Internet Security 2010 virus & can't open internet now

View previous topic View next topic Go down

Internet Security 2010 virus & can't open internet now

Post by bird123 on Wed Jan 27, 2010 2:56 am

Hi again,
I think I posted my question on the hello page , not knowing i had to wait for a reply. So now i think I'm in the right forum...
I have this new virus (Internet security 2010) on my computer and tried following your advice on your site which suggested to open my task manager... I couldn't because somehow it said:
"it was disabled by "my" administrator" . So I went ahead and downloaded the program which you suggested to run after taking care of this task manager stuff...(anti-malware I think) and that seems to have removed most of the virus.... but now I am unale to connect to my dial-up internet service. ( I probably should not have run the program before taking care of the task manager problem)I tried going back and reconfiguring my ISP( if that makes sense) but it wont allow me to....
I am presently using a more antique computer(windows 98) which allows me to get my outlook express mail, and communicate with you... dont know if you can help me with this..
cause if I cannot connect to internet ... not sure what I should do next
I would appreciate any advice....
Thanks in advance,

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Thu Jan 28, 2010 12:05 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Thu Jan 28, 2010 4:00 am

Hello again,
I'm not able to get on the internet with the infected computer (I am writing to you from an older model, my first computer ...) so I cannot download anything to the infected computer until I figure out how to connect online. When I tried creating a new connection thru Network Connections, the dial-up connection option was faded out so that I could not select it. (I'm guessing Internet Security 2010 blocked my internet access when i tried the anti-malware scan...or could it be the scan itself that erased something?) Do you think there is any way around this ?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Thu Jan 28, 2010 5:41 pm

Can you transfer tool over from the working machine via CD or USB?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Fri Jan 29, 2010 5:05 pm

Hi,
OK, didn't realize I could do that, will try it, thanks

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Fri Jan 29, 2010 6:18 pm

Ok, so I ran the OTL scan but then at the end it said :
Cannot find the F:\\OTL.Txt file , do you want to create a new file
and Cannot find the F:\\Extras.txt file, do you want to create a new file ,
which i said yes to both . 2 boxes of Untitled Notepad opened.... but both empty. Another window opened at bottom of screen saying
Windows delayed write failed: Windows was unable to save all the data for the F:\OTL.txt. The data has been lost. this error may be caused by a failure of your computer hardware or network connection .Please try to this file elsewhere. Any other suggestions?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Sat Jan 30, 2010 4:42 pm

What OS are you running OTL on?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Sun Jan 31, 2010 3:10 am

Oh boy, I dont have alot of computer knowledge.... hope I dont sound too dumb... but what is OS?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Sun Jan 31, 2010 8:04 pm

Operating system, eg XP, Vista, 7.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Sun Jan 31, 2010 8:33 pm

Its WIndows XP Home Edition

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Mon Feb 01, 2010 1:12 am

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Tue Feb 02, 2010 2:41 am

OK, I transfered the file by USB to my infected computer's desktop, then extracted the file now called IceSword122en, opened that and saw the IceSword folder, which I was able to open but I cannot find IceSword.exe to launch that..... Each time I close that folder and reopen it, it reopens with a new name, eg: byuc15A565F6. It has function, registry and file buttons on the left side, but couldn't see anywhere to launch IceSword.exe

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Tue Feb 02, 2010 7:33 pm

Yep, that's it, that's why I like IceSword, renames with a new name every time it's opened. The malware writers have yet to pick up on this. Ahahaha


  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Wed Feb 03, 2010 5:33 am

Hope I did it right:

Process:

System Idle Process
System
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe
C:\Program Files\Compaq\Easy Access Button Support\BttnServ.exe
C:\Program Files\Logitech\WingMan Profiler\LWPEvntM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\System32\SMSS.EXE
C:\WINDOWS\System32\CSRSS.EXE
C:\WINDOWS\System32\WINLOGON.EXE
C:\WINDOWS\System32\LXCCCOMS.EXE
C:\WINDOWS\System32\SERVICES.EXE
C:\WINDOWS\System32\LSASS.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\SVCHOST.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\Program Files\Corel\Print House 2000\Register\Remind32.exe
C:\WINDOWS\System32\SVCHOST.EXE
C:\Program Files\iPod\BIN\iPodService.exe
C:\WINDOWS\System32\SVCHOST.EXE
C:\Program Files\Compaq\Easy Access Button Support\EAUSBKBD.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\System32\SPOOLSV.EXE
C:\WINDOWS\System32\PCTSPK.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\WINDOWS\System32\WDFMGR.EXE
C:\WINDOWS\System32\WSCNTFY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Compaq\Desktop\IceSword122en\IceSword122en\IceSword.exe



Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTray
SysTray.Exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CPQEASYACC
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Lwinst Run Profiler
C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LXCCCATS
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
lxccmon.exe
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Easy Dock
C:\Documents and Settings\Compaq\My Documents\RCA EasyRip\EZDock.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Uniblue RegistryBooster 2
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
updateMgr
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MICROSOFT WORKS CALENDAR REMINDERS.LNK
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Remark£ºCal reminder shortcut)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
COREL PRINT HOUSE REGISTRATION.LNK
C:\Program Files\Corel\Print House 2000\Register\Remind32.exe (Remark£ºCorel Print House Registration)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PowerReg Scheduler.exe


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP INSTANT SUPPORT.LNK
C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Remark£º)

C:\Documents and Settings\Compaq\Start Menu\Programs\Startup
desktop.ini

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Wed Feb 03, 2010 7:57 pm

Hmm, don't see anything there.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Thu Feb 04, 2010 3:18 am

ok, I'm posting this DDS log but the other:Attach, it said NOT to post, but to zip it and attach, unless specifically requested.... I've tried, but not sure how to send this to you zipped...just want to double check with you (to get your ok,) before I copy and paste it to you...

DDS (Ver_09-12-01.01) - FAT32x86
Run by Compaq at 21:40:18.12 on 2010-02-03
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.192.43 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
c:\program files\logitech\wingman profiler\lwpevntm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Corel\Print House 2000\Register\Remind32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Documents and Settings\Compaq\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: DAPBHO Class: {0096cc0a-623c-4829-ad9c-19af0dc9d8fe} - c:\program files\dap\DAPIEBAR.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\SHDOCVW.DLL
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - c:\windows\system32\BROWSEUI.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SystemTray] SysTray.Exe
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\cpqeadm.exe
mRun: [Lwinst Run Profiler] c:\program files\logitech\wingman profiler\lwtest.exe /detect /quiet /launch "c:\program files\logitech\wingman profiler\Lwpevntm.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtime.dll,_RunDLLEntry@16
mRun: [lxccmon.exe] "c:\program files\lexmark 3300 series\lxccmon.exe"
mRun: [Easy Dock] c:\documents and settings\compaq\my documents\rca easyrip\EZDock.exe
mRunOnce: [0000 - c:\documents and settings\compaq\start menu\programs\hp deskjet 640c series v2.4] c:\windows\command.com /c rmdir "c:\documents and settings\compaq\start menu\programs\HP DeskJet 640C Series v2.4"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelp~1.lnk - c:\program files\corel\print house 2000\register\Remind32.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpinst~1.lnk - c:\program files\hewlett-packard\hpis\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Download &all with DAP - d:\progra~1\dap\dapextie2.htm
IE: {06FE5D02-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {06FE5D03-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {06FE5D04-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {06FE5D05-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {4B30061A-5B39-11D3-80F8-0090276F843F} - [You must be registered and logged in to see this link.]
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\SHDOCVW.DLL
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - [You must be registered and logged in to see this link.]
DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl

============= SERVICES / DRIVERS ===============

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s [?]

=============== Created Last 30 ================

2010-01-24 16:21:19 0 d-----w- c:\docume~1\compaq\applic~1\Malwarebytes
2010-01-24 16:20:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 16:20:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-24 16:20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 16:20:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 15:30:58 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-24 15:30:58 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-24 15:18:23 0 ----a-w- c:\windows\system32\26924.exe
2010-01-24 14:58:22 0 ----a-w- c:\windows\system32\28745.exe
2010-01-24 14:38:21 0 ----a-w- c:\windows\system32\5021.exe
2010-01-24 14:18:20 0 ----a-w- c:\windows\system32\22386.exe
2010-01-24 13:58:19 0 ----a-w- c:\windows\system32\31673.exe
2010-01-24 13:38:18 0 ----a-w- c:\windows\system32\2306.exe
2010-01-24 13:18:17 0 ----a-w- c:\windows\system32\13977.exe
2010-01-24 12:58:16 0 ----a-w- c:\windows\system32\9930.exe
2010-01-24 12:38:15 0 ----a-w- c:\windows\system32\22704.exe
2010-01-24 12:18:14 0 ----a-w- c:\windows\system32\29658.exe
2010-01-24 11:58:13 0 ----a-w- c:\windows\system32\4639.exe
2010-01-24 11:38:12 0 ----a-w- c:\windows\system32\31115.exe
2010-01-24 11:18:12 0 ----a-w- c:\windows\system32\4833.exe
2010-01-24 10:58:10 0 ----a-w- c:\windows\system32\16541.exe
2010-01-24 10:38:08 0 ----a-w- c:\windows\system32\22929.exe
2010-01-24 10:18:06 0 ----a-w- c:\windows\system32\2082.exe
2010-01-24 09:58:04 0 ----a-w- c:\windows\system32\16118.exe
2010-01-24 09:38:03 0 ----a-w- c:\windows\system32\21538.exe
2010-01-24 09:18:01 0 ----a-w- c:\windows\system32\5537.exe
2010-01-24 08:57:59 0 ----a-w- c:\windows\system32\11323.exe
2010-01-24 08:37:58 0 ----a-w- c:\windows\system32\24626.exe
2010-01-24 08:17:56 0 ----a-w- c:\windows\system32\32439.exe
2010-01-24 07:57:55 0 ----a-w- c:\windows\system32\16944.exe
2010-01-24 07:37:50 0 ----a-w- c:\windows\system32\26308.exe
2010-01-24 07:17:49 0 ----a-w- c:\windows\system32\13931.exe
2010-01-24 06:57:47 0 ----a-w- c:\windows\system32\7376.exe
2010-01-24 06:37:45 0 ----a-w- c:\windows\system32\4966.exe
2010-01-24 06:17:43 0 ----a-w- c:\windows\system32\11840.exe
2010-01-24 05:57:41 0 ----a-w- c:\windows\system32\18756.exe
2010-01-24 05:37:40 0 ----a-w- c:\windows\system32\19954.exe
2010-01-24 05:17:37 0 ----a-w- c:\windows\system32\24084.exe
2010-01-24 04:57:34 0 ----a-w- c:\windows\system32\12623.exe
2010-01-24 04:37:34 0 ----a-w- c:\windows\system32\19629.exe
2010-01-24 04:17:34 0 ----a-w- c:\windows\system32\3548.exe
2010-01-24 03:57:34 0 ----a-w- c:\windows\system32\24393.exe
2010-01-24 03:37:34 0 ----a-w- c:\windows\system32\31101.exe
2010-01-24 03:17:34 0 ----a-w- c:\windows\system32\15006.exe
2010-01-24 02:57:34 0 ----a-w- c:\windows\system32\15350.exe
2010-01-24 02:37:34 0 ----a-w- c:\windows\system32\24370.exe
2010-01-24 02:17:33 0 ----a-w- c:\windows\system32\6729.exe
2010-01-24 01:57:33 0 ----a-w- c:\windows\system32\15890.exe
2010-01-24 01:37:33 0 ----a-w- c:\windows\system32\23805.exe
2010-01-24 01:17:33 0 ----a-w- c:\windows\system32\27446.exe
2010-01-24 00:57:33 0 ----a-w- c:\windows\system32\22648.exe
2010-01-24 00:37:33 0 ----a-w- c:\windows\system32\19264.exe
2010-01-24 00:17:33 0 ----a-w- c:\windows\system32\8942.exe
2010-01-23 23:57:33 0 ----a-w- c:\windows\system32\9040.exe
2010-01-23 23:37:33 0 ----a-w- c:\windows\system32\30106.exe
2010-01-23 23:17:33 0 ----a-w- c:\windows\system32\288.exe
2010-01-23 22:57:33 0 ----a-w- c:\windows\system32\1842.exe
2010-01-23 22:37:33 0 ----a-w- c:\windows\system32\22190.exe
2010-01-23 22:17:33 0 ----a-w- c:\windows\system32\3035.exe
2010-01-23 21:57:33 0 ----a-w- c:\windows\system32\12316.exe
2010-01-23 21:37:33 0 ----a-w- c:\windows\system32\778.exe
2010-01-23 21:17:33 0 ----a-w- c:\windows\system32\27529.exe
2010-01-23 20:57:33 0 ----a-w- c:\windows\system32\9741.exe
2010-01-23 20:37:33 0 ----a-w- c:\windows\system32\8723.exe
2010-01-23 20:17:33 0 ----a-w- c:\windows\system32\12859.exe
2010-01-23 19:57:32 0 ----a-w- c:\windows\system32\20037.exe
2010-01-23 19:37:32 0 ----a-w- c:\windows\system32\32757.exe
2010-01-23 19:17:32 0 ----a-w- c:\windows\system32\32662.exe
2010-01-23 18:57:32 0 ----a-w- c:\windows\system32\27644.exe
2010-01-23 18:37:32 0 ----a-w- c:\windows\system32\25547.exe
2010-01-23 18:17:32 0 ----a-w- c:\windows\system32\6868.exe
2010-01-23 17:57:32 0 ----a-w- c:\windows\system32\28253.exe
2010-01-23 17:37:32 0 ----a-w- c:\windows\system32\7711.exe
2010-01-23 17:17:32 0 ----a-w- c:\windows\system32\15141.exe
2010-01-23 16:57:32 0 ----a-w- c:\windows\system32\4664.exe
2010-01-23 16:37:32 0 ----a-w- c:\windows\system32\17673.exe
2010-01-23 16:17:32 0 ----a-w- c:\windows\system32\30333.exe
2010-01-23 15:57:32 0 ----a-w- c:\windows\system32\31322.exe
2010-01-23 15:37:32 0 ----a-w- c:\windows\system32\23811.exe
2010-01-23 15:17:32 0 ----a-w- c:\windows\system32\28703.exe
2010-01-23 14:57:32 0 ----a-w- c:\windows\system32\9894.exe
2010-01-23 14:37:32 0 ----a-w- c:\windows\system32\17035.exe
2010-01-23 14:17:32 0 ----a-w- c:\windows\system32\26299.exe
2010-01-23 13:57:32 0 ----a-w- c:\windows\system32\25667.exe
2010-01-23 13:37:32 0 ----a-w- c:\windows\system32\19912.exe
2010-01-23 13:17:32 0 ----a-w- c:\windows\system32\1869.exe
2010-01-23 12:57:32 0 ----a-w- c:\windows\system32\11538.exe
2010-01-23 12:37:32 0 ----a-w- c:\windows\system32\14771.exe
2010-01-23 12:17:32 0 ----a-w- c:\windows\system32\21726.exe
2010-01-23 11:57:31 0 ----a-w- c:\windows\system32\5447.exe
2010-01-23 11:37:31 0 ----a-w- c:\windows\system32\19895.exe
2010-01-23 11:17:31 0 ----a-w- c:\windows\system32\19718.exe
2010-01-23 10:57:31 0 ----a-w- c:\windows\system32\18716.exe
2010-01-23 10:37:31 0 ----a-w- c:\windows\system32\17421.exe
2010-01-23 10:17:31 0 ----a-w- c:\windows\system32\12382.exe
2010-01-23 09:57:31 0 ----a-w- c:\windows\system32\292.exe
2010-01-23 09:37:31 0 ----a-w- c:\windows\system32\153.exe
2010-01-23 09:17:31 0 ----a-w- c:\windows\system32\3902.exe
2010-01-23 08:57:31 0 ----a-w- c:\windows\system32\14604.exe
2010-01-23 08:37:31 0 ----a-w- c:\windows\system32\32391.exe
2010-01-23 08:17:31 0 ----a-w- c:\windows\system32\5436.exe
2010-01-23 07:57:31 0 ----a-w- c:\windows\system32\4827.exe
2010-01-23 07:37:31 0 ----a-w- c:\windows\system32\11942.exe
2010-01-23 07:17:31 0 ----a-w- c:\windows\system32\2995.exe
2010-01-23 06:57:31 0 ----a-w- c:\windows\system32\491.exe
2010-01-23 06:37:31 0 ----a-w- c:\windows\system32\9961.exe
2010-01-23 06:17:31 0 ----a-w- c:\windows\system32\16827.exe
2010-01-23 05:57:31 0 ----a-w- c:\windows\system32\23281.exe
2010-01-23 05:37:31 0 ----a-w- c:\windows\system32\28145.exe
2010-01-23 05:17:31 0 ----a-w- c:\windows\system32\5705.exe
2010-01-23 04:57:31 0 ----a-w- c:\windows\system32\24464.exe
2010-01-23 04:37:30 0 ----a-w- c:\windows\system32\26962.exe
2010-01-23 04:17:30 0 ----a-w- c:\windows\system32\29358.exe
2010-01-23 03:57:28 0 ----a-w- c:\windows\system32\11478.exe
2010-01-23 03:37:28 0 ----a-w- c:\windows\system32\15724.exe
2010-01-23 03:17:28 0 ----a-w- c:\windows\system32\19169.exe
2010-01-23 02:57:28 0 ----a-w- c:\windows\system32\26500.exe
2010-01-23 02:37:26 0 ----a-w- c:\windows\system32\6334.exe
2010-01-23 02:06:09 0 d-----w- c:\docume~1\compaq\applic~1\AVG8
2010-01-23 01:46:32 0 ----a-w- c:\windows\system32\18467.exe
2010-01-23 01:10:55 1 ----a-w- C:\s

==================== Find3M ====================

2010-01-09 16:07:46 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-03 22:25:24 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2007-04-06 22:54:18 340 ----a-w- c:\program files\imaginfo.pe4
2007-04-06 22:54:18 1727 ----a-w- c:\program files\imageiio.pe4
2006-10-02 00:55:42 308 ---ha-w- c:\program files\hpothb07.dat
2006-10-02 00:51:20 517 ---ha-w- c:\program files\hpothb07.tif
2005-07-27 01:19:02 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2005-07-27 00:10:36 494704 ----a-w- c:\program files\ytb02_efgsip.exe
2000-06-20 21:37:40 271 --sh--w- c:\program files\desktop.ini
2000-06-20 21:37:40 23357 ---h--w- c:\program files\folder.htt
2000-06-08 22:00:00 118784 --sh--r- c:\windows\command\ebd\winboot.sys

============= FINISH: 21:40:51.05 ===============

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Thu Feb 04, 2010 10:02 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Fri Feb 05, 2010 2:26 am

I'm not sure what to do about the Malwarebytes anti-malware program I downloaded from your site before to rid my computer of this "Internet Security 2010 virus" You said to close\unable all anti-virus and anti-malware programs so I went to the site you suggested, but they dont mention anything about Malwarebytes.... (when I click on the desktop icon it tells me its running....) How do I unable it.... or do I have to before running Combo-fix...

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Fri Feb 05, 2010 4:53 pm

If it's the free version of malware bytes, just press the red X in the corner and close it, MBAM wont interfere with Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Sat Feb 06, 2010 4:09 am

OK, so now I tried running combo fix, and it came to the part where they could not find Microsoft Windows recovery console and wanted to download it from the internet and asked me to connect... which I cannot do on that computer... can I download this(MW recovery console) onto a USB key from another site and transfer it to my infected computer?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Sat Feb 06, 2010 8:13 pm

Say no to it, and then once we get the first log, we'll throw out the internet connection problem, I think I know what's causing it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Sun Feb 07, 2010 3:54 am

OK, here it is I think,

ComboFix 10-02-04.03 - Compaq 2010-02-06 22:08:01.1.1 - FAT32x86
Running from: c:\documents and settings\Compaq\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Compaq\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\All Users\Start Menu\Programs\Uninstall.lnk
c:\documents and settings\Compaq\My Documents\ZbThumbnail.info
C:\Logo.sys
C:\s
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\start.exe
c:\windows\system32\11323.exe
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13931.exe
c:\windows\system32\13977.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15724.exe
c:\windows\system32\15890.exe
c:\windows\system32\16118.exe
c:\windows\system32\16541.exe
c:\windows\system32\16827.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\20037.exe
c:\windows\system32\2082.exe
c:\windows\system32\21538.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22386.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23281.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\24084.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\24626.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\26500.exe
c:\windows\system32\26924.exe
c:\windows\system32\26962.exe
c:\windows\system32\27446.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\28745.exe
c:\windows\system32\288.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\29658.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\31101.exe
c:\windows\system32\31115.exe
c:\windows\system32\31322.exe
c:\windows\system32\31673.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3548.exe
c:\windows\system32\3902.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5021.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5537.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\7376.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\8942.exe
c:\windows\system32\9040.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9930.exe
c:\windows\system32\9961.exe
c:\windows\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-01-24 16:21 . 2010-01-24 16:21 -------- d-----w- c:\documents and settings\Compaq\Application Data\Malwarebytes
2010-01-24 16:21 . 2010-01-24 16:21 -------- d-----w- c:\documents and settings\Compaq\Application Data\Malwarebytes
2010-01-24 16:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 16:20 . 2010-01-24 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-24 16:20 . 2010-01-24 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 16:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 15:30 . 2010-01-24 15:31 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-24 15:30 . 2010-01-24 15:31 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-23 02:06 . 2010-01-23 02:06 -------- d-----w- c:\documents and settings\Compaq\Application Data\AVG8
2010-01-23 02:06 . 2010-01-23 02:06 -------- d-----w- c:\documents and settings\Compaq\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 16:07 . 2006-10-09 20:54 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-03 22:25 . 2006-09-30 01:01 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2007-04-06 22:54 . 2007-04-06 22:54 340 ----a-w- c:\program files\imaginfo.pe4
2007-04-06 22:54 . 2007-04-06 22:54 1727 ----a-w- c:\program files\imageiio.pe4
2006-10-02 00:55 . 2006-10-02 00:51 308 ---ha-w- c:\program files\hpothb07.dat
2006-10-02 00:51 . 2006-10-02 00:51 517 ---ha-w- c:\program files\hpothb07.tif
2005-07-27 01:19 . 2005-07-27 00:10 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2005-07-27 00:10 . 2005-07-27 00:06 494704 ----a-w- c:\program files\ytb02_efgsip.exe
2000-06-20 21:37 . 2000-06-20 21:37 23357 ---h--w- c:\program files\folder.htt
2000-06-08 22:00 . 2000-10-11 07:47 118784 --sh--r- c:\windows\COMMAND\EBD\winboot.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="c:\program files\Compaq\Easy Access Button Support\cpqeadm.exe" [2000-04-18 409600]
"Lwinst Run Profiler"="c:\program files\Logitech\WingMan Profiler\Lwtest.exe" [1999-05-22 434176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-04 122944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Hidserv"=Hidserv.exe run
"CountrySelection"=pctptt.exe
"Service Connection"=c:\cpqs\bwtools\sccenter.exe
"PCTVOICE"=pctvoice.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"CPQInet"=c:\compaq\CPQInet\CpqInet.exe
"Digital Dashboard"=c:\program files\Compaq\Digital Dashboard\DevGulp.exe
"DownloadAccelerator"=c:\progra~1\DAP\DAP.EXE /STARTUP
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe"
"LoadQM"=loadqm.exe
"Alogserv"=c:\program files\McAfee\McAfee VirusScan\alogserv.exe
"mcafeevirusscanservice"=c:\program files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"wininetd"=c:\windows\SYSTEM32\wininetd.exe
"HPDJ Taskbar Utility"=c:\windows\SYSTEM32\hpztsb09.exe
"HP Component Manager"="c:\program files\HP\HPCORETECH\HPCMPMGR.EXE"
"SetPoint"=c:\program files\Logitech\SetPoint\SetPoint.EXE
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-03-02 81920]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-01-24 30104]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-03-02 1994752]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-01-24 30104]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2006-02-28 17:00 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2006-02-28 17:00 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2006-02-28 17:00 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2006-02-28 17:00 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 21:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\Check E-mail.job
- c:\program files\Compaq\Digital Dashboard\CPQMLCK.exe [2000-08-16 08:09]

2010-02-05 c:\windows\Tasks\Synchronize Time.job
- c:\program files\Compaq\Digital Dashboard\SyncClk.exe [2000-08-16 02:17]

2010-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Download &all with DAP - d:\progra~1\DAP\dapextie2.htm
IE: {{06FE5D02-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {{06FE5D03-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {{06FE5D04-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
IE: {{06FE5D05-8F11-11d2-804F-00105A133818} - [You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-Easy Dock - c:\documents and settings\Compaq\My Documents\RCA EasyRip\EZDock.exe
HKLM-RunOnce-0000 - c:\documents and settings\Compaq\Start Menu\Programs\HP DeskJet 640C Series v2.4 - c:\windows\command.com



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-06 22:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2010-02-06 22:27:05
ComboFix-quarantined-files.txt 2010-02-07 03:27

Pre-Run: 5,219,016,704 bytes free
Post-Run: 7,065,698,304 bytes free

- - End Of File - - 94529141C2DEB1BE1A0DA090894A9D4C

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Sun Feb 07, 2010 11:58 pm

Hello.
Have you removed AVG? I see some leftover components, but I don't see other AVG folders.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Mon Feb 08, 2010 1:39 am

If I remember correctly, when I first "got" the Internet Securtiy 2010 virus, I went online looking for some antivirus program to remove it and ran the AVG program, but dont think I downloaded it ... just ran it from the site if thats possible? (It didn't help) . I don't have any icons on desktop and before I ran combofix I tried looking for it (in search for files)but didn't find it...

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Mon Feb 08, 2010 8:21 pm

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Tue Feb 09, 2010 11:25 pm

Hi again,
Well I did as you said, in the start menu, uninstalled combofix but when I click the internet connection icon it did not open, so then I went to the "create a new connection" section and still could not create one for my dial-up... so still unable to use the internet??? I didn't install the antivirus protection yet, as I cannot connect anyway... any other suggestions ?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Sat Feb 13, 2010 4:14 pm

I haven't received a reply in a few days.... just wondering than if this means that there is nothing more I can do....
I thought that maybe if I "undid" the quarantine from the Malwarebites, which would probably put back the Internet security 2010 virus, but could possibly put back my internet connection also... then I could start from scratch to remove the virus,,, without skipping steps....( like I did cause I couldn't access my task manager.... ) or would this be uneffective?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Sat Feb 13, 2010 11:41 pm

Don't think that will help, I don't think there is much chance MBAM deleted something legit.

You could try it though, but chances are really low.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Sun Feb 14, 2010 6:48 pm

You were right , it didn't work, I still cant create a connection... but neither did the Internet Security 2010 virus come back...? maybe it got removed when I ran combofix...
So does this mean there is nothing more to do?....

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by Belahzur on Sun Feb 14, 2010 9:00 pm

You could open a topic in our networking section, see if any of the other techs have an answer.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 virus & can't open internet now

Post by bird123 on Mon Feb 15, 2010 3:06 pm

OK, well I wont be doing that because yesterday while I was trying to transfer pics from my camera to my USB, my computer froze, so I tried the usual "Ctrl", "Alt" , "delete" to access my task manager, but it said that my administrator denied access to it (or something like that) so I turned off my computer and tried restarting it..... it doesn't come back on....
I think I lost everything..... I can only see my desktop pic but nothing else...no start up button or anything.... Just wondering that if I brought it somewhere do you think they could get my important stuff from it?

bird123
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-01-24
OS OS : windows XP
Points Points : 25330
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum