 GOT BIT BY "Personal Guard 2009" and NOTHING works, I cant even start in safe mode |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
  Sep 19 2009, 12:25 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514  |
|
 |
 
|
|
Sep 19 2009, 08:56 PM
Post
#2
|
|
 Computer Masochist Group: Moderator Posts: 26,659 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
We Need to check for Rootkits with RootRepeal
---------------------------------- Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High -------------------- Mark
 why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
on your desktop.
tab.
button.
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.|
Sep 20 2009, 11:47 AM
Post
#3
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
I get
"application cannot be executed. The file tatertot.scr.exe is infected. please activate your antivirus software" and nothing happens. |
|
|
|
|
Sep 20 2009, 05:28 PM
Post
#4
|
|
|
Computer Masochist Group: Moderator Posts: 26,659 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
1. Download Win32kDiag from any of the following locations and save it to your Desktop http://ad13.geekstogo.com/Win32kDiag.exe http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe 2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish. 3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. 4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic. -------------------- Mark
why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
|
Sep 21 2009, 09:00 AM
Post
#5
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
It wont work , It's not allowing me to run anything. anything i click on I get a popup telling me it's infected and can't be executed. NOTHING works , that's the problem it's not allowing me to run any programs so nothing i downloaded works. do you know of anyone else that has this issue , I'd like to see how they fixed it. I've had other problems and malware before and I've always been able to fix them myself using standard measures. This thing though is a completely different animal , that's why I'm here to talk to the experts because I'm stumped.
|
|
|
|
|
Sep 21 2009, 03:20 PM
Post
#6
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
Does anyone know anything more about this? , It just installed "Total Security" on my machine as well. I'm about to throw this friggin thing out of the window and into the pool
|
|
|
|
|
Sep 21 2009, 03:26 PM
Post
#7
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
OK , now it restarts my machine by itself. and I'm getting popups about every 45 seconds now.
|
|
|
|
|
Sep 21 2009, 04:06 PM
Post
#8
|
|
|
Computer Masochist Group: Moderator Posts: 26,659 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
Go to  > Run..., then copy and paste this command into the open box: cmdClick OK. At the command prompt C:\>, copy and paste the following command and press Enter: DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt A file called log.txt should be created on your Desktop. Open that file and copy/paste the contents in your next reply. -------------------- Mark
why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
|
Sep 21 2009, 04:32 PM
Post
#9
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
Running from: C:\Documents and Settings\Lamont\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Lamont\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... |
|
|
|
|
Sep 21 2009, 04:34 PM
Post
#10
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
Volume in drive C has no label.
Volume Serial Number is 884C-CEF7 Directory of C:\WINDOWS\$NtUninstallKB968389$ 08/04/2004 06:00 AM 407,040 netlogon.dll 1 File(s) 407,040 bytes Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e 04/13/2008 08:12 PM 181,248 scecli.dll Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e 04/13/2008 08:12 PM 407,040 netlogon.dll Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e 04/13/2008 08:11 PM 56,320 eventlog.dll 3 File(s) 644,608 bytes Directory of C:\WINDOWS\system32 08/04/2004 06:00 AM 180,224 scecli.dll Directory of C:\WINDOWS\system32 02/06/2009 02:46 PM 408,064 netlogon.dll Directory of C:\WINDOWS\system32 08/04/2004 06:00 AM 55,808 eventlog.dll 3 File(s) 644,096 bytes Directory of C:\WINDOWS\system32\dllcache 02/06/2009 02:46 PM 408,064 netlogon.dll 1 File(s) 408,064 bytes Total Files Listed: 8 File(s) 2,103,808 bytes 0 Dir(s) 52,238,012,416 bytes free |
|
|
|
|
Sep 21 2009, 04:49 PM
Post
#11
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 5:44:27 PM, on 9/21/2009 Platform: Windows XP (WinNT 5.1) MSIE: Internet Explorer v8.0 (8.0.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Lamont\Desktop\tatertot.scr.exe O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Run: [16213594] C:\Documents and Settings\All Users\Application Data\16213594\16213594.exe O4 - HKLM\..\Run: [vihuwojap] Rundll32.exe "c:\windows\system32\buyinuni.dll",a O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe |
|
|
|
|
Sep 21 2009, 05:38 PM
Post
#12
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
ROOTREPEAL © AD, 2007-2009
================================================== Scan Start Time: 2009/09/21 18:33 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Processes ------------------- Path: System PID: 4 Status: - Path: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe PID: 216 Status: - Path: C:\WINDOWS\system32\ctfmon.exe PID: 240 Status: - Path: C:\Program Files\Java\jre6\bin\jqs.exe PID: 408 Status: - Path: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PID: 452 Status: - Path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PID: 592 Status: - Path: C:\WINDOWS\system32\csrss.exe PID: 624 Status: - Path: C:\WINDOWS\system32\winlogon.exe PID: 648 Status: - Path: C:\WINDOWS\system32\services.exe PID: 696 Status: - Path: C:\WINDOWS\system32\lsass.exe PID: 708 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 892 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 976 Status: - Path: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PID: 1040 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 1072 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 1124 Status: - Path: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe PID: 1156 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 1220 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 1308 Status: - Path: C:\WINDOWS\system32\wdfmgr.exe PID: 1320 Status: - Path: C:\WINDOWS\system32\spoolsv.exe PID: 1464 Status: - Path: C:\Program Files\Internet Explorer\iexplore.exe PID: 1588 Status: - Path: C:\WINDOWS\explorer.exe PID: 1708 Status: - Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe PID: 1816 Status: - Path: C:\WINDOWS\system32\svchost.exe PID: 1960 Status: - Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PID: 2572 Status: - Path: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe PID: 2876 Status: - Path: C:\Documents and Settings\Lamont\Desktop\tatertot.scr.exe PID: 2904 Status: - Path: C:\WINDOWS\system32\alg.exe PID: 2960 Status: - Path: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe PID: 3296 Status: - Path: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PID: 3920 Status: - Path: C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PID: 3936 Status: - Path: C:\Program Files\Internet Explorer\iexplore.exe PID: 4008 Status: - |
|
|
|
|
Sep 21 2009, 08:03 PM
Post
#13
|
|
|
Computer Masochist Group: Moderator Posts: 26,659 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
Now that you were successful in creating some logs you need to post them in our HJT forum:
http://www.bleepingcomputer.com/forums/forum22.htere Give a brief description and tell them that these logs was all you could get to run successfully The HJT team is extremely busy, so be patient and good luck -------------------- Mark
why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
|
Sep 22 2009, 06:24 AM
Post
#14
|
|
|
New Member Group: Members Posts: 13 Joined: 18-September 09 Member No.: 379,514 |
Sounds good , Thank You
|
|
|
|
|
Sep 22 2009, 10:23 PM
Post
#15
|
|
 OBleepin Investigator Group: Moderator Posts: 19,717 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150 |
Hello,
Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic259431.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean. Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable. To avoid confusion, I am closing this topic. Good luck with your log. Orange Blossom 
-------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 10:34 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.