System Security 2009 stops everything im doing and won't remove

View previous topic View next topic Go down

System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 6:14 am

Hi I was burdened with this prgram "System Security 2009" and notice something funny with it so i tried removing it with add/remove programs, then after, i seen it was not gone i tried to restore my computer back to a earlier point but the restore wouldnt work. So I tried restarting my computer and then when it came back on nothing worked at all, I have tried downlaod the hijacks program and some other malware remover prgrams and they save onto the computer but wont open, and I get a message saying so and so file is infected and that it wont open. I use windows XP. So can u please help me remove this problem.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sat Jun 13, 2009 1:23 pm

Hello.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Then look in the left hand bottom of the program and press "Registry"
  4. When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  5. Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  6. Now look in the right side pane for two run values that are just random numbers.
  7. Once you have found the value(s), right click it and press "Delete"
  8. Okay the prompt and close IceSword.

Reboot the machine.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 5:45 pm

I tried downloading ice sword and it wont open, i manage to extract it to a folder on the desktop but that was it. After that it was blocked again, saying it was infected.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Origin on Sat Jun 13, 2009 5:46 pm

What about HijackThis? Did you manage to run it?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 6:02 pm

tried doing hijackthis and nit wouldnt run either.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Origin on Sat Jun 13, 2009 6:05 pm

Lets try to remove it in safe mode,


Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:




1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 6:52 pm

I'm doing that now, but i don't believe i have any anti virus programs on my computer, where it is old.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sat Jun 13, 2009 7:01 pm

Okay, just run Combofix as per Origins instructions anyway, skip the part about disabling the AV.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 7:04 pm

When i go to restart my computer and press F8 it brings to a boot menu with 4 options of network and a floppy drive and and 2 others that don't have anything to do with safe mode.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 7:07 pm

The options to be more precise, are to select a boot device, nothing with a safe mode option.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Origin on Sat Jun 13, 2009 7:38 pm

What type of computer do you have? E.g Dell, Gateway, HP, etc..


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 8:04 pm

Nevermind i got it work and ran combo fix, i am gonna post the info up here in a second for you.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 8:45 pm

ComboFix 09-06-13.02 - Ryan Fowler 06/13/2009 17:30.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.261 [GMT -3:00]
Running from: c:\documents and settings\Ryan Fowler\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 19:30 . 2009-06-13 19:30 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-12 18:46 . 2009-06-12 18:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-11 22:13 . 2009-06-11 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\program files\Google
2009-06-09 23:23 . 2009-06-09 23:23 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 22:37 . 2009-06-09 22:37 -------- d-----w- c:\windows\Sun
2009-06-09 12:01 . 2009-06-09 12:01 -------- d-sh--w- C:\FOUND.001
2009-06-06 07:46 . 2009-06-06 07:46 3701856 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Blitware\DriverRobot\updates\8659126fd6ff4db73e76b5252352132c\DriverRobot_Setup.exe
2009-06-05 02:25 . 2009-06-05 02:31 5 ----a-w- c:\windows\sbacknt.bin
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\vghd
2009-06-03 01:14 . 2009-06-03 01:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-02 22:27 . 2009-06-02 22:27 -------- d-----w- c:\documents and settings\All Users\AVP 2009
2009-05-27 01:12 . 2009-06-12 23:24 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 01:09 . 2009-05-21 14:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 01:06 . 2009-05-27 01:06 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 00:27 . 2008-04-14 08:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 00:17 . 2009-05-27 00:17 -------- d-----w- c:\program files\Java
2009-05-26 23:25 . 2009-05-26 23:25 -------- d-sh--r- C:\RESTORE
2009-05-26 00:55 . 2009-05-26 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\LogFiles
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-24 20:24 . 2009-05-24 20:24 -------- d-sh--w- C:\FOUND.000
2009-05-21 22:23 . 2009-05-21 22:23 -------- d-----w- c:\windows\system32\Adobe
2009-05-21 04:01 . 2009-05-21 04:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-05-21 03:58 . 2007-10-23 12:22 3350528 ---h--w- c:\documents and settings\Ryan Fowler\Application Data\U3\temp\Launchpad Removal.exe
2009-05-21 03:58 . 2009-05-21 03:58 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\U3
2009-05-21 03:50 . 2009-05-21 03:50 -------- d-----w- c:\windows\system32\NtmsData
2009-05-21 03:40 . 2008-04-14 08:40 102912 ------w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-21 03:36 . 2008-04-14 08:41 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2009-05-21 03:34 . 2008-04-14 01:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-05-21 03:34 . 2008-04-14 03:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-21 03:14 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-05-21 03:11 . 2009-05-21 03:11 -------- d--h--w- c:\windows\$hf_mig$
2009-05-21 02:35 . 2008-04-14 02:09 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-05-21 02:32 . 2007-08-10 23:46 26488 ------w- c:\windows\system32\spupdsvc.exe
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ServicePackFiles
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ehome
2009-05-21 02:05 . 2008-04-14 08:42 270848 ------w- c:\windows\system32\sbe.dll
2009-05-21 02:04 . 2008-04-14 08:42 20992 ----a-w- c:\windows\system32\fontview.exe
2009-05-21 01:54 . 2009-03-09 18:27 453456 ------w- c:\windows\system32\d3dx10_41.dll
2009-05-21 01:49 . 2009-05-21 01:49 -------- d-----w- c:\windows\Logs
2009-05-21 01:25 . 2009-05-21 01:25 -------- d-----w- c:\program files\Spiceworks
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Blitware
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\program files\Driver Robot
2009-05-21 00:04 . 2009-05-21 00:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google
2009-05-20 23:02 . 2008-04-14 03:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-05-20 23:02 . 2008-04-14 03:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-05-20 22:50 . 2009-05-20 22:50 -------- d-----w- c:\windows\system32\bits
2009-05-20 22:49 . 2008-04-14 08:42 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-05-20 22:49 . 2008-04-14 08:42 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-05-20 22:49 . 2008-04-14 08:41 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-05-20 22:49 . 2008-04-14 08:41 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-05-20 22:49 . 2008-04-14 02:09 438784 ------w- c:\windows\system32\xpob2res.dll
2009-05-20 22:30 . 2008-10-16 17:09 43544 ------w- c:\windows\system32\wups2.dll
2009-05-20 22:30 . 2008-10-16 17:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-20 22:30 . 2008-10-16 17:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-05-20 22:30 . 2008-10-16 17:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-20 22:06 . 2009-05-27 21:28 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-15 02:21 . 2009-05-15 02:22 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\NOS
2009-05-15 02:21 . 2009-05-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 8:46 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 20:06 . 2009-05-04 02:29 1428 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-21 21:05 . 2009-05-21 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-21 21:05 . 2009-05-21 04:01 18504 ----a-w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:04 . 2009-05-21 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-21 20:58 . 2009-05-21 20:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Microsoft
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 20:55 . 2009-05-21 20:55 -------- d-----w- c:\program files\Windows Live
2009-05-21 20:53 . 2009-05-21 20:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 03:45 . 2009-05-04 02:11 86327 ------w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-06 23:04 . 2009-05-06 23:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\FrostWire
2009-05-06 23:03 . 2009-05-06 23:03 -------- d-----w- c:\program files\Common Files\Java
2009-05-06 23:02 . 2009-05-06 23:02 -------- d-----w- c:\program files\FrostWire
2009-05-06 23:01 . 2009-05-06 23:01 -------- d-----w- c:\program files\AskBarDis
2009-05-04 03:08 . 2009-05-04 03:08 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\MSN6
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Symantec
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\RegTool
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\TouchStoneSoftware
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Microsoft Web Folders
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\QN74SR7K
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 02:12 . 2009-05-04 02:12 504832 ------w- c:\windows\system32\migicons.exe
2009-05-04 02:08 . 2009-05-04 02:08 21640 ------w- c:\windows\system32\emptyregdb.dat
2009-05-04 01:36 . 2009-05-04 01:36 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-04 00:41 . 2009-05-04 00:40 122 ------w- c:\windows\tmpdelis.bat
2009-05-04 00:15 . 2009-05-04 00:15 15120 ------w- c:\windows\system32\icfg95.dll
2009-05-03 23:51 . 2009-05-03 23:51 315424 ---h--r- c:\windows\HWINFO.DAT
2009-05-03 23:51 . 2008-10-17 03:09 11079 ---h--w- c:\program files\folder.htt
2009-05-03 23:39 . 2009-05-03 23:38 132418775 ---h--r- C:\W98UNDO.DAT
2009-04-30 21:57 . 2009-04-30 21:57 -------- d-----w- c:\program files\Mob Wars Toolbar
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-18 06:09 . 2009-04-18 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-03-16 17:18 . 2009-05-21 01:54 69448 ------w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 17:18 . 2009-05-21 01:54 517448 ------w- c:\windows\system32\XAudio2_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 235352 ------w- c:\windows\system32\xactengine3_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 22360 ------w- c:\windows\system32\X3DAudio1_6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 01:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 08:42 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-04-04 66840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"15268874"="c:\documents and settings\All Users\Application Data\15268874\15268874.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2008-10-18 221184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\Osa9.exe [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE c:\windows\SYSTEM32\TWEAKUI.CPL,TweakMeUp
"LoadQM"=loadqm.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/21/2009 6:04 PM 55152]
S2 gupdate1c9eae1d64e61d0;Google Update Service (gupdate1c9eae1d64e61d0);c:\program files\Google\Update\GoogleUpdate.exe [6/11/2009 7:13 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\SYMANTEC\LIVEUPDATE\NDETECT.EXE [2008-11-12 15:23]

2009-06-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.0.5.17\DriverRobot.exe [2009-05-21 20:59]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-789336058-1202660629-1003.job
- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 20:32]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 22:13]

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 22:11]
.
.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 8:46 pm

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SYSTEM\blank.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Internet Explorer Classes for Java - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Win32 Classes
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 17:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(372)
c:\windows\system32\COMRes.dll
.
Completion time: 2009-06-13 17:36
ComboFix-quarantined-files.txt 2009-06-13 20:36
ComboFix2.txt 2009-06-13 19:54

Pre-Run: 26,585,006,080 bytes free
Post-Run: 26,573,209,600 bytes free

211

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sat Jun 13, 2009 9:26 pm

Lets get an uninstall list.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 9:31 pm

here it is

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Ask Toolbar
Choice Guard
Driver Robot 1.0.6.0
FrostWire 4.18.0
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB954708)
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Security Update for Windows 98 (KB913433)
Security Update for Windows XP (KB958644)
Segoe UI
Spiceworks
True Internet Color
VIA Rhine-Family Fast-Ethernet Adapter
Westwood Shared Internet Components
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
Windows XP Uninstall
WinRAR archiver
WinZip

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sat Jun 13, 2009 9:36 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    FrostWire 4.18.0
    Java(TM) 6 Update 7

Now open a new notepad file.
Input this into the notepad file:

Folder::
C:\FOUND.000
C:\FOUND.001
c:\program files\FrostWire
c:\program files\AskBarDis

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"15268874"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 10:05 pm

Here is the log.

ComboFix 09-06-13.03 - Ryan Fowler 06/13/2009 18:48.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.252 [GMT -3:00]
Running from: c:\documents and settings\Ryan Fowler\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Ryan Fowler\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
C:\FOUND.001
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.001\FILE0000.CHK

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 19:30 . 2009-06-13 19:30 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-12 18:46 . 2009-06-12 18:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-11 22:13 . 2009-06-11 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\program files\Google
2009-06-09 23:23 . 2009-06-09 23:23 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 22:37 . 2009-06-09 22:37 -------- d-----w- c:\windows\Sun
2009-06-06 07:46 . 2009-06-06 07:46 3701856 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Blitware\DriverRobot\updates\8659126fd6ff4db73e76b5252352132c\DriverRobot_Setup.exe
2009-06-05 02:25 . 2009-06-05 02:31 5 ----a-w- c:\windows\sbacknt.bin
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\vghd
2009-06-03 01:14 . 2009-06-03 01:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-02 22:27 . 2009-06-02 22:27 -------- d-----w- c:\documents and settings\All Users\AVP 2009
2009-05-27 01:12 . 2009-06-12 23:24 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 01:09 . 2009-05-21 14:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 01:06 . 2009-05-27 01:06 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 00:27 . 2008-04-14 08:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 00:17 . 2009-05-27 00:17 -------- d-----w- c:\program files\Java
2009-05-26 23:25 . 2009-05-26 23:25 -------- d-sh--r- C:\RESTORE
2009-05-26 00:55 . 2009-05-26 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\LogFiles
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-21 22:23 . 2009-05-21 22:23 -------- d-----w- c:\windows\system32\Adobe
2009-05-21 04:01 . 2009-05-21 04:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-05-21 03:58 . 2007-10-23 12:22 3350528 ---h--w- c:\documents and settings\Ryan Fowler\Application Data\U3\temp\Launchpad Removal.exe
2009-05-21 03:58 . 2009-05-21 03:58 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\U3
2009-05-21 03:50 . 2009-05-21 03:50 -------- d-----w- c:\windows\system32\NtmsData
2009-05-21 03:40 . 2008-04-14 08:40 102912 ------w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-21 03:36 . 2008-04-14 08:41 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2009-05-21 03:34 . 2008-04-14 01:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-05-21 03:34 . 2008-04-14 03:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-21 03:14 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-05-21 03:11 . 2009-05-21 03:11 -------- d--h--w- c:\windows\$hf_mig$
2009-05-21 02:35 . 2008-04-14 02:09 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-05-21 02:32 . 2007-08-10 23:46 26488 ------w- c:\windows\system32\spupdsvc.exe
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ServicePackFiles
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ehome
2009-05-21 02:05 . 2008-04-14 08:42 270848 ------w- c:\windows\system32\sbe.dll
2009-05-21 02:04 . 2008-04-14 08:42 20992 ----a-w- c:\windows\system32\fontview.exe
2009-05-21 01:54 . 2009-03-09 18:27 453456 ------w- c:\windows\system32\d3dx10_41.dll
2009-05-21 01:49 . 2009-05-21 01:49 -------- d-----w- c:\windows\Logs
2009-05-21 01:25 . 2009-05-21 01:25 -------- d-----w- c:\program files\Spiceworks
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Blitware
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\program files\Driver Robot
2009-05-21 00:04 . 2009-05-21 00:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google
2009-05-20 23:02 . 2008-04-14 03:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-05-20 23:02 . 2008-04-14 03:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-05-20 22:50 . 2009-05-20 22:50 -------- d-----w- c:\windows\system32\bits
2009-05-20 22:49 . 2008-04-14 08:42 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-05-20 22:49 . 2008-04-14 08:42 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-05-20 22:49 . 2008-04-14 08:41 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-05-20 22:49 . 2008-04-14 08:41 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-05-20 22:49 . 2008-04-14 02:09 438784 ------w- c:\windows\system32\xpob2res.dll
2009-05-20 22:30 . 2008-10-16 17:09 43544 ------w- c:\windows\system32\wups2.dll
2009-05-20 22:30 . 2008-10-16 17:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-20 22:30 . 2008-10-16 17:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-05-20 22:30 . 2008-10-16 17:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-20 22:06 . 2009-05-27 21:28 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-15 02:21 . 2009-05-15 02:22 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\NOS
2009-05-15 02:21 . 2009-05-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 10:06 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 20:06 . 2009-05-04 02:29 1428 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-21 21:05 . 2009-05-21 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-21 21:05 . 2009-05-21 04:01 18504 ----a-w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:04 . 2009-05-21 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-21 20:58 . 2009-05-21 20:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Microsoft
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 20:55 . 2009-05-21 20:55 -------- d-----w- c:\program files\Windows Live
2009-05-21 20:53 . 2009-05-21 20:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 03:45 . 2009-05-04 02:11 86327 ------w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-06 23:04 . 2009-05-06 23:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\FrostWire
2009-05-06 23:03 . 2009-05-06 23:03 -------- d-----w- c:\program files\Common Files\Java
2009-05-04 03:08 . 2009-05-04 03:08 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\MSN6
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Symantec
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\RegTool
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\TouchStoneSoftware
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Microsoft Web Folders
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\QN74SR7K
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 02:12 . 2009-05-04 02:12 504832 ------w- c:\windows\system32\migicons.exe
2009-05-04 02:08 . 2009-05-04 02:08 21640 ------w- c:\windows\system32\emptyregdb.dat
2009-05-04 01:36 . 2009-05-04 01:36 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-04 00:41 . 2009-05-04 00:40 122 ------w- c:\windows\tmpdelis.bat
2009-05-04 00:15 . 2009-05-04 00:15 15120 ------w- c:\windows\system32\icfg95.dll
2009-05-03 23:51 . 2009-05-03 23:51 315424 ---h--r- c:\windows\HWINFO.DAT
2009-05-03 23:51 . 2008-10-17 03:09 11079 ---h--w- c:\program files\folder.htt
2009-05-03 23:39 . 2009-05-03 23:38 132418775 ---h--r- C:\W98UNDO.DAT
2009-04-30 21:57 . 2009-04-30 21:57 -------- d-----w- c:\program files\Mob Wars Toolbar
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-18 06:09 . 2009-04-18 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-03-16 17:18 . 2009-05-21 01:54 69448 ------w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 17:18 . 2009-05-21 01:54 517448 ------w- c:\windows\system32\XAudio2_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 235352 ------w- c:\windows\system32\xactengine3_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 22360 ------w- c:\windows\system32\X3DAudio1_6.dll
.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 10:06 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 08:42 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-04-04 66840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2008-10-18 221184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\Osa9.exe [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE c:\windows\SYSTEM32\TWEAKUI.CPL,TweakMeUp
"LoadQM"=loadqm.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/21/2009 6:04 PM 55152]
S2 gupdate1c9eae1d64e61d0;Google Update Service (gupdate1c9eae1d64e61d0);c:\program files\Google\Update\GoogleUpdate.exe [6/11/2009 7:13 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\SYMANTEC\LIVEUPDATE\NDETECT.EXE [2008-11-12 15:23]

2009-06-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.0.5.17\DriverRobot.exe [2009-05-21 20:59]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-789336058-1202660629-1003.job
- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 20:32]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 22:13]

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SYSTEM\blank.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Internet Explorer Classes for Java - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Win32 Classes
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 18:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(372)
c:\windows\system32\COMRes.dll
.
Completion time: 2009-06-13 18:54
ComboFix-quarantined-files.txt 2009-06-13 21:54
ComboFix2.txt 2009-06-13 20:36
ComboFix3.txt 2009-06-13 19:54

Pre-Run: 26,660,864,000 bytes free
Post-Run: 26,656,145,408 bytes free

199

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sat Jun 13, 2009 10:24 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sat Jun 13, 2009 10:49 pm

everything seem to be back to normal. Thanks. Also was wondering, why remove combo fix after? and how do i prevent stuff like this from happening again. And las t but not least do u know or can u recommend a good anti-virus download thats free or store bought.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sat Jun 13, 2009 10:58 pm

Combofix is far too powerful to be used without trained staff members watching over you.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sun Jun 14, 2009 2:01 am

Thank you very much for your help and recommendations.

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by bobbby103 on Sun Jun 14, 2009 2:51 am

one last thing, would AVG be the better anti-virus or avira?

bobbby103
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG 2013
Points Points : 27563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 stops everything im doing and won't remove

Post by Belahzur on Sun Jun 14, 2009 12:10 pm

Avira is better.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum