Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total Security 2009 removal help needed please - Can't run anything including a renamed version of hijackthis


  • This topic is locked This topic is locked
2 replies to this topic

#1 jameski

jameski

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 23 August 2009 - 09:54 AM

Total Security 2009 removal help needed please - Can't run anything including a renamed version of hijack this.

Man this thing is a bugger...

Would be thankful for any help at all on this nasty guy.

M

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by SHARIK at 9:57:15.78 on Sun 08/23/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.591 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {5727669C-2FEF-4657-BF2D-5DC46C76AB9C}
FW: Symantec Protection Agent 5.1 *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec\SPA\SmcGui.exe
svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\sharic\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://Amdocsportal
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: c:\windows\system32\tajf83ikdmf.dll: {bf56a325-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\tajf83ikdmf.dll
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
uRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MyKeys] "c:\program files\mfk\MFK.EXE" /M
uRun: [AntiSpyware Service] c:\docume~1\sharic\locals~1\temp\annbrfoz0.exe
uRun: [Windows System Recover!] c:\docume~1\sharic\locals~1\temp\install.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Protect Tray] "c:\program files\pointsec\P95tray.exe"
mRun: [Babylon Client] c:\program files\babylon\Babylon.exe -AutoStart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [12678594] c:\documents and settings\all users\application data\12678594\12678594.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gkprobe.lnk - c:\program files\credant\gatekeeper\GKProbe.exe
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 1 (0x1)
mPolicies-system: consentpromptbehavioradmin = 0 (0x0)
mPolicies-system: enableinstallerdetection = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amadeus.com
Trusted Zone: genforum.com
Trusted Zone: sympweb1srv
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {44BD92DB-D8A8-43A8-8900-DD73310A59EB} - hxxp://10.224.2.9/common/controls/todg8.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144909018312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://usportal3.amdocs.com/prx/000/http/localhost/tcs/global/TerminalServices/TerminalSvcsTCS.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://stlvpn.amdocs.com/prx/000/http/localhost/arr_x.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6A553B1-4B5F-4974-866F-98C1D1EBD3DE} - hxxps://usportal.amdocs.com/prx/000/http/wwwstl2/tc/CPubAppsTCS.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://stlvpn.amdocs.com/prx/00/54xr/sLqmu0t3~/s7j2yx@61zBq/42400=_/SodaAgent.CAB
TCP: {7BFFD8DD-1321-47D4-8E0A-4BA4BB48D08B} = 10.26.48.70,10.8.0.7,10.26.252.70
Notify: csma_ldr - csma_ldr.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\windows\system32\sims\SIMSShellHook.dll
STS: c:\windows\system32\tajf83ikdmf.dll: {bf56a325-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\tajf83ikdmf.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-23 130936]
R0 prot_2k;prot_2k;c:\windows\system32\drivers\Prot_2k.sys [2006-9-12 236544]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-3-15 85760]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-3-15 14720]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-3-15 6400]
S0 rskcore;Citrix System Monitoring Kernel Core;c:\windows\system32\drivers\rskcore.sys [2007-6-12 35424]
S1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2008-2-25 2560]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-3-15 4736]
S1 SysGuard;SysGuard;c:\windows\system32\drivers\Sysguard.sys [2007-1-18 44634]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-3-15 4442]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2005-11-9 225296]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-11-9 36368]
S2 V7;V7;c:\windows\system32\drivers\V7.SYS [2006-3-15 5536]
S3 ATP;ArrayNetworks SSL VPN Miniport Driver;c:\windows\system32\drivers\atpdrvr.sys [2007-10-14 16896]
S3 DHEAPDMP;DHEAPDMP;c:\windows\system32\drivers\dheapdmp.sys [2007-10-4 17128]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-08-23 08:53 <DIR> --d----- c:\docume~1\sharic\applic~1\Malwarebytes
2009-08-23 08:48 <DIR> --d----- c:\program files\damm
2009-08-23 08:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 08:43 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 08:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 08:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 07:05 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-23 07:05 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-23 07:05 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-23 07:05 <DIR> --d----- c:\program files\common files\PC Tools
2009-08-23 07:05 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-23 07:04 <DIR> --d----- c:\program files\Spyware Doctor
2009-08-23 07:04 <DIR> --d----- c:\docume~1\sharic\applic~1\PC Tools
2009-08-23 07:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-08-22 07:19 723,456 a------- c:\windows\system32\wscsvc32.exe
2009-08-22 07:19 257,536 a------- c:\windows\system32\resdll.dll
2009-08-22 07:19 24,576 a------- c:\windows\system32\tapi.nfo
2009-08-22 07:17 0 a------- C:\jmncixi.exe
2009-08-22 07:17 2 a------- C:\16526800
2009-08-22 07:16 15,000 a------- c:\windows\system32\tajf83ikdmf.dll
2009-08-22 07:16 10,752 a------- C:\puvutst.exe
2009-08-22 07:15 <DIR> --dsh--- c:\windows\system32\lowsec
2009-08-22 07:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12678594

==================== Find3M ====================

2009-08-23 09:11 2,560 a------- c:\windows\system32\drivers\mchInjDrv.sys
2009-07-20 16:37 3 a---h--- C:\AmdocsLastManage.dat

============= FINISH: 9:59:22.65 ===============

Attached Files


Edited by jameski, 23 August 2009 - 10:05 AM.


BC AdBot (Login to Remove)

 


#2 jameski

jameski
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 24 August 2009 - 03:46 PM

UPDATE -

I found the fix for this.

Step 1 - format drive
Step 2 - Reinstall OS

Works great now...

:thumbup2:

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:46 PM

Posted 25 August 2009 - 01:24 AM

Hello

Thank you for letting us know. Sometimes a reformat and reinstall is the best and quickest solution. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users