GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

View previous topic View next topic Go down

INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

Post by ajax_voodoo on Sat Jan 16, 2010 2:27 pm

Hello,
I've followed all the instructions for beginners and have all the necessary updates that you outlined on the "READ THIS before Posting" page.
I have the Internet Security 2010 bug. Tons of pop-ups and disabling of certain programs (like Task Manager).

Below is the log file.
I was tempted to read and follow the directions on the "Remove Internet Security" thread, posted by Dr. Inferno, but I'm too chicken to restart my computer for fear it won't reboot.

Any help would be awesome....here's me crossing my fingers.....

LOG FILE is as follows...............
Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 6:18:14 AM, on

1/16/2010
Platform: Windows XP SP3

(WinNT 5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32

\winlogon.exe
C:\WINDOWS\system32

\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\System32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil

Software\Avast4\ashServ.exe
C:\WINDOWS\system32

\spoolsv.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\HPZipm12.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4

\ashDisp.exe
C:\Program Files\HP\HP

Software Update\HPWuSchd2.exe
C:\Program

Files\HP\hpcoretech\hpcmpmgr.

exe
C:\WINDOWS\system32

\ctfmon.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32

\smss32.exe
C:\Program

Files\InternetSecurity2010

\IS2010.exe
C:\WINDOWS\system32

\wscntfy.exe
C:\Program Files\Java\jre6

\bin\jqs.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\WINDOWS\system32

\NOTEPAD.EXE
C:\Documents and

Settings\Owner\My

Documents\Downloads\winlogon.

scr
C:\WINDOWS\system32

\wbem\wmiprvse.exe

R0 -

HKCU\Software\Microsoft\Inter

net Explorer\Main,Start Page

= [You must be registered and logged in to see this link.]
R1 -

HKLM\Software\Microsoft\Inter

net

Explorer\Main,Default_Page_UR

L =

[You must be registered and logged in to see this link.]

k/?LinkId=69157
R1 -

HKLM\Software\Microsoft\Inter

net

Explorer\Main,Default_Search_

URL =

[You must be registered and logged in to see this link.]

k/?LinkId=54896
R1 -

HKLM\Software\Microsoft\Inter

net Explorer\Main,Search Page

=

[You must be registered and logged in to see this link.]

k/?LinkId=54896
R0 -

HKLM\Software\Microsoft\Inter

net Explorer\Main,Start Page

=

[You must be registered and logged in to see this link.]

k/?LinkId=69157
F2 - REG:system.ini:

UserInit=C:\WINDOWS\system32

\winlogon32.exe,C:\WINDOWS\sy

stem32\sdra64.exe,
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\A

croIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2

SSV Helper - {DBC80044-A445-

435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO:

JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Program

Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin

.dll
O4 - HKLM\..\Run:

[IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1

\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run:

[PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/SYNC
O4 - HKLM\..\Run:

[PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4

\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [HP

Software Update] C:\Program

Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP

Component Manager]

"C:\Program

Files\HP\hpcoretech\hpcmpmgr.

exe"
O4 - HKLM\..\Run: [Adobe

Reader Speed Launcher]

"C:\Program

Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run:

[smss32.exe]

C:\WINDOWS\system32

\smss32.exe
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

"C:\Program Files\Common

Files\Java\Java

Update\jusched.exe"
O4 - HKCU\..\Run:

[ctfmon.exe]

C:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS]

"C:\Program

Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Internet

Security 2010] C:\Program

Files\InternetSecurity2010

\IS2010.exe
O4 - Global Startup: HP

Digital Imaging Monitor.lnk =

C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image

Zone Fast Start.lnk =

C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name)

- {e2e2dd38-d088-4134-82b7-

f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-

f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger

- {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock

LSP: c:\windows\system32

\helper32.dll
O10 - Unknown file in Winsock

LSP: c:\windows\system32

\helper32.dll
O16 - DPF: {C1FDEE68-98D5-

4F42-A4DD-D0BECF5077EB}

(EPUImageControl Class) -

[You must be registered and logged in to see this link.]

wl/activex/eBay_Enhanced_Pict

ure_Control_v1-0-27-0.cab
O23 - Service: avast! iAVS4

Control Service (aswUpdSv) -

ALWIL Software - C:\Program

Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: avast!

Antivirus - ALWIL Software -

C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail

Scanner - ALWIL Software -

C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web

Scanner - ALWIL Software -

C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick

Starter

(JavaQuickStarterService) -

Sun Microsystems, Inc. -

C:\Program Files\Java\jre6

\bin\jqs.exe
O23 - Service: Pml Driver

HPZ12 - HP -

C:\WINDOWS\system32

\HPZipm12.exe

--
End of file - 5342 bytes

ajax_voodoo
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-01-16
OS : windows xp
Points : 25678
# Likes : 0

View user profile

Back to top Go down

Internet Security 2010

Post by ajax_voodoo on Sat Jan 16, 2010 11:16 pm

IT turns out I read the rest of the thread about the manual removal of the Internet Security 2010 bug and was able to successfully (so far) remove it.
I used the suggestion of the bleepingcomputer.com website for help and it worked.

ajax_voodoo
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-01-16
OS : windows xp
Points : 25678
# Likes : 0

View user profile

Back to top Go down

Re: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

Post by Belahzur on Sun Jan 17, 2010 1:10 am

Hello.
Please post a new Hijack This log, but please turn off Word Wrap before doing so.

To do so, go into the "Format" menu menu, and untick Word Wrap.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

Post by ajax_voodoo on Tue Jan 19, 2010 12:23 am

Arrgh...I thought I killed it but it's still around.
All of the annoying POP-UPs are gone.
When I do a google search and click on the links it redirects me to other sites.
Here is a new log with wordwrap turned off.
Please see if you can help.
Thanks, I really appreciate it, Jim.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:46 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4634 bytes

ajax_voodoo
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-01-16
OS : windows xp
Points : 25678
# Likes : 0

View user profile

Back to top Go down

Re: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

Post by Belahzur on Tue Jan 19, 2010 7:15 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum