Author Topic: is2010virus (Read 23001 times)

blacksheep555 · « **on:** January 21, 2010, 11:35:53 PM »

hi, I don't know if I'm in the correct board or not. my prob started with this IS2010 virus. I attempted to reboot computer in safe mode, but now I seem to be stuck. I'm on XP and it will not allow me to boot up windows in any mode. if someone (experts only) could help get me back up-and-running, I've researched enough info here to get rid of it (I think).

harry 48 · « **Reply #1 on:** January 22, 2010, 12:14:13 PM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

please go to above and complete and post the 3 logs and they will be looked at , harry

blacksheep555 · « **Reply #2 on:** January 22, 2010, 01:30:39 PM »

I cannot do this, I need to repair windows to get booted up.Problem is this is my aunts comp. and is 5 miles away. I will be doing alot of back and forth to follow-up. My #1 question is: can I use a dell installation disk with service pack1a on an HP with service pack 3?

blacksheep555 · « **Reply #3 on:** January 22, 2010, 01:48:19 PM »

My other prob is, I don't have access to a comp with a cd burner so, if this install disk doesn't get me going, I don't know what to do to recover the data. I will be attempting to follow "A salvage mission into the depths of windows XP, explained by a non-geek". by Charlie White.
If I can get that to safely reboot, then I can post all logs and move forward. Also, I found an article on bleepingcomputer.com about an easy-looking uninstall for this Internet Security 2010 virus. By downloading only rkill.com and Malwarebytes. Do you feel this is an acceptable resolution once I get windows up and running?

harry 48 · « **Reply #4 on:** January 22, 2010, 02:02:03 PM »

Quote from: blacksheep555 on January 22, 2010, 01:30:39 PM

I cannot do this, I need to repair windows to get booted up.Problem is this is my aunts comp. and is 5 miles away. I will be doing alot of back and forth to follow-up. My #1 question is: can I use a dell installation disk with service pack1a on an HP with service pack 3?

this is a problem that should have been posted in the windows forum

Quote from: blacksheep555 on January 22, 2010, 01:48:19 PM

My other prob is, I don't have access to a comp with a cd burner so, if this install disk doesn't get me going, I don't know what to do to recover the data. I will be attempting to follow "A salvage mission into the depths of windows XP, explained by a non-geek". by Charlie White.
If I can get that to safely reboot, then I can post all logs and move forward. Also, I found an article on bleepingcomputer.com about an easy-looking uninstall for this Internet Security 2010 virus. By downloading only rkill.com and Malwarebytes. Do you feel this is an acceptable resolution once I get windows up and running?

you should follow where i sent you first when you get the other fixed , an expert will take you through other steps with the above

blacksheep555 · « **Reply #5 on:** January 23, 2010, 03:13:17 AM »

I am working with an HP pavilion a1430n CPU TYPE: AMD ATHLON(tm) 64 x2
DUAL CORE processor 3800+
CPU SPEED 2000 MHz
CPU L1 CACHE SIZE 128Kb x2
CPU L2 CACHE SIZE 512Kb x2
ONBOARD VIDEO MEMORY SIZE [64M]

Well, I got windows back up-and-running, though I ended up with a clean pc. Was doing a non-destructive recovery from the hard disk, but it ended up wiping everything anyhow. All that came back were desktop shortcuts with no program files backing them up. I don't understand it because I've done it on other HP's and recovered all user docs and programs, but not this time.
Anyway, I've reinstalled AVG, MalwareBytes, Super Antispyware, Crapcleaner, Hijack This, JavaRa, and all microsoft updates. Before I could even get AVG installed I must have been bombarded with viruses because AVG picked up about 9 or 10 trojans and adware warnings within minutes.
Hopefully their in the logs I am posting. I don't think they have anything to do with the Internet Security 2010, but, then again I've never had a virus as vicious as that. Ok, will post logs of what I have, I believe I did everything in the proper order.
Thank you to all who are a part of this forum, I think you guys have done a great job and have a very easy to navigate sitemap. Thanks again.

blacksheep555 · « **Reply #6 on:** January 23, 2010, 03:16:11 AM »

here is Super aSUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2010 at 02:10 AM

Application Version : 4.33.1000

Core Rules Database Version : 4510
Trace Rules Database Version: 2322

Scan type : Complete Scan
Total Scan Time : 01:19:01

Memory items scanned : 597
Memory threats detected : 0
Registry items scanned : 5120
Registry threats detected : 0
File items scanned : 86271
File threats detected : 3

Adware.Tracking Cookie
   C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\[email protected][2].txt
   C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\hp_administrator@doubleclick[1].txt
   C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies\[email protected][2].txt
ntispyware log

blacksheep555 · « **Reply #7 on:** January 23, 2010, 03:19:13 AM »

Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2010 12:18:09 AM
mbam-log-2010-01-23 (00-18-09).txt

Scan type: Quick Scan
Objects scanned: 123255
Time elapsed: 17 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

blacksheep555 · « **Reply #8 on:** January 23, 2010, 03:20:01 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:51 AM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9159 bytes

harry 48 · « **Reply #9 on:** January 23, 2010, 07:13:16 AM »

ok , you have a few problems in the hjt log , the other 2 look clear , you will have to wait for a malware expert , harry

SuperDave · « **Reply #10 on:** January 23, 2010, 06:33:21 PM »

Hello blacksheep555 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

--------------------------------------------------------------------------------------------------------

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\program files\google\googletoolbar1.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

---------------------------------------------------------------------------------------------------

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

--------------------------------------------------------------------------------------------------

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

-------------------------------------------------------------------------------------------------

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Once completed, exit HijackThis.

blacksheep555 · « **Reply #11 on:** January 23, 2010, 08:54:32 PM »

Here is the Jotti's scan results: http://virusscan.jotti.org/en/scanresult/f75c85205e3253c5fce7c9e9a2576615e8ff34b9

Uninstalled messenger, but did not have any files left on desktop?

Attempted to run ComboFix and ran into this error screen:

You Cannot Rename ComboFix As ComboFix[1]
Please Use Another Name, Preferably Made Up Of Alphanumeric Characters

All I did was follow the installation/run prompts, it did not give me an option to name or rename any files. I had AVG and my firewall disabled.

blacksheep555 · « **Reply #12 on:** January 23, 2010, 10:28:53 PM »

I found this article about the ComboFix issue @ http://www.bleepingcomputer.com/
Upon scrolling down on the home screen. So, I guess we have to do without it for now.

blacksheep555 · « **Reply #13 on:** January 23, 2010, 10:34:25 PM »

I am sorry, I was not saving the combofix file to my desktop- I was attempting to run it at install. ComboFix 10-01-23.03 - HP_Administrator 01/23/2010 23:48:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.575 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\recycler\S-1-5-21-607036408-2121272083-3174120339-1008
C:\s
c:\windows\kb913800.exe
c:\windows\system32\ps2.bat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 00:19 . 2010-01-24 00:22   --------   d-----w-   c:\program files\Startup Optimizer
2010-01-24 00:15 . 2010-01-24 01:47   --------   d-----w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit
2010-01-23 11:15 . 2010-01-23 11:15   1956528   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-23 11:15 . 2010-01-23 12:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2010-01-23 09:00 . 2010-01-23 09:00   503808   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcp71.dll
2010-01-23 09:00 . 2010-01-23 09:00   499712   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\jmc.dll
2010-01-23 09:00 . 2010-01-23 09:00   348160   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcr71.dll
2010-01-23 09:00 . 2010-01-23 09:00   61440   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-sse.dll
2010-01-23 09:00 . 2010-01-23 09:00   12800   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-d3d.dll
2010-01-23 08:59 . 2010-01-23 08:59   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-01-23 08:44 . 2010-01-23 08:50   --------   d-----w-   c:\program files\Trend Micro
2010-01-23 06:10 . 2010-01-23 06:10   52224   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-23 06:10 . 2010-01-23 06:10   117760   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-23 06:10 . 2010-01-23 06:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-23 06:10 . 2010-01-23 06:10   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-01-23 06:10 . 2010-01-23 06:10   --------   d-----w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
2010-01-23 06:08 . 2010-01-23 06:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-23 05:58 . 2010-01-23 05:58   --------   d-----w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-01-23 05:58 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 05:58 . 2010-01-23 06:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-23 05:58 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-23 05:35 . 2010-01-23 05:35   --------   d-----w-   c:\windows\system32\scripting
2010-01-23 05:35 . 2010-01-23 05:35   --------   d-----w-   c:\windows\system32\en
2010-01-23 05:35 . 2010-01-23 05:35   --------   d-----w-   c:\windows\system32\bits
2010-01-23 05:09 . 2008-04-14 00:12   276992   ------w-   c:\windows\system32\wmphoto.dll
2010-01-23 05:09 . 2008-04-14 00:12   69120   ------w-   c:\windows\system32\wlanapi.dll
2010-01-23 05:09 . 2008-04-14 00:12   712704   ------w-   c:\windows\system32\windowscodecs.dll
2010-01-23 05:09 . 2008-04-14 00:12   346112   ------w-   c:\windows\system32\windowscodecsext.dll
2010-01-23 05:09 . 2004-08-04 03:29   25471   ------w-   c:\windows\system32\drivers\watv10nt.sys
2010-01-23 05:09 . 2004-08-04 03:29   22271   ------w-   c:\windows\system32\drivers\watv06nt.sys
2010-01-23 05:07 . 2008-04-14 00:12   176640   ------w-   c:\windows\system32\napstat.exe
2010-01-23 05:06 . 2008-04-14 00:11   516768   ------w-   c:\windows\system32\ativvaxx.dll
2010-01-23 04:37 . 2010-01-23 04:37   --------   d-----w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skinux
2010-01-23 04:26 . 2010-01-23 04:26   --------   d-----w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
2010-01-23 04:14 . 2010-01-23 04:14   --------   d-----w-   C:\$AVG
2010-01-23 04:13 . 2010-01-23 04:13   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-01-23 04:13 . 2010-01-23 04:13   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-01-23 04:13 . 2010-01-23 04:13   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 04:13 . 2010-01-23 22:22   --------   d-----w-   c:\windows\system32\drivers\Avg
2010-01-23 04:13 . 2010-01-23 04:13   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-01-23 04:13 . 2010-01-23 04:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-01-23 03:32 . 2010-01-23 03:32   --------   d-sh--w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IECompatCache
2010-01-23 03:30 . 2010-01-23 03:30   --------   d-sh--w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
2010-01-23 03:22 . 2010-01-23 03:22   --------   d-sh--w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-01-23 03:19 . 2009-12-21 19:14   12800   ------w-   c:\windows\system32\dllcache\xpshims.dll
2010-01-23 03:19 . 2009-12-21 19:14   594432   ------w-   c:\windows\system32\dllcache\msfeeds.dll
2010-01-23 03:19 . 2009-12-21 19:14   55296   ------w-   c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-23 03:19 . 2009-12-21 19:14   246272   ------w-   c:\windows\system32\dllcache\ieproxy.dll
2010-01-23 03:19 . 2009-12-21 19:14   1985536   ------w-   c:\windows\system32\dllcache\iertutil.dll
2010-01-23 03:19 . 2009-12-21 19:14   11070464   ------w-   c:\windows\system32\dllcache\ieframe.dll
2010-01-23 03:19 . 2009-10-02 04:44   92160   ------w-   c:\windows\system32\dllcache\iecompat.dll
2010-01-23 03:11 . 2001-08-17 21:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2010-01-23 03:11 . 2008-04-13 18:47   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys
2010-01-23 03:11 . 2008-04-13 18:45   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2010-01-23 03:11 . 2008-04-13 18:45   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2010-01-23 03:11 . 2008-04-13 18:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2010-01-23 02:30 . 2009-10-15 16:28   81920   ------w-   c:\windows\system32\dllcache\fontsub.dll
2010-01-23 02:30 . 2009-10-15 16:28   119808   ------w-   c:\windows\system32\dllcache\t2embed.dll
2010-01-23 02:29 . 2009-11-21 15:51   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll
2010-01-23 02:28 . 2009-08-04 15:13   2145280   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-23 02:28 . 2009-08-04 14:20   2023936   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-23 02:28 . 2009-08-04 14:20   2066048   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-23 02:26 . 2009-07-10 13:27   1315328   ------w-   c:\windows\system32\dllcache\msoe.dll
2010-01-23 02:24 . 2009-03-06 14:22   284160   ------w-   c:\windows\system32\dllcache\pdh.dll
2010-01-23 02:24 . 2009-02-09 12:10   473600   ------w-   c:\windows\system32\dllcache\fastprox.dll
2010-01-23 02:24 . 2009-02-09 12:10   453120   ------w-   c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-23 02:24 . 2009-02-09 12:10   401408   ------w-   c:\windows\system32\dllcache\rpcss.dll
2010-01-23 02:24 . 2009-02-06 11:11   110592   ------w-   c:\windows\system32\dllcache\services.exe
2010-01-23 02:24 . 2009-02-06 10:10   227840   ------w-   c:\windows\system32\dllcache\wmiprvse.exe
2010-01-23 02:24 . 2009-06-25 08:25   730112   ------w-   c:\windows\system32\dllcache\lsasrv.dll
2010-01-23 02:24 . 2009-02-09 12:10   714752   ------w-   c:\windows\system32\dllcache\ntdll.dll
2010-01-23 02:24 . 2009-02-09 12:10   617472   ------w-   c:\windows\system32\dllcache\advapi32.dll
2010-01-23 02:23 . 2008-05-03 11:55   2560   ------w-   c:\windows\system32\xpsp4res.dll
2010-01-23 02:23 . 2008-04-21 12:08   215552   ------w-   c:\windows\system32\dllcache\wordpad.exe
2010-01-23 02:23 . 2008-12-11 10:57   333952   ------w-   c:\windows\system32\dllcache\srv.sys
2010-01-23 02:22 . 2008-10-24 11:21   455296   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2010-01-23 02:22 . 2008-10-15 16:34   337408   ------w-   c:\windows\system32\dllcache\netapi32.dll
2010-01-23 02:21 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2010-01-23 02:08 . 2010-01-23 02:08   --------   d-sh--w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData
2010-01-23 01:43 . 2010-01-23 09:12   --------   d-sh--r-   c:\windows\system32\dllcache
2010-01-23 01:37 . 2010-01-23 01:37   --------   d-----w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HP
2010-01-23 01:27 . 2010-01-24 02:12   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-01-23 01:27 . 2006-02-11 00:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-01-23 01:27 . 2006-02-11 00:57   --------   d-----w-   c:\windows\system32\config\systemprofile\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 04:27 . 2006-02-11 00:43   51528   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-24 02:12 . 2007-04-01 21:12   --------   d-----w-   c:\program files\Eusing Free Registry Cleaner
2010-01-24 02:12 . 2006-02-11 01:22   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Symantec
2010-01-24 02:12 . 2009-04-28 17:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2010-01-24 01:33 . 2009-12-01 23:01   --------   d-----w-   c:\program files\IObit
2010-01-23 09:07 . 2006-02-11 00:13   --------   d-----w-   c:\program files\Java
2010-01-23 09:00 . 2006-02-11 00:13   --------   d-----w-   c:\program files\Common Files\Java
2010-01-23 07:07 . 2010-01-23 01:28   155   ----a-w-   c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
2010-01-23 05:42 . 2005-08-31 04:01   92463   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-23 04:35 . 2006-02-11 01:15   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-01-23 04:35 . 2006-02-11 01:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2010-01-23 04:13 . 2009-04-28 17:48   --------   d-----w-   c:\program files\AVG
2010-01-23 03:57 . 2006-02-11 00:46   --------   d-----w-   c:\program files\WildTangent
2010-01-23 03:56 . 2006-02-11 00:46   --------   d-----w-   c:\program files\Sonic
2010-01-23 03:55 . 2006-02-11 00:59   --------   d-----w-   c:\program files\Quicken
2010-01-23 03:52 . 2006-02-11 00:46   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-01-23 03:51 . 2006-02-11 00:58   --------   d-----w-   c:\program files\muvee Technologies
2010-01-23 03:51 . 2006-02-11 00:51   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-23 03:44 . 2006-02-11 00:08   --------   d-----w-   c:\program files\GemMaster
2010-01-23 01:36 . 2006-02-11 00:33   112942   ----a-w-   c:\windows\hpoins07.dat
2010-01-23 01:30 . 2010-01-23 01:30   1903   --sha-r-   c:\windows\system32\drivers\103C_HP_CPC_ER900AA-ABA a1430n_YC_0Pavi_QCNH607_E62NAemMPA1_48_ INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXP2_L409_M121 5_J250_7AMD_8Athlon 64 X2 Dual Core_92_#060408_N_Z11C10620_G10DE0241.MRK
2009-12-21 19:14 . 2004-08-10 04:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-12-05 17:29 . 2009-12-05 17:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 15:51 . 2004-08-10 04:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01   1230080   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 04:13   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"ehTray"=c:\windows\ehome\ehtray.exe
"nwiz"=nwiz.exe /install
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"DMAScheduler"=c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/22/2010 10:13 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/22/2010 10:13 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/22/2010 10:13 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/22/2010 10:13 PM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-24 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 23:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-23 23:53:34
ComboFix-quarantined-files.txt 2010-01-24 05:53

Pre-Run: 216,889,921,536 bytes free
Post-Run: 217,093,427,200 bytes free

- - End Of File - - E0ABED7704C4BCE6A733DB4EE8A2E9D7
e everything you requested now.

blacksheep555 · « **Reply #14 on:** January 23, 2010, 11:03:42 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:15 PM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6945 bytes

Computer Hope Forum

News:

Author Topic: is2010virus (Read 23001 times)

blacksheep555

is2010virus

harry 48

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus

harry 48

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus

harry 48

Re: is2010virus

SuperDave

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus

blacksheep555

Re: is2010virus