Total Secure 2009 maybe more [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Total Secure 2009 maybe more [Solved], Virus Alert message, missing commands

Options

barney466 View Member Profile	Nov 30 2008, 12:34 PM Post #1
Member Posts: 54 OS: XP	My son did it this time. Total secure 2009 pops up. I have virus alert in task bar by clock. I have already run Norton and Ad-aware. I can't find spybot search and destroy on desktop any more. Windows explorer is missing from program list as are many other commands. Could not check system restore date but last week when I tried to do a system restore, there were no valid dates. Ran ATF and Erunt. Could not run Malwarebytes. It just sits there. I have had to copy programs from one computer to jump drive and use firefox to open. Some sites I can't get to on that computer. Ran optional config and misc tools to generate unintall list but did not get the option to save to jump drive. Program closed. Below is the log I did generate and save. thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:49: VIRUS ALERT!, on 11/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\MsgSys.EXE c:\Program Files\Zune\ZuneNss.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\NavNT\vptray.exe C:\WINDOWS\system32\igfxtray.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\cidaemon.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis(2).zip\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: lxeqgwpa - {4A485C40-4CDB-47B8-9C00-8DDFC0153D3C} - C:\WINDOWS\lxeqgwpa.dll (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ItsDeductiblePopUp.lnk = C:\Program Files\ItsDeductible\ItsDeductible.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_10) - http://cgproducts.johnsoncontrols.com/jre/...indows-i586.exe O16 - DPF: {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_15) - http://cgproducts.johnsoncontrols.com/jre/...dows-i586-i.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{47FC27BF-B7E2-44E6-89B4-F6AB96A4A51D}: NameServer = 85.255.112.101;85.255.112.8 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O21 - SSODL: tslmavew - {C46EBEA3-EA56-4F45-9EAA-059CE1C31815} - C:\WINDOWS\tslmavew.dll (file missing) O21 - SSODL: kopnvqat - {874DC0E0-2569-4942-AF56-DC77666430B3} - C:\WINDOWS\kopnvqat.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 10839 bytes

Posts in this topic

barney466 Total Secure 2009 maybe more [Solved] Nov 30 2008, 12:34 PM

Rorschach112 Hello Before we begin, you should save these inst... Nov 30 2008, 02:02 PM

barney466 Minor complication: After posting log, windows ha... Nov 30 2008, 06:31 PM

Rorschach112 Can you run SDFix ? Dec 1 2008, 06:42 AM

barney466 I didn't try. When the active desktop questio... Dec 1 2008, 06:41 PM

Rorschach112 Ok cool Dec 1 2008, 06:44 PM

barney466 I rebooted. Copied SDFix.exe to desktop. double ... Dec 2 2008, 07:57 PM

Rorschach112 Do this then We will begin with ComboFix.exe. Ple... Dec 3 2008, 08:04 AM

barney466 I think I already have the recovery console instal... Dec 3 2008, 07:12 PM

Rorschach112 No just go ahead and run it Dec 3 2008, 07:16 PM

barney466 I'm still waiting for it to finish booting. S... Dec 3 2008, 07:30 PM

Rorschach112 Restore that and let it run Dec 3 2008, 07:49 PM

barney466 That helped. Got rid of delay and allowed compute... Dec 3 2008, 08:27 PM

Rorschach112 Do this Download to your desktop "FixPolicie... Dec 4 2008, 07:46 AM

barney466 Same result as combofix. I double clicked on FixP... Dec 6 2008, 12:51 PM

Rorschach112 Sure lets see it Do this Please download ATF Cle... Dec 6 2008, 01:46 PM

barney466 Back to where we were November 30. I can run ATF ... Dec 6 2008, 04:00 PM

Rorschach112 Hello 1. Please re-open HiJackThis and choose do ... Dec 7 2008, 08:24 AM

barney466 Here is the run file. Did you want the log file a... Dec 7 2008, 02:51 PM

Rorschach112 That wont seem to open for me... Can I get you to... Dec 8 2008, 08:49 AM

barney466 I've copied both the .run and .log file to med... Dec 8 2008, 08:43 PM

Rorschach112 Hello Download the attachment at the end of this ... Dec 9 2008, 06:57 AM

barney466 On my desktop I don't have a runscanner ICON. ... Dec 11 2008, 05:29 PM

Rorschach112 Sounds like it worked Run those scans above Dec 12 2008, 06:40 AM

barney466 I'm confused. Sounds like what worked? I don... Dec 12 2008, 06:06 PM

barney466 Ok, Heres an update. I expanded runscanner zip f... Dec 12 2008, 08:11 PM

Rorschach112 Can you do the Kaspersky scan ? If not post a new ... Dec 13 2008, 08:38 AM

barney466 Can't get to that website with that computer. ... Dec 13 2008, 08:09 PM

barney466 I was at a different computer. Chances are, that ... Dec 14 2008, 11:04 AM

barney466 While waiting for reply, and having nothing better... Dec 14 2008, 04:20 PM

Rorschach112 Sorry I missed your reply Fix these entries with ... Dec 16 2008, 06:01 PM

barney466 No problem. I missed the two emails you posted wi... Dec 16 2008, 09:57 PM

Rorschach112 Hello Please download DrWeb-CureIt & save it ... Dec 17 2008, 07:44 AM

barney466 I copied Cureit to desktop and tried to reboot to ... Dec 18 2008, 04:23 PM

Rorschach112 ok Dec 18 2008, 04:50 PM

barney466 Menu was not as described. However, I think I man... Dec 18 2008, 10:02 PM

Rorschach112 Try this Please download ComboFix from Here or He... Dec 19 2008, 10:07 AM

barney466 Well, that did more than it did before but not muc... Dec 19 2008, 03:41 PM

Rorschach112 This is being a headache, lets try this Please do... Dec 19 2008, 05:12 PM

barney466 Tell me about it. When I have a problem, it's... Dec 19 2008, 06:38 PM

Rorschach112 Can you not just run the .exe file ? Dec 19 2008, 06:49 PM

barney466 There does not appear to be any files to extract. ... Dec 19 2008, 07:00 PM

Rorschach112 There should be, can you download it from another ... Dec 19 2008, 07:02 PM

barney466 I downloaded from main computer to jump drive. 20... Dec 19 2008, 07:30 PM

Rorschach112 ok cool Dec 19 2008, 07:45 PM

barney466 I just downloaded and expanded the Iceword file to... Dec 19 2008, 07:48 PM

Rorschach112 Do this If one step fails go onto the next. You m... Dec 20 2008, 07:37 AM

barney466 We have made lightyears of progress in the past 12... Dec 20 2008, 08:31 PM

Rorschach112 Progress Please download the OTMoveIt3 by OldTime... Dec 21 2008, 06:31 AM

barney466 Did the moveit. During reboot, machine froze duri... Dec 21 2008, 07:21 AM

Rorschach112 Strange Can you get into normal or safe mode ? Dec 21 2008, 07:23 AM

barney466 That was interesting. After computer sat for 30 m... Dec 21 2008, 09:09 AM

Rorschach112 Ok progress Two final scans then we are done Tha... Dec 21 2008, 09:20 AM

barney466 When I went to cmd prompt and typed in net stop gm... Dec 21 2008, 10:43 AM

Rorschach112 Your logs are clean Follow these steps to uninsta... Dec 21 2008, 04:43 PM

barney466 No, Let me say THANK YOU for your patience. Compu... Dec 22 2008, 06:24 PM

Rorschach112 Since this issue appears to be resolved ... this T... Dec 23 2008, 03:43 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal AdzGalore...maybe more? [Solved]	10 / 242	2nd March 2009 - 10:47 PM xBrittneyx started - last by BHowett
Virus, Spyware and Trojan Removal Just another dork with a Hijacker ... maybe more [Solved]	13 / 408	28th April 2009 - 12:28 PM cigarboxguitar started - last by Rorschach112
Virus, Spyware and Trojan Removal Win32/Rootkit.Agent.ODG and maybe more [Solved]	17 / 677	8th May 2009 - 04:21 PM anarxaki started - last by Rorschach112
Virus, Spyware and Trojan Removal Braviax and maybe more [Solved]	16 / 281	28th September 2009 - 04:49 AM Pocket started - last by Raktor