Antivirus 2009 has completely taken over my computer.

View previous topic View next topic Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 12:46 am

oh I got it, sorry I am pretty rumdum right now LOL :hmm:

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 12:50 am

OK done that

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 12:50 am

Okay.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\jjycdffd.ini
    C:\WINDOWS\system32\pxdylkbo.dll
    C:\WINDOWS\msdownld.tmp
    C:\WINDOWS\system32\kvgkyjyv.ini
    C:\WINDOWS\system32\yhkjhsid.dll
    C:\WINDOWS\system32\otovhkfp.ini
    C:\WINDOWS\system32\jovhieih.dll
    C:\WINDOWS\system32\avtdcvvy.dll
    C:\WINDOWS\system32\iyqdvbie.dll
    C:\WINDOWS\system32\wwctjbih.ini
    C:\WINDOWS\system32\fxrakxqo.ini
    C:\WINDOWS\system32\bb791cf7-.txt
    C:\WINDOWS\system32\TtCbKkkj.ini2
    C:\WINDOWS\system32\TtCbKkkj.ini
    C:\WINDOWS\system32\vuzejofu.dll

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 12:59 am

DllUnregisterServer procedure not found in C:\WINDOWS\system32\pxdylkbo.dll
C:\WINDOWS\system32\pxdylkbo.dll NOT unregistered.
C:\WINDOWS\system32\pxdylkbo.dll moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\system32\kvgkyjyv.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yhkjhsid.dll
C:\WINDOWS\system32\yhkjhsid.dll NOT unregistered.
C:\WINDOWS\system32\yhkjhsid.dll moved successfully.
C:\WINDOWS\system32\otovhkfp.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jovhieih.dll
C:\WINDOWS\system32\jovhieih.dll NOT unregistered.
C:\WINDOWS\system32\jovhieih.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\avtdcvvy.dll
C:\WINDOWS\system32\avtdcvvy.dll NOT unregistered.
C:\WINDOWS\system32\avtdcvvy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iyqdvbie.dll
C:\WINDOWS\system32\iyqdvbie.dll NOT unregistered.
C:\WINDOWS\system32\iyqdvbie.dll moved successfully.
C:\WINDOWS\system32\wwctjbih.ini moved successfully.
C:\WINDOWS\system32\fxrakxqo.ini moved successfully.
C:\WINDOWS\system32\bb791cf7-.txt moved successfully.
C:\WINDOWS\system32\TtCbKkkj.ini2 moved successfully.
C:\WINDOWS\system32\TtCbKkkj.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vuzejofu.dll
C:\WINDOWS\system32\vuzejofu.dll NOT unregistered.
C:\WINDOWS\system32\vuzejofu.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_660.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7BFA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12282008_185843

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 1:00 am

Hello.
What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 1:05 am

The only one i can see right now is when I open IE all of the pictures are little white boxes with red and blue shapes just like before

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 1:09 am

Lets see if it's just a cache problem.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 1:12 am

Done that and it is still like that

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 1:26 am

Hmmm.
Press Start > Run
type in: cmd
Press enter.

Type in:
ipconfig /release <== note the space between the g and /
Press enter. (your net connection will break, only for a brief second)
Type in:
ipconfig /renew<== note the space between the g and /
Press enter.
Type in:
ipconfig /flushdns<== note the space between the g and /


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 1:28 am

I am Installing Avira right now, can I do both at one time?

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 1:31 am

No.
Install Avira first, then do the cmd commands.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 1:50 am

OK did the cmd commands and the pictures sre still white boxes with red and blue shapes

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 1:58 am

Hmmm.
Press ctrl + F5 while browsing, see if that works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 2:03 am

NO it didn't help

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 2:13 am

I am running the Avira scan now and it has found 5 detections and 1 warning already, maybe this will fix the problem. If not I will let you know.

I do want to thank you for all of your help
Thank You!
Will love ya forever!!!!!!

The scan is 65% right now

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Lady_Vi on Mon Dec 29, 2008 2:28 am

OK scan finished
Avira AntiVir Personal
Report file date: 28 December 2008 19:52

Scanning for 1128441 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DEFAULT

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 15:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 01:40:00
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 01:40:01
ANTIVIR3.VDF : 7.1.1.42 151552 Bytes 28/12/2008 01:40:08
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 17:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 29/12/2008 01:40:56
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 22:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 20:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 16:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 29/12/2008 01:40:51
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 29/12/2008 01:40:46
AEHELP.DLL : 8.1.2.0 119159 Bytes 29/12/2008 01:40:21
AEGEN.DLL : 8.1.1.8 323956 Bytes 29/12/2008 01:40:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 17:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 29/12/2008 01:40:12
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 19:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 28 December 2008 19:52

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'Playlist.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'RegistryRepairPro.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'BJMYPRT.EXE' - '1' Module(s) have been scanned
Scan process 'eBayTBDaemon.exe' - '1' Module(s) have been scanned
Scan process 'DevDetect.exe' - '1' Module(s) have been scanned
Scan process 'Hpi_monitor.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'RxMon.exe' - '1' Module(s) have been scanned
Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '63' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\My Documents\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Agent.OMZ.Fix.exe
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '49c12e43.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5745425-like jonny and june.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '498d2e11.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5745425-Steve Earle - Copperhead road.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '498d2e18.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Creedence Clearwater Revival - Up around the Bend.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49bd2e9d.qua'!
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\muddy water trace atkins.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49bc2ec8.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\avtdcvvy.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49cc35ef.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\iyqdvbie.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c935f6.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\jovhieih.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49ce35f0.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\pxdylkbo.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49bc35ff.qua'!
C:\_OTMoveIt\MovedFiles\12282008_185843\WINDOWS\system32\yhkjhsid.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c335f3.qua'!


End of the scan: 28 December 2008 20:27
Used time: 35:22 Minute(s)

The scan has been done completely.

5707 Scanning directories
305667 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
305656 Files not concerned
7866 Archives were scanned
1 Warnings
10 Notes

Lady_Vi
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2008-12-28
OS : windows xp Pro

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Belahzur on Mon Dec 29, 2008 12:57 pm

Okay.
Your problem seems to be limewire.
The music files you downloaded were infected, so to prevent it happening again, please uninstall Limewire.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Limewire


Delete this folder:
C:\_OTMoveIt

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus 2009 has completely taken over my computer.

Post by Doctor Inferno on Sat Feb 14, 2009 3:58 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum