-2008-12-28 (17-27-58).txt

Scan type: Quick Scan
Objects scanned: 53047
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 46

Memory Processes Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\csrssc.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbqjby (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner\msbackup.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmncjbqhoi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmncjbqhoi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\__5.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkKAQG.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS3ec0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\__1.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\winloggn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\523004026.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\csrssc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\__3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\__4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS3ecf.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkbi.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShrxm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSvkql.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\ywqwt.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkhiiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lamujafi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtwsdijf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxygtcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoNffF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyueghyw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBQJbY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cufobpat.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapbofuc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyhgeuyv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 11:39 pm

Hello.
I bet the machine is feeling smoother already. Hooray!
One last lookaround.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 28th December 2008, 11:52 pm

It won't let me download it.

Says cannot rename ComboFix as ComboFix[1]
Please use another name, preferbaly made up of alphanumeric characters

I did not try to rename i just clicked on the download button

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 28th December 2008, 11:53 pm

Okay, lets use this.


  • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:05 am

This site tells me the posted message is too big

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 12:11 am

Okay, upload it to here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:23 am

OK, I think I got it uploaded

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 12:23 am

Paste the download link for it please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:26 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 12:36 am

Thanks.
First, execute this reg fix.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"="msv1_0"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "ForceClassicControlPanel"=-
    "NoFolderOptions"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Second, what AV are you running? because I don't see one.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

We will carry this on once you have an AV installed and done the reg fix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:41 am

Sorry I do not understand the
First execute this reg fix

I do not have any AV right now was going to ask your advise about a good one

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 12:45 am

Okay.
All that is in the quote box, copy and paste it into a notepad file.
Save the notepad as fix.reg
If you have done it right, it will look like this:


Then double click it, and you get a registry merge prompt, yes or no.
Press yes and another prompt appears saying it was merged with the registry.

Please install one of the AV's I posted [don't install AVG, AVG doesn't like this next tool we need to use]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:46 am

oh I got it, sorry I am pretty rumdum right now LOL :hmm:

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:50 am

OK done that

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 12:50 am

Okay.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\jjycdffd.ini
    C:\WINDOWS\system32\pxdylkbo.dll
    C:\WINDOWS\msdownld.tmp
    C:\WINDOWS\system32\kvgkyjyv.ini
    C:\WINDOWS\system32\yhkjhsid.dll
    C:\WINDOWS\system32\otovhkfp.ini
    C:\WINDOWS\system32\jovhieih.dll
    C:\WINDOWS\system32\avtdcvvy.dll
    C:\WINDOWS\system32\iyqdvbie.dll
    C:\WINDOWS\system32\wwctjbih.ini
    C:\WINDOWS\system32\fxrakxqo.ini
    C:\WINDOWS\system32\bb791cf7-.txt
    C:\WINDOWS\system32\TtCbKkkj.ini2
    C:\WINDOWS\system32\TtCbKkkj.ini
    C:\WINDOWS\system32\vuzejofu.dll

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 12:59 am

DllUnregisterServer procedure not found in C:\WINDOWS\system32\pxdylkbo.dll
C:\WINDOWS\system32\pxdylkbo.dll NOT unregistered.
C:\WINDOWS\system32\pxdylkbo.dll moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\system32\kvgkyjyv.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yhkjhsid.dll
C:\WINDOWS\system32\yhkjhsid.dll NOT unregistered.
C:\WINDOWS\system32\yhkjhsid.dll moved successfully.
C:\WINDOWS\system32\otovhkfp.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jovhieih.dll
C:\WINDOWS\system32\jovhieih.dll NOT unregistered.
C:\WINDOWS\system32\jovhieih.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\avtdcvvy.dll
C:\WINDOWS\system32\avtdcvvy.dll NOT unregistered.
C:\WINDOWS\system32\avtdcvvy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iyqdvbie.dll
C:\WINDOWS\system32\iyqdvbie.dll NOT unregistered.
C:\WINDOWS\system32\iyqdvbie.dll moved successfully.
C:\WINDOWS\system32\wwctjbih.ini moved successfully.
C:\WINDOWS\system32\fxrakxqo.ini moved successfully.
C:\WINDOWS\system32\bb791cf7-.txt moved successfully.
C:\WINDOWS\system32\TtCbKkkj.ini2 moved successfully.
C:\WINDOWS\system32\TtCbKkkj.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vuzejofu.dll
C:\WINDOWS\system32\vuzejofu.dll NOT unregistered.
C:\WINDOWS\system32\vuzejofu.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_660.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7BFA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12282008_185843

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 1:00 am

Hello.
What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 1:05 am

The only one i can see right now is when I open IE all of the pictures are little white boxes with red and blue shapes just like before

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 1:09 am

Lets see if it's just a cache problem.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 1:12 am

Done that and it is still like that

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 1:26 am

Hmmm.
Press Start > Run
type in: cmd
Press enter.

Type in:
ipconfig /release <== note the space between the g and /
Press enter. (your net connection will break, only for a brief second)
Type in:
ipconfig /renew<== note the space between the g and /
Press enter.
Type in:
ipconfig /flushdns<== note the space between the g and /


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 1:28 am

I am Installing Avira right now, can I do both at one time?

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 1:31 am

No.
Install Avira first, then do the cmd commands.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 1:50 am

OK did the cmd commands and the pictures sre still white boxes with red and blue shapes

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 1:58 am

Hmmm.
Press ctrl + F5 while browsing, see if that works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 2:03 am

NO it didn't help

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 2:13 am

I am running the Avira scan now and it has found 5 detections and 1 warning already, maybe this will fix the problem. If not I will let you know.

I do want to thank you for all of your help
Thank You!
Will love ya forever!!!!!!

The scan is 65% right now

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on 29th December 2008, 2:28 am

OK scan finished
Avira AntiVir Personal
Report file date: 28 December 2008 19:52

Scanning for 1128441 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DEFAULT

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 15:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 01:40:00
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 01:40:01
ANTIVIR3.VDF : 7.1.1.42 151552 Bytes 28/12/2008 01:40:08
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 17:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 29/12/2008 01:40:56
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 22:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 20:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 16:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 29/12/2008 01:40:51
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 29/12/2008 01:40:46
AEHELP.DLL : 8.1.2.0 119159 Bytes 29/12/2008 01:40:21
AEGEN.DLL : 8.1.1.8 323956 Bytes 29/12/2008 01:40:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 17:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 29/12/2008 01:40:12
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 19:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 28 December 2008 19:52

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'Playlist.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'RegistryRepairPro.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'BJMYPRT.EXE' - '1' Module(s) have been scanned
Scan process 'eBayTBDaemon.exe' - '1' Module(s) have been scanned
Scan process 'DevDetect.exe' - '1' Module(s) have been scanned
Scan process 'Hpi_monitor.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'RxMon.exe' - '1' Module(s) have been scanned
Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '63' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\My Documents\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Agent.OMZ.Fix.exe
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '49c12e43.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5745425-like jonny and june.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '498d2e11.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5745425-Steve Earle - Copperhead road.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '498d2e18.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Creedence Clearwater Revival - Up around the Bend.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49bd2e9d.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\muddy water trace atkins.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49bc2ec8.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\avtdcvvy.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49cc35ef.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\iyqdvbie.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c935f6.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\jovhieih.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49ce35f0.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\pxdylkbo.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49bc35ff.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\yhkjhsid.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c335f3.qua'!


End of the scan: 28 December 2008 20:27
Used time: 35:22 Minute(s)

The scan has been done completely.

5707 Scanning directories
305667 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
305656 Files not concerned
7866 Archives were scanned
1 Warnings
10 Notes

Lady_Vi
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-28
OS OS : windows xp Pro
Points Points : 29023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on 29th December 2008, 12:57 pm

Okay.
Your problem seems to be limewire.
The music files you downloaded were infected, so to prevent it happening again, please uninstall Limewire.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Limewire


Delete this folder:
C:\_OTMoveIt

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Doctor Inferno on 14th February 2009, 3:58 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum