Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Antivirus 2009 thread....


  • This topic is locked This topic is locked
5 replies to this topic

#1 callmerafer

callmerafer

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 06 January 2009 - 02:31 AM

Well basically it keeps reinstalling itself. I get constant pop ups on both mozilla and IE. I'm aware there are a couple threads on this problem already, but to avoid confusion and since everyone has different things installed, I figured it would be safe to make a new thread. Anyway, here is my hijack log. Any help will be greatly appreciated. Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 callmerafer

callmerafer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 06 January 2009 - 02:36 AM

Also here is my RSIT Info and log file

Attached Files

  • Attached File  info.txt   22.41KB   25 downloads
  • Attached File  log.txt   38.76KB   25 downloads


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 06 January 2009 - 11:40 AM

Please disable your antivirus, antimalware and firewall before proceed with our fix.. Please re-enable them back after performing all steps given..
Please VISIT HERE if you do not know how..

Please download Lop S&D by Eric_71 and save it to your Desktop.

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 callmerafer

callmerafer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 06 January 2009 - 12:21 PM

I disabled all the things needed according to what I have installed and reading that guide you posted. However, when I run Lop s&d.exe , it tells me to please wait, and then goes blank. No menu or options are given to me.

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 07 January 2009 - 01:23 AM

IMPORTANT!! Uninstall these programs first..

1. Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint Media Player



NEXT


Please download the HostsXpert by funkytoad.
  • Unzip HostsXpert to a convenient folder such as C:\HostsXpert
  • Double-click HostsXpert.exe to run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Ms Hosts File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {308D4986-172B-4743-BBC1-EB07FDA616B4} - (no file)
O2 - BHO: (no name) - {342f2dab-a721-4701-b2ee-a4f751130132} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {813408E2-F3EB-4EE5-B64D-EE2B04FA18BF} - C:\WINDOWS\system32\vtUkiIcA.dll (file missing)
O2 - BHO: (no name) - {9302da0b-e919-4924-9722-6244997cfc51} - (no file)
O2 - BHO: {dc7229dc-85db-954b-eaa4-43e3f72c90f9} - {9f09c27f-3e34-4aae-b459-bd58cd9227cd} - C:\WINDOWS\system32\dzmfkt.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B0A655F6-E5D6-46D8-AF90-8A0697B511EA} - (no file)
O2 - BHO: (no name) - {c9fe538b-e77e-4fa8-a2bc-e6918cee78bc} - C:\WINDOWS\system32\bopazeva.dll
O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O4 - HKLM\..\Run: [CPM47e8ce44] Rundll32.exe "c:\windows\system32\viridipe.dll",a
O4 - HKLM\..\Run: [rerobiwuwu] Rundll32.exe "C:\WINDOWS\system32\sofodore.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rerobiwuwu] Rundll32.exe "C:\WINDOWS\system32\sofodore.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rerobiwuwu] Rundll32.exe "C:\WINDOWS\system32\sofodore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: avgrsstx.dll dzmfkt.dll C:\WINDOWS\system32\fetezeme.dll c:\windows\system32\viridipe.dll
O20 - Winlogon Notify: khfFUNEX - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\viridipe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\viridipe.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)


    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\tasks\8005D89880664AC8.job
    C:\WINDOWS\tasks\dinucrob.job
    C:\WINDOWS\system32\vtUkiIcA.dll
    C:\WINDOWS\system32\dzmfkt.dll
    C:\WINDOWS\system32\bopazeva.dll
    c:\windows\system32\viridipe.dll
    C:\WINDOWS\system32\sofodore.dll
    C:\WINDOWS\system32\fetezeme.dll
    C:\WINDOWS\system32\bulikagu.dll
    C:\WINDOWS\system32\ybxsilbo.dll
    C:\WINDOWS\system32\4ff839a6-.txt
    
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "CPM47e8ce44"=-
    "rerobiwuwu"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rafer Burdick^Start Menu^Programs^Startup^MY_C4D.jpg]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 January 2009 - 03:16 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users