We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
How do I get rid of ''Total Security'' ?
Comments
-
to be honest I would still do the Combofix one, cannot see that it removed the infection on that log (unless there was an earlier one from last night ??)Ex forum ambassador
Long term forum member0 -
There was an earlier one from last night which I must have deleted. There are only the two shown above in 'logs' from this morning. Should I still do the Combofix one ?0
-
I would to be sure , I've used it on loads of PC's with no problem
post the log when its done (take about 20 monutes)Ex forum ambassador
Long term forum member0 -
ComboFix 09-09-20.04 - Helene 21/09/2009 18:55.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.246 [GMT 1:00]
Running from: c:\documents and settings\Helene\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090920-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {2736EE90-D7F8-499E-AA60-E65D4C2FE069}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycled\WinLiveUpdate32
c:\windows\Installer\298dcf6.msp
c:\windows\system32\ijl11pro.dll
c:\windows\system32\pwdmon.dll
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 00:21 . 2009-09-21 18:17
d
w- c:\documents and settings\All Users\Application Data\Rpxmzf
2009-09-21 00:21 . 2009-09-21 00:21
d
w- c:\program files\Rpxmzs
2009-09-21 00:20 . 2009-09-21 00:20
d
w- c:\documents and settings\All Users\Application Data\Rptlif
2009-09-20 23:06 . 2009-09-20 23:06
d
w- c:\documents and settings\Tony\Application Data\OpenOffice.org
2009-09-20 21:16 . 2009-09-20 21:16
d
w- c:\documents and settings\Helene\Application Data\Malwarebytes
2009-09-20 21:16 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 21:16 . 2009-09-20 21:16
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-20 21:16 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 21:16 . 2009-09-20 21:23
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 19:47 . 2009-09-20 19:47
d
w- c:\program files\ESET
2009-09-09 17:39 . 2009-06-21 21:44 153088
w- c:\windows\system32\dllcache\triedit.dll
2009-08-29 21:26 . 2009-08-29 21:26
d
w- c:\documents and settings\Helene\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-08-29 21:05 . 2009-08-29 21:05
d
w- c:\program files\Common Files\Adobe AIR
2009-08-29 21:03 . 2009-08-29 21:21
d
w- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 00:18 . 2005-11-21 22:20 25096 ----a-w- c:\documents and settings\Helene\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 22:08 . 2009-08-20 21:02
d
w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2009-09-04 18:52 . 2008-11-04 20:49
d
w- c:\program files\Java
2009-08-29 21:09 . 2005-11-29 22:53
d
w- c:\program files\Common Files\Adobe
2009-08-18 23:37 . 2009-08-18 23:37
d
w- c:\program files\MSBuild
2009-08-18 23:37 . 2009-08-18 23:37
d
w- c:\program files\Reference Assemblies
2009-08-18 11:33 . 2008-07-16 16:58
d
w- c:\program files\Spybot - Search & Destroy
2009-08-18 11:31 . 2008-07-16 16:58
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 16:28 . 2009-08-17 16:18
d
w- c:\documents and settings\Helene\Application Data\Nitro PDF
2009-08-17 16:10 . 2008-07-17 10:39 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-07-17 10:39 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-07-17 10:39 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-07-17 10:39 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-07-17 10:39 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-07-17 10:40 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-07-17 10:40 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-07-17 10:40 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-07-17 10:39 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 15:18 . 2009-08-17 15:18
d
w- c:\program files\Common Files\Nitro PDF
2009-08-17 15:18 . 2009-08-17 15:18
d
w- c:\documents and settings\All Users\Application Data\Nitro PDF
2009-08-17 15:18 . 2009-08-17 15:18
d
w- c:\program files\Nitro PDF
2009-08-17 15:16 . 2009-08-17 15:16
d
w- c:\documents and settings\Helene\Application Data\Downloaded Installations
2009-08-12 17:07 . 2005-11-29 22:56
d
w- c:\documents and settings\Helene\Application Data\AdobeUM
2009-08-05 09:01 . 1980-01-01 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 04:23 . 2008-11-04 20:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 1980-01-01 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 11:21 . 2005-10-25 15:53 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 1980-01-01 08:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2005-10-25 15:53 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 1980-01-01 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 1980-01-01 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 1980-01-01 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 1980-01-01 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 1980-01-01 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 1980-01-01 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 1980-01-01 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-20 98304]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Rpxmzk"="c:\program files\Rpxmzs\Rpxmzps.exe" [2009-09-21 335872]
"Sound Card Driver"="c:\documents and settings\Helene\My Documents\Finance\IBM-3B85E0F88AF\svchost.exe" [2009-09-04 189831]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\Helene\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 11:07 262144 ----a-w- c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^STK016 PNP Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\STK016 PNP Monitor.lnk
backup=c:\windows\pss\STK016 PNP Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170758029\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/07/2008 11:39 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [19/07/2008 00:03 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [25/10/2005 17:26 16384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/07/2008 11:39 20560]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [24/09/2004 02:39 64256]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [23/06/2009 11:55 188736]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [01/07/2008 10:51 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [01/07/2008 10:51 1357096]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [19/07/2008 00:01 65576]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 09:00 13904]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [25/10/2005 17:23 12288]
.
Contents of the 'Scheduled Tasks' folder
2006-06-07 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-10-25 09:37]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-TS - c:\program files\TS\tsc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 19:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\tphklock.dll
.
Other Running Processes
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2009-09-21 19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-21 18:22
Pre-Run: 18,048,606,208 bytes free
Post-Run: 19,921,022,976 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect
217 --- E O F --- 2009-09-09 23:150 -
Slight problems now :
Keep getting a little box titled svchost saying
X Sorry, Jpeg.dll not found. You must reinstall this program.
If you click 'ok' it disappears, but reappears 30 secs later - should I just close (if I can) and ignore ? Edit - it won't close.
And I'm looking for my Sunbelt - it's disappeared from my bottom right corner. Edit - Sunbelt is still on the desktop. but no shield bottom right. I had to disable it to run Combofix so presumerably still disabled. Can't seem to get it running (was the free version) ??
Both sorted - seem to have 'reset' themselves.0 -
download Java update and see if it goes
Windows XP/Vista/2000/2003/2008 Online
filesize: ~ 10 MB *
http://www.java.com/en/download/manual.jspEx forum ambassador
Long term forum member0 -
download Java update and see if it goes
Windows XP/Vista/2000/2003/2008 Online
filesize: ~ 10 MB *
http://www.java.com/en/download/manual.jsp
The two issues seem to have resolved themselves . I assume the java related to these ?
No sign of the dreaded 'Total Security' :beer:.
Huge thanks Browntoa.0 -
you need to start your own thread , each fix is generic to the User/PC I'm afraid, will get confusing for the original posterEx forum ambassador
Long term forum member0 -
-
omg I cant believe this. I have my sisters laptop and she is having the exact same problem with this total security program arggggh its driving me mad. I will follow the steps in your posts browntoa, and If I have any probs I will start a new thread as per your response to another poster.
many thanks0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards