Can't get rid of total security. Please help

View previous topic View next topic Go down

Can't get rid of total security. Please help

Post by Clandry22 on 28th September 2009, 6:34 am

I have malwarebytes and have run through the scan twice. I've also used spybot and hijack this. I've followed all the steps I found on this website multiple times but total security is still there! Everytime I run a scan it comes up with nothing. What to do??

Clandry22
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-09-28
OS OS : Xp
Points Points : 26304
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of total security. Please help

Post by Dr Jay on 28th September 2009, 11:46 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

i think its gone :)

Post by Clandry22 on 28th September 2009, 7:25 pm

ComboFix 09-09-27.05 - Trash 09/28/2009 13:43.1.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.748 [GMT -5:00]
Running from: c:\documents and settings\Trash\Desktop\svchost.exe.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Trash\Application Data\inst.exe
C:\p2hhr.bat
c:\program files\TS\tsc.exe
c:\recycler\S-1-5-21-2052111302-1177238915-1801674531-1003
c:\windows\jestertb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 05:29 . 2009-09-28 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-28 05:29 . 2009-09-28 05:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-28 05:12 . 2009-09-28 05:12 -------- d-----w- c:\program files\Trend Micro
2009-09-28 04:33 . 2009-09-28 04:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-27 23:38 . 2009-09-27 23:38 -------- d-----w- c:\program files\Common Files\TSUninstall
2009-09-27 23:37 . 2009-09-28 18:54 -------- d-----w- c:\program files\TS
2009-09-23 10:00 . 2009-09-23 10:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-22 16:31 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-22 16:31 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-22 04:07 . 2009-09-22 04:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-22 02:35 . 2009-09-22 02:35 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-22 02:33 . 2009-09-22 02:33 -------- d-----w- c:\program files\iPod
2009-09-22 02:33 . 2009-09-22 02:34 -------- d-----w- c:\program files\iTunes
2009-09-22 02:33 . 2009-09-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 02:30 . 2009-09-22 02:31 -------- d-----w- c:\program files\QuickTime
2009-09-21 23:02 . 2005-12-19 16:08 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2009-09-21 23:02 . 2005-12-19 16:08 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-09-21 23:02 . 2005-12-19 16:08 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2009-09-21 23:02 . 2005-12-19 16:08 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-09-21 23:02 . 2005-12-19 16:08 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2009-09-21 23:02 . 2005-12-19 16:08 86016 ----a-w- c:\windows\system32\preflib.dll
2009-09-21 23:02 . 2005-12-19 16:08 44032 ----a-w- c:\windows\system32\wltrynt.dll
2009-09-21 23:02 . 2005-12-19 16:08 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2009-09-21 23:02 . 2005-12-19 16:08 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2009-09-21 23:02 . 2005-12-19 16:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
2009-09-18 22:32 . 2009-09-18 22:32 -------- d-----w- c:\program files\ESET
2009-09-18 22:32 . 2009-09-18 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-18 19:03 . 2009-09-18 19:03 -------- d-----w- c:\documents and settings\Trash\Application Data\Malwarebytes
2009-09-18 19:03 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 19:03 . 2009-09-18 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 19:03 . 2009-09-18 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 19:03 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 19:42 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-31 02:52 . 2009-08-31 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-31 02:52 . 2009-09-20 17:06 -------- d-----w- c:\documents and settings\Trash\Application Data\SUPERAntiSpyware.com
2009-08-31 02:52 . 2009-09-20 17:06 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 23:18 . 2009-08-01 22:40 39940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-27 20:11 . 2008-05-30 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-26 19:40 . 2007-06-23 22:12 -------- d-----w- c:\program files\Sound Forge XP
2009-09-26 19:22 . 2007-05-04 19:29 -------- d-----w- c:\documents and settings\Trash\Application Data\Apple Computer
2009-09-22 02:33 . 2007-09-18 23:13 -------- d-----w- c:\program files\Common Files\Apple
2009-09-18 18:46 . 2009-08-30 17:54 48208 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 23:18 . 2009-09-17 23:18 0 ------w- c:\windows\system32\bcm3A.tmp
2009-09-17 23:17 . 2009-09-17 23:17 0 ------w- c:\windows\system32\bcm29.tmp
2009-09-17 23:17 . 2009-09-17 23:17 0 ------w- c:\windows\system32\bcm10.tmp
2009-09-17 20:57 . 2007-04-25 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-29 02:42 . 2009-03-18 03:55 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 02:42 . 2007-11-06 18:18 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-23 21:49 . 2007-05-03 23:54 48208 ----a-w- c:\documents and settings\Trash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 10:09 . 2009-08-23 10:09 -------- d-----w- c:\program files\MSBuild
2009-08-23 10:09 . 2009-08-23 10:09 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 04:51 . 2009-08-03 04:42 -------- d-----w- c:\documents and settings\Trash\Application Data\Media Player Classic
2009-08-03 04:42 . 2009-08-03 04:42 -------- d-----w- c:\program files\Media Player Classic
2009-08-01 22:39 . 2009-08-01 22:39 -------- d-----w- c:\program files\Safari
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-13 67128]
"TranscodingService"="c:\program files\TiVo\Desktop\TranscodingService.exe" [2009-01-27 520192]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-01-27 425472]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-01-27 2143232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom reƖ Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-04-10 270336]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 1451264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-25 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-7-12 67128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/24/2008 10:53 PM 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/24/2008 10:51 PM 468224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/5/2007 7:43 PM 24652]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [8/16/2008 4:34 PM 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [8/16/2008 4:34 PM 3768]
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-04 10:27]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TS - c:\program files\TS\tsc.exe
HKCU-Run-Aim6 - (no file)
AddRemove-TS - c:\program files\TS\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-28 14:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-28 14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 19:11

Pre-Run: 29,836,316,672 bytes free
Post-Run: 29,717,221,376 bytes free

203 --- E O F --- 2009-09-23 10:00

Clandry22
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-09-28
OS OS : Xp
Points Points : 26304
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of total security. Please help

Post by Dr Jay on 28th September 2009, 11:34 pm

Hi

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\TS
    c:\program files\Common Files\TSUninstall

    FCopy::
    c:\windows\ServicePackFiles\i386\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum