Internet Security 2010 has attacked my computer

View previous topic View next topic Go down

Internet Security 2010 has attacked my computer

Post by jenyoung312 on 17th January 2010, 7:25 pm

Since yesterday, my computer has these pop-ups saying I need to download the Internet Security 2010, and my wallpaper has been replaced with a green screen with a black box saying "Your System Is Infected" It brings me to a website, when I run a scan, to download their product. I have tried downloading thing to block this problem, and I can't even to that. Please help!

jenyoung312
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-17
Gender Gender : Female
OS OS : Windows XP
Points Points : 25263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by jenyoung312 on 17th January 2010, 7:31 pm

I ran HiJackThis and here's what I got:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:00 PM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\PQZHE35W\winlogon[1].scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: BHO - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.11.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SearchAndDestroyT] C:\Program Files\Search And Destroy\SearchAndDestroy.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - [You must be registered and logged in to see this link.] Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

jenyoung312
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-17
Gender Gender : Female
OS OS : Windows XP
Points Points : 25263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by Belahzur on 17th January 2010, 7:46 pm

Hello.

Please download the LSPfix from here: [You must be registered and logged in to see this link.]
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then select each instance of "helper32.dll" in the left-hand panel and click >> button to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O2 - BHO: BHO - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL (file missing)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
    O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.11.exe"
    O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by jenyoung312 on 17th January 2010, 8:26 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3584
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2010 2:25:57 PM
mbam-log-2010-01-17 (14-25-57).txt

Scan type: Quick Scan
Objects scanned: 159441
Time elapsed: 19 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 44
Registry Values Infected: 3
Registry Data Items Infected: 10
Folders Infected: 38
Files Infected: 70

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\SelectRebates\SRebates.dll (Adware.SelectRebates) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho.ibho (Adware.SmartBrowser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopathome.ietoolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopathome.ietoolbar.1 (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000185-c745-43d2-44f1-01a1c789c738} (Adware.SmartBrowser) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\selectrebatesuninstall (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Adam Young\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\FunWebProducts\Data\Adam Young (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\SB\Smart-Browser (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\temp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\Upload (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates (Adware.SelectRebates) -> Delete on reboot.
C:\Program Files\SelectRebates\FFToolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\chrome (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\defaults (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\defaults\preferences (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Cache (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\ImageCache (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\video access activex object (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Local Settings\Temp\e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Local Settings\Temporary Internet Files\Content.IE5\5IL8BIO1\80589[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Local Settings\Temporary Internet Files\Content.IE5\MADY3TWK\SetupIS2010[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Local Settings\Temporary Internet Files\Content.IE5\XBX6F9I4\dfghfghgfj[1].dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\FunWebProducts\Data\Adam Young\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\SB\Smart-Browser\installbho.txt (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Program Files\SB\Smart-Browser\lic.txt (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Program Files\SB\Smart-Browser\logo.ico (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Program Files\SB\Smart-Browser\system.htm (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Program Files\SB\Smart-Browser\thingies.lish.enctext (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.xml (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.xml.backup (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\temp\dmD.tmp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\Search And Destroy Setup Log.txt (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectAlerts.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebates.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebates.ini (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesA.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesApi.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesB.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesBT.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesDownload.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesUninstall.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SRebates.dll (Adware.SelectRebates) -> Delete on reboot.
C:\Program Files\SelectRebates\SRFF3.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\chrome.manifest (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\install.rdf (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\AddtoList.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\basis.xml (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Basis.xml.dym (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Blank.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\CashBack.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Coupons.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\GroceryCoupon.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\icons.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\i_magnifying.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\logo.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\logo_24.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\logo_HotSpots.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\ReviewSite.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\RightControls.dym (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Scissors.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\ImageCache\alert-red.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\WINDOWS\Search And Destroy\uninstall.exe (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Start Menu\Programs\Live Sex.lnk (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Young\Start Menu\Live Sex.lnk (Adware.SmartBrowser) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

jenyoung312
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-17
Gender Gender : Female
OS OS : Windows XP
Points Points : 25263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by Belahzur on 17th January 2010, 11:50 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by jenyoung312 on 18th January 2010, 1:31 am

ComboFix 10-01-16.04 - Jennifer 01/17/2010 19:03:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.211 [GMT -6:00]
Running from: c:\documents and settings\Jennifer\My Documents\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Adam Young\Desktop\Internet Security 2010.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Jennifer\Start Menu\Programs\Startup\MEMonitor.lnk
c:\recycler\S-1-5-21-163629312-3789776450-4177773629-1003
c:\recycler\S-1-5-21-4185435263-3435674613-4243111428-1003
c:\recycler\S-1-5-21-606747145-1965331169-682003330-1003
C:\s
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\18467.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\System32\ntSVc.ocx
c:\windows\system32\reboot.txt
c:\windows\system32\SIntf16.dll

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-18 00:46 . 2010-01-18 00:58 -------- d-----w- C:\Combo-Fix
2010-01-17 20:00 . 2010-01-17 20:00 -------- d-----w- c:\documents and settings\Jennifer\Application Data\Malwarebytes
2010-01-17 20:00 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 20:00 . 2010-01-17 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-17 20:00 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 20:00 . 2010-01-17 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 13:40 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 22:26 . 2010-01-03 22:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-03 22:26 . 2010-01-17 22:00 -------- d-----w- c:\documents and settings\Jennifer\Application Data\skypePM
2010-01-03 22:23 . 2010-01-18 00:30 -------- d-----w- c:\documents and settings\Jennifer\Application Data\Skype
2010-01-03 22:21 . 2010-01-03 22:21 -------- d-----w- c:\program files\Common Files\Skype
2010-01-03 22:21 . 2010-01-03 22:23 -------- d-----r- c:\program files\Skype
2010-01-03 22:21 . 2010-01-03 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-31 00:02 . 2009-12-31 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-12-31 00:00 . 2009-12-31 00:00 -------- d-----w- c:\documents and settings\Adam Young\Local Settings\Application Data\TomTom
2009-12-31 00:00 . 2009-12-31 00:00 -------- d-----w- c:\documents and settings\Adam Young\Application Data\TomTom
2009-12-31 00:00 . 2009-12-31 00:00 -------- d-----w- c:\program files\TomTom International B.V
2009-12-31 00:00 . 2009-12-31 00:00 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-30 23:57 . 2009-12-30 23:57 -------- d-----w- c:\program files\TomTom DesktopSuite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 20:25 . 2006-01-08 17:04 -------- d-----w- c:\program files\SB
2010-01-17 19:57 . 2007-01-23 17:46 -------- d-----w- c:\program files\lx_cats
2010-01-11 13:45 . 2005-08-02 09:33 -------- d-----w- c:\documents and settings\Jennifer\Application Data\WeatherBug
2010-01-05 21:52 . 2005-04-13 04:08 244344 -c--a-w- c:\documents and settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 21:58 . 2009-11-11 04:31 -------- d-----w- c:\program files\Coupons
2010-01-03 21:58 . 2004-06-01 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-07 05:09 . 2009-12-07 05:09 -------- d-----w- c:\program files\Microsoft
2009-12-07 05:08 . 2009-12-07 05:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-07 05:08 . 2008-03-05 14:18 -------- d-----w- c:\program files\Windows Live
2009-12-07 05:03 . 2009-12-07 05:03 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-28 17:45 . 2008-04-03 17:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 17:45 . 2004-06-01 21:37 -------- d-----w- c:\program files\Winamp
2009-11-21 15:51 . 2004-06-01 20:36 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-06 15:46 . 2009-11-06 15:46 152576 ----a-w- c:\documents and settings\Jennifer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:45 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2005-07-12 04:43 . 2005-07-12 04:36 131106 -c--a-w- c:\program files\f1040x.pdf
2005-07-10 04:00 . 2005-07-10 04:00 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-07-09 21:26 . 2005-07-09 21:26 3630400 -c--a-w- c:\program files\BSINSTALL.exe
2005-05-27 10:59 . 2005-05-27 10:59 3623744 -c--a-w- c:\program files\BSHAREINSTALL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-04-26 1339392]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-06-01 26112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-12-17 1241138]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-6-1 1742384]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jennifer\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SearchAndDestroyT - c:\program files\Search And Destroy\SearchAndDestroy.exe
HKCU-Run-AIM - c:\program files\aim\aim.exe
AddRemove-HijackThis - c:\documents and settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\PQZHE35W\HijackThis.exe
AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe
AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe
AddRemove-Xfire - c:\program files\Xfire\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-17 19:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2010-01-17 19:27:55
ComboFix-quarantined-files.txt 2010-01-18 01:27

Pre-Run: 40,250,535,936 bytes free
Post-Run: 41,750,908,928 bytes free

- - End Of File - - CA47B7191C54FC866D73F92F765598E3

jenyoung312
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-17
Gender Gender : Female
OS OS : Windows XP
Points Points : 25263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by jenyoung312 on 18th January 2010, 1:33 am

I also am getting a corrupt file message popping up.

jenyoung312
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-17
Gender Gender : Female
OS OS : Windows XP
Points Points : 25263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by Belahzur on 18th January 2010, 10:39 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by jenyoung312 on 18th January 2010, 11:12 pm

Today it has been running great! Thanks so much. I am considering buying an Antivirus software at Walmart. Do you suggest any in particular?

jenyoung312
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-17
Gender Gender : Female
OS OS : Windows XP
Points Points : 25263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 has attacked my computer

Post by Belahzur on 18th January 2010, 11:26 pm

Avira free version is good enough. Smile

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum