Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

total security 4.52/ spyware


  • This topic is locked This topic is locked
2 replies to this topic

#1 dougrx

dougrx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 02 September 2009 - 07:50 PM

Pasting in additional information from another post. ~ OB

Desktop screen says: WARNING Your're in danger! your computer is infected with spyware! And yes that is how they have you're spelled (your're).
I can't even reinstall windows xp in safe mode. I can get the date/time to open when the computer is first turned on but once everything comes up it wont open.
Continuous pop-ups. one common pop-up is Isass.exe-corrupt file. The take over application seems to be Total Protection 4.52.
Here are the reports: it wont let me upload them directly so I will try to put them all in note book in safe mode first and try to transfer that way. RootRepeal 1st.:

End of added information. ~ OB

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/02 19:4
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF977B000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF9F56000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\System32\drivers\rootrepeal.sys
Address: 0xF9C12000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\kbiwkmexaaxnvx.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\kbiwkmivmlaldo.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\kbiwkmwppkrode.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\kbiwkmxlnhdnro.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\kbiwkmbfdxjita.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\doug medeiros.gipsy-machine\local settings\temp\fla3b.tmp
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temp\fla29.tmp
Status: Allocation size mismatch (API: 1114112, Raw: 1048576)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temp\fla2f.tmp
Status: Allocation size mismatch (API: 917504, Raw: 589824)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temp\fla30.tmp
Status: Allocation size mismatch (API: 851968, Raw: 786432)

Path: C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Local Settings\Temp\fla58.tmp
Status: Could not get file information (Error 0xc0000008)

Path: c:\documents and settings\doug medeiros.gipsy-machine\local settings\temp\wer4c.tmp.dir00\iexplore.exe.hdmp
Status: Allocation size mismatch (API: 32047104, Raw: 11534336)

Path: c:\documents and settings\doug medeiros.gipsy-machine\local settings\temporary internet files\content.ie5\ghsx6vk5\partner1_19f32e3d-1ebc-4ee8-9d7a-3e78c5c0b76f[1].flv
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\73uujaas\hamlettrailer_v2[1].flv
Status: Allocation size mismatch (API: 1114112, Raw: 786432)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\73uujaas\cae7g9yr.htm
Status: Allocation size mismatch (API: 12288, Raw: 16384)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\8d6rw9an\cakeclsj.htm
Status: Allocation size mismatch (API: 12288, Raw: 16384)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\c1j6l327\ca5rfps8.htm
Status: Allocation size mismatch (API: 12288, Raw: 16384)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\g1ybk9yr\legaisavoir[1].flv
Status: Allocation size mismatch (API: 851968, Raw: 589824)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\g1ybk9yr\topic34773[1].html
Status: Allocation size mismatch (API: 20480, Raw: 32768)

Path: c:\documents and settings\doug medeiros.musicmachine.000\local settings\temporary internet files\content.ie5\myfrlwyp\ca43w7qv.htm
Status: Allocation size mismatch (API: 12288, Raw: 16384)

Path: C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Application Data\Macromedia\Flash Player\#SharedObjects\HGXQQAQ6\media.mtvnservices.com\player\release\DownShiftHistory.sol
Status: Could not get file information (Error 0xc0000008)

Stealth Objects
-------------------
Object: Hidden Module [Name: kbiwkmivmlaldo.dll]
Process: svchost.exe (PID: 412) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: kbiwkmwppkrode.dll]
Process: Explorer.EXE (PID: 704) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: kbiwkmddifnmxe
Image Path: C:\WINDOWS\system32\drivers\kbiwkmbfdxjita.sys

==EOF==


DDS (Ver_09-07-30.01) - NTFSx86 MINIMAL
Run by doug medeiros at 19:35:41.24 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.174 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\sdra64.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [servises] c:\windows\system32\servises.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [servises] c:\windows\system32\servises.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [lsass] c:\windows\lsass.exe
mRun: [17187824] c:\documents and settings\all users.windows\application data\17187824\17187824.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: {00000162-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\windows\system32\drivers\EL556ND5.sys [2009-7-21 55999]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-24 66056]
S3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [2009-7-21 174464]
S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;c:\windows\system32\drivers\WDHAALBA.sys [2009-7-21 701386]

=============== Created Last 30 ================

2009-08-29 23:06 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\17187824
2009-08-29 23:05 280,576 a------- c:\windows\lsass.exe
2009-08-08 11:13 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-08-08 11:13 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-08-08 11:13 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-08-08 11:13 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-08-08 11:13 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-08-08 11:13 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-08-08 11:13 306,688 a------- c:\windows\IsUninst.exe
2009-08-08 11:10 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-08-08 11:10 49,664 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-08-08 11:09 109,990 a------- c:\windows\hpoins08.dat
2009-08-08 11:09 7,577 -------- c:\windows\hpomdl08.dat
2009-08-08 11:09 37,376 a------- c:\windows\system32\hpz3l43a.dll
2009-08-08 11:09 77,824 a----r-- c:\windows\system32\hpzids01.dll
2009-08-08 11:09 282,624 a----r-- c:\windows\system32\HPZc3212.dll
2009-08-08 11:09 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-08-08 11:05 24,960 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-08-08 11:05 24,960 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-02 11:59 23,040 a------- c:\windows\system32\servises.exe
2009-08-02 11:59 6 a------- c:\windows\system32\_id.dat
2009-07-31 23:34 120 a------- c:\windows\cdplayer.ini

==================== Find3M ====================

2009-07-23 09:04 71,627 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-22 19:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-21 18:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-29 11:38 33,792 a------- C:\syst.exe
2009-06-29 11:38 33,792 a------- C:\asasa.exe

============= FINISH: 19:37:10.75 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2009 3:02:46 PM
System Uptime: 8/30/2009 7:34:42 PM (0 hours ago)

Motherboard: Dell Computer Corporation | | Inspiron 8100
Processor: Intel® Pentium® III Mobile CPU 1000MHz | Microprocessor | 996/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 18.101 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/21/2009 7:20:50 PM - System Checkpoint
RP2: 7/22/2009 7:39:18 PM - Installed Java™ 6 Update 14
RP3: 7/23/2009 7:47:10 PM - System Checkpoint
RP4: 7/24/2009 3:53:12 PM - Installed Windows Installer KB893803v2.
RP5: 7/24/2009 3:53:54 PM - Installed Adobe Reader 9.1.
RP6: 7/25/2009 7:42:21 PM - System Checkpoint
RP7: 7/25/2009 9:08:30 PM - Installed Odyssey Client
RP8: 7/25/2009 9:09:29 PM - Installed Wireless-G Notebook Adapter
RP9: 7/28/2009 5:43:38 PM - System Checkpoint
RP10: 7/29/2009 7:04:20 PM - System Checkpoint
RP11: 7/30/2009 7:14:07 PM - System Checkpoint
RP12: 8/4/2009 7:26:38 PM - System Checkpoint
RP13: 8/8/2009 11:12:46 AM - Installed Windows XP KB822603.
RP14: 8/8/2009 11:18:57 AM - Printer Driver HP Officejet 6300 series fax Installed
RP15: 8/9/2009 12:14:41 PM - System Checkpoint
RP16: 8/10/2009 4:53:33 PM - System Checkpoint
RP17: 8/11/2009 5:19:55 PM - System Checkpoint
RP18: 8/12/2009 5:37:07 PM - System Checkpoint
RP19: 8/14/2009 4:02:02 PM - System Checkpoint
RP20: 8/16/2009 1:31:06 PM - System Checkpoint
RP21: 8/17/2009 2:40:22 PM - System Checkpoint
RP22: 8/18/2009 6:56:34 PM - System Checkpoint
RP23: 8/21/2009 8:14:02 AM - System Checkpoint
RP24: 8/28/2009 12:34:55 PM - System Checkpoint
RP25: 8/30/2009 11:52:14 AM - System Checkpoint
RP26: 9/1/2009 8:08:55 PM - System Checkpoint

==== Installed Programs ======================

6300
6300_Help
6300Trb
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AiO_Scan_CDA
AiOSoftwareNPI
BufferChm
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
Fax_CDA
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
Java™ 6 Update 14
NewCopy_CDA
Odyssey Client
ProductContextNPI
Readme
Scan
ScannerCopy
SolutionCenter
Status
SystemSecurity2009
Toolbox
TrayApp
Unload
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB822603
Wireless-G Notebook Adapter

==== Event Viewer Messages From Past Week ========

8/30/2009 3:31:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/30/2009 3:31:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss Tcpip
8/30/2009 3:31:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2009 3:31:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2009 3:31:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2009 3:30:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/30/2009 3:29:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/30/2009 3:16:52 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Desktop\dds.scr. Reference error message: The operation completed successfully. .
8/30/2009 3:16:51 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Desktop\dds.scr" on line 0.
8/30/2009 3:07:13 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/30/2009 2:35:48 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Desktop\avinstall.exe. Reference error message: The operation completed successfully. .
8/30/2009 2:35:48 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\doug medeiros.MUSICMACHINE.000\Desktop\avinstall.exe" on line 0.
8/30/2009 1:49:40 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
8/30/2009 1:49:39 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\SHELL32.dll" on line 0.
8/29/2009 7:21:21 PM, error: Service Control Manager [7034] - The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s).
8/29/2009 7:20:48 PM, error: System Error [1003] - Error code 000000d1, parameter1 e1413000, parameter2 00000002, parameter3 00000000, parameter4 f3d51225.
8/29/2009 7:16:45 PM, error: Service Control Manager [7034] - The NICSer_WPC54G service terminated unexpectedly. It has done this 1 time(s).
8/29/2009 7:16:45 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/27/2009 6:39:15 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Not sure how the report made it but they did, kept telling me file infected, run anti spyware.
Most files an applications wont run. Once downloading of the programs requested for this I had to go to safemode to run them. And the reports could only be open in safe mode. Can't get to add/remove programs, file infected.

Edited by Orange Blossom, 03 September 2009 - 09:23 PM.


BC AdBot (Login to Remove)

 


#2 dougrx

dougrx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 05 September 2009 - 11:45 AM

Title was: Fixed it. Thanks anyway, Total Security 4.52

Went into mnconfig and was able to to disable so I could run the computer to clean it out.

Edited by Orange Blossom, 05 September 2009 - 03:27 PM.
Merged topics. ~ OB


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:01 AM

Posted 05 September 2009 - 03:28 PM

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users