We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
How do I get rid of Total Security Program
Options
Comments
-
[/B]
On speeding up your computer at bootI'd get rid of the entries in bold as none of them need to start when the computer boots up. The ones in blue I would keep and delay their startup with winpatrol and unless you actually use the sidebar (in red) I would get rid of it.
Obviously once you've install Avira and PCTools Firewall you need to keep them starting up on boot.
Hiya
Thanks for the info. This is in the hijack program right? Also to go about doing this do I just run the scan again the tick and highlight the bold ones you have suggested.
Also can you tell me is this just taking them away from startup so it runs faster or is this deleting them as surely I need the wireless assistant and wireless manager to run so I can use wirless internet.
Just want to check as I am not sure.
many thanks0 -
Hiya
Thanks for the info. This is in the hijack program right? Also to go about doing this do I just run the scan again the tick and highlight the bold ones you have suggested.
Also can you tell me is this just taking them away from startup so it runs faster or is this deleting them as surely I need the wireless assistant and wireless manager to run so I can use wirless internet.
Just want to check as I am not sure.
many thanks
Quick question, have you ever used the wireless assistant/manager? If no then you dont need them. Either way you dont need them starting on boot. The easiest and probably the safest is to download WinPatrol and getting rid of them/delaying them that way. Winpatrol is self explanatory once you've seen it.
Before doing that follow alienriks suggestion though.0 -
Ok here are the results of the combofix log.
ComboFix 09-09-29.04 - Patricia 30/09/2009 20:44.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.764.174 [GMT -7:00]
Running from: c:\users\Patricia\Desktop\QWERTY.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2559858821-157603045-3620735659-500
c:\$recycle.bin\S-1-5-21-70900338-3400025044-3150093166-500
c:\users\Jonathon\AppData\Roaming\02000000cae95276648C.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276648O.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276648P.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276648S.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276663C.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276663O.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276663P.manifest
c:\users\Jonathon\AppData\Roaming\02000000cae95276663S.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276648C.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276648O.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276648P.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276648S.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276663C.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276663O.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276663P.manifest
c:\users\Patricia\AppData\Roaming\02000000cae95276663S.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276648C.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276648O.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276648P.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276648S.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276663C.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276663O.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276663P.manifest
c:\users\Thomas\AppData\Roaming\02000000cae95276663S.manifest
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Installer\53523050.msi
c:\windows\system32\buiNuWhbaiHwwoQ.vbs
c:\windows\system32\KJcQm635pi087g9.vbs
c:\windows\system32\oem19.inf
c:\windows\system32\pJAwsYg.vbs
.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.
2009-10-01 04:09 . 2009-10-01 04:09
d
w- c:\users\Thomas\AppData\Local\temp
2009-10-01 04:09 . 2009-10-01 04:09
d
w- c:\users\Default\AppData\Local\temp
2009-10-01 04:09 . 2009-10-01 04:09
d
w- c:\users\Jonathon\AppData\Local\temp
2009-09-30 18:51 . 2009-10-01 03:25
d
w- c:\users\Patricia\Tracing
2009-09-30 18:48 . 2009-09-30 18:48
d
w- c:\program files\Microsoft
2009-09-30 18:47 . 2009-09-30 18:47
d
w- c:\program files\Windows Live SkyDrive
2009-09-30 18:46 . 2009-09-30 18:50
d
w- c:\program files\Windows Live
2009-09-30 18:43 . 2009-09-30 18:43
d
w- c:\program files\Common Files\Windows Live
2009-09-30 18:39 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-30 18:39 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-30 18:39 . 2009-09-30 18:39
d
w- c:\programdata\Avira
2009-09-30 18:39 . 2009-09-30 18:39
d
w- c:\program files\Avira
2009-09-30 18:30 . 2009-09-30 18:30
d
w- c:\users\Patricia\AppData\Roaming\Trusteer
2009-09-30 18:30 . 2009-09-30 18:30
d
w- c:\programdata\Trusteer
2009-09-30 18:30 . 2009-09-30 18:30
d
w- c:\program files\Trusteer
2009-09-30 17:07 . 2009-09-30 17:07
d
w- c:\program files\Trend Micro
2009-09-30 06:25 . 2009-09-30 06:25
d
w- c:\programdata\SUPERAntiSpyware.com
2009-09-30 06:23 . 2009-09-30 06:23
d
w- c:\program files\SUPERAntiSpyware
2009-09-30 06:23 . 2009-09-30 06:23
d
w- c:\users\Patricia\AppData\Roaming\SUPERAntiSpyware.com
2009-09-30 06:22 . 2009-09-30 06:22
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-09-30 04:30 . 2009-09-30 04:30
d
w- c:\users\Patricia\AppData\Roaming\Malwarebytes
2009-09-30 04:30 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 04:30 . 2009-09-30 04:30
d
w- c:\programdata\Malwarebytes
2009-09-30 04:30 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 04:30 . 2009-09-30 04:59
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 03:51 . 2009-09-30 03:51
d
w- c:\programdata\LightScribe
2009-09-27 20:47 . 2009-09-27 20:52
d
w- c:\windows\system32\ca-ES
2009-09-27 20:47 . 2009-09-27 20:51
d
w- c:\windows\system32\eu-ES
2009-09-27 20:47 . 2009-09-27 20:51
d
w- c:\windows\system32\vi-VN
2009-09-27 19:54 . 2009-09-30 04:08
d
w- C:\$AVG8.VAULT$
2009-09-27 19:37 . 2009-09-27 19:37
d
w- c:\program files\AVG
2009-09-27 19:32 . 2009-09-27 19:32
d
w- c:\windows\system32\EventProviders
2009-09-26 22:06 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-26 22:06 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-26 22:06 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-26 22:06 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-26 22:06 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-26 22:06 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-26 22:06 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-26 22:06 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-26 22:03 . 2009-10-01 03:24 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-09-26 22:03 . 2009-09-26 22:02 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-09-26 21:59 . 2009-10-01 03:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-09-25 23:17 . 2009-09-30 05:25
d
w- c:\program files\TS
2009-09-24 20:40 . 2009-02-18 18:38 619864 ----a-w- c:\windows\system32\icardagt.exe
2009-09-24 20:39 . 2009-04-11 06:28 290816 ----a-w- c:\windows\system32\msjtes40.dll
2009-09-24 20:38 . 2009-04-11 06:28 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-09-24 20:37 . 2009-04-11 06:28 2205184 ----a-w- c:\windows\system32\SyncCenter.dll
2009-09-24 20:36 . 2009-04-11 06:28 128000 ----a-w- c:\windows\system32\vdsutil.dll
2009-09-24 20:35 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-24 20:35 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-24 20:35 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-24 20:35 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-24 20:35 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-24 20:35 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-24 20:35 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-24 20:35 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-24 20:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 20:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 20:35 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-21 20:14 . 2009-09-21 20:14 680 ----a-w- c:\users\Patricia\AppData\Local\d3d9caps.dat
2009-09-11 04:27 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 04:27 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-11 04:27 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-11 04:27 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-11 04:27 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-11 04:27 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-11 04:27 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-11 04:27 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 04:27 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-11 04:27 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-11 04:27 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-11 04:05 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 04:05 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 04:05 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 04:05 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-11 04:05 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 04:05 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 04:05 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-11 04:05 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-11 04:05 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-11 04:05 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-11 04:05 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-09 04:14 . 2006-09-05 02:16 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-09 04:14 . 2006-09-05 02:16 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-09 04:14 . 2009-09-09 05:17
d
w- c:\program files\Cheat Engine
2009-09-06 06:35 . 2009-09-06 06:35
d
w- c:\users\Patricia\AppData\Roaming\Datel
2009-09-06 04:23 . 2009-09-06 04:24
d
w- c:\users\Patricia\AppData\Local\Roblox
2009-09-05 03:41 . 2009-09-05 03:41 680 ----a-w- c:\users\Jonathon\AppData\Local\d3d9caps.dat
2009-09-03 20:07 . 2009-09-03 20:07
d
w- c:\users\Patricia\AppData\Local\web'n'walk Manager
2009-09-03 05:50 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 05:50 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 04:50 . 2009-09-02 04:50
d
w- c:\programdata\HPSSUPPLY
2009-09-02 04:44 . 2009-09-02 04:44
d
w- c:\program files\Common Files\Hewlett-Packard
2009-09-02 04:43 . 2009-09-02 04:49
d
w- c:\program files\Common Files\HP
2009-09-02 04:36 . 2009-09-02 04:56 148896 ----a-w- c:\windows\hpoins19.dat
2009-09-02 04:36 . 2007-03-13 19:52 26952 ----a-w- c:\windows\hpomdl19.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 03:23 . 2008-07-23 12:49
d
w- c:\programdata\hpqLog
2009-09-30 18:50 . 2009-05-27 16:39
d
w- c:\program files\MSN Messenger
2009-09-30 18:18 . 2008-07-23 12:29
d
w- c:\program files\Hewlett-Packard
2009-09-30 18:16 . 2008-07-23 13:03
d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 20:53 . 2006-11-02 12:35
d
w- c:\program files\Windows Calendar
2009-09-27 20:53 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Sidebar
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Collaboration
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Photo Gallery
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Defender
2009-09-27 19:54 . 2009-07-05 19:32
d
w- c:\program files\Burn4Free
2009-09-27 19:27 . 2008-07-23 13:56
d
w- c:\program files\Java
2009-09-27 11:13 . 2009-06-28 11:16 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-09-25 20:20 . 2009-07-06 19:13
d
w- c:\users\Jonathon\AppData\Roaming\LimeWire
2009-09-02 04:50 . 2008-07-23 13:49
d
w- c:\program files\HP
2009-09-02 04:46 . 2009-06-23 19:28
d
w- c:\programdata\HP
2009-09-01 20:08 . 2009-09-01 20:08 0 ----a-w- c:\users\Thomas\AppData\Roaming\wklnhst.dat
2009-09-01 17:51 . 2009-09-01 17:39 138 ----a-w- c:\users\Jonathon\AppData\Roaming\wklnhst.dat
2009-08-30 23:37 . 2009-06-29 00:43
d
w- c:\users\Patricia\AppData\Roaming\LimeWire
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 12:23 . 2009-07-20 17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-09-26 22:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-26 22:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-26 22:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-26 22:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 12:57 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 12:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 12:57 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 12:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 12:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2008-07-23 13:00 . 2008-07-23 13:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.0 -
Continued
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-24 68592]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\users\Jonathon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-7-23 197904]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2008-11-11 1463296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
"UpdatesDisableNotify"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):25,5a,ca,d1,b5,3f,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{44511208-0329-4EC5-B367-5574C3138068}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B6349490-E83E-497B-A84F-3C33EA99CE2A}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{42DE3281-6492-41CB-8BCB-274BA9220051}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{28654201-600D-4AEE-9ED5-E30CFCFF6AB7}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{525CA88F-9FE9-4FF2-8511-C19EEEB7B6F5}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{D1B5E41C-FCCE-42F8-B859-4152D1E1B8BC}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{C8614703-4421-4C12-9C74-1F1B62382BD1}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{11B419B8-952E-481D-8047-6B77BC04919F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CE98CA4A-A307-4F5A-85F9-D880DEA8DEB1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{EA24A569-0F50-4711-A520-39309AB3716A}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{5FBCA2A5-F805-479E-BC2F-E01D8FC16D21}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{BC4B76D6-C2D4-439C-B2F6-C484720462F1}c:\\users\\jonathon\\appdata\\local\\roblox\\versions\\version-2f6ea3011fda4149\\robloxapp.exe"= UDP:c:\users\jonathon\appdata\local\roblox\versions\version-2f6ea3011fda4149\robloxapp.exe:robloxapp.exe
"UDP Query User{FE471CF8-6274-4860-8D3A-95E25BAF319E}c:\\users\\jonathon\\appdata\\local\\roblox\\versions\\version-2f6ea3011fda4149\\robloxapp.exe"= TCP:c:\users\jonathon\appdata\local\roblox\versions\version-2f6ea3011fda4149\robloxapp.exe:robloxapp.exe
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [30/05/2008 09:37 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [30/05/2008 09:37 12928]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [27/09/2009 12:53 58856]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [27/09/2009 12:53 333928]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [30/05/2008 09:37 12496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11:42 74480]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16:08 182576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/09/2009 11:39 108289]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [20/01/2008 19:33 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [20/01/2008 19:33 21504]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [30/04/2008 16:52 200704]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [02/06/2008 10:32 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [30/05/2008 09:36 256512]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 11:13 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [23/07/2008 06:03 576024]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [27/09/2009 12:53 967912]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23/07/2008 06:57 193840]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11:42 7408]
S2 0229371245782934mcinstcleanup;McAfee Application Installer Cleanup (0229371245782934);c:\users\Patricia\AppData\Local\Temp\022937~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Patricia\AppData\Local\Temp\022937~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [20/01/2008 19:32 179712]
S3 GTUHSBUS;GT UHS BUS;c:\windows\System32\drivers\gtuhsbus.sys [07/11/2008 11:57 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\System32\drivers\gtuhs51.sys [07/11/2008 11:58 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\System32\drivers\gtuhsoms.sys [07/11/2008 12:01 20352]
S3 GTUHSSER;GT UHS SER;c:\windows\System32\drivers\gtuhsser.sys [07/11/2008 12:03 8064]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{C282AC2B-E59A-47D6-A0C2-FC4546553256}.job
- c:\windows\system32\msfeedssync.exe [2009-09-26 20:13]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 21:11
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\APSHook.dll
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
Completion time: 2009-10-01 21:17
ComboFix-quarantined-files.txt 2009-10-01 04:17
Pre-Run: 113,908,359,168 bytes free
Post-Run: 116,007,251,968 bytes free
367 --- E O F --- 2009-09-28 23:480 -
ok
Your still infected and combofix has removed quite a bit itself (trojans/worms)
I also notice you use LIMEWIRE which is almost certainly one of the reasons why your having these problems
Open notepad and copy/paste the text in RED below
File::
c:\users\Jonathon\AppData\Local\d3d9caps.dat
c:\windows\hpomdl19.dat
c:\windows\hpoins19.dat
c:\windows\system32\rpcnetp.dll
c:\users\Thomas\AppData\Roaming\wklnhst.dat
c:\users\Jonathon\AppData\Roaming\wklnhst.dat
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
UPDATE superantispyware and scan the WHOLE computer with it
Then ~
Download DR WEB
http://www.freedrweb.com/download+cureit/
Run it as normal then set it to scan the WHOLE computer:idea:0 -
morning alienrik
Ok will do the above today. Boy you have to do a fair bit to get rid of all the nasties on your computer eh. Hadnt a clue half this stuff existed0 -
Generally speaking, if you use your computer carefully then you wont even need to use these programs
Youve decided to use 'limewire' which has MILLIONS of infected downloadable files:idea:0 -
Generally speaking, if you use your computer carefully then you wont even need to use these programs
Youve decided to use 'limewire' which has MILLIONS of infected downloadable files
Its my sisters pc and she has 2 kids who love the music so thats why she doesnt even know ow to work it lol. Although I have to be honest and say It is on my brothers laptop as well he loves music. Will need to tell him its maybe not worth it, if its causing all this junk on laptop
My £700 hp laptop went kaput after 2 years so not a happy bunny, currently saving up for a new one
which is why I am using brothers
Thanks again will update later0 -
seeing it's Vista , Sister sets up Admin User with Password (which the kids do not have ) and deletes Limewire.Set up Limited user id's for the kids (which means they cannot install programs) and they can surf to their hearts content but not install limewire
Ex forum ambassador
Long term forum member0 -
seeing it's Vista , Sister sets up Admin User with Password (which the kids do not have ) and deletes Limewire.Set up Limited user id's for the kids (which means they cannot install programs) and they can surf to their hearts content but not install limewire
Thats a great tip thanks. I have already told her its coming off wether she likes it or not
She is fine with that she is just so glad the computer is now ok thanks to you guys on here.
Your all :A0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards