GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

2 posters

descriptionINTERNET Security 2010 removal help LOG POSTED THANKS !!!! EmptyINTERNET Security 2010 removal help LOG POSTED THANKS !!!!16th January 2010, 2:27 pm

more_horiz
Hello,
I've followed all the instructions for beginners and have all the necessary updates that you outlined on the "READ THIS before Posting" page.
I have the Internet Security 2010 bug. Tons of pop-ups and disabling of certain programs (like Task Manager).

Below is the log file.
I was tempted to read and follow the directions on the "Remove Internet Security" thread, posted by Dr. Inferno, but I'm too chicken to restart my computer for fear it won't reboot.

Any help would be awesome....here's me crossing my fingers.....

LOG FILE is as follows...............
Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 6:18:14 AM, on

1/16/2010
Platform: Windows XP SP3

(WinNT 5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32

\winlogon.exe
C:\WINDOWS\system32

\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\System32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil

Software\Avast4\ashServ.exe
C:\WINDOWS\system32

\spoolsv.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\system32

\HPZipm12.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4

\ashDisp.exe
C:\Program Files\HP\HP

Software Update\HPWuSchd2.exe
C:\Program

Files\HP\hpcoretech\hpcmpmgr.

exe
C:\WINDOWS\system32

\ctfmon.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32

\smss32.exe
C:\Program

Files\InternetSecurity2010

\IS2010.exe
C:\WINDOWS\system32

\wscntfy.exe
C:\Program Files\Java\jre6

\bin\jqs.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\WINDOWS\system32

\NOTEPAD.EXE
C:\Documents and

Settings\Owner\My

Documents\Downloads\winlogon.

scr
C:\WINDOWS\system32

\wbem\wmiprvse.exe

R0 -

HKCU\Software\Microsoft\Inter

net Explorer\Main,Start Page

= http://www.yahoo.com/
R1 -

HKLM\Software\Microsoft\Inter

net

Explorer\Main,Default_Page_UR

L =

http://go.microsoft.com/fwlin

k/?LinkId=69157
R1 -

HKLM\Software\Microsoft\Inter

net

Explorer\Main,Default_Search_

URL =

http://go.microsoft.com/fwlin

k/?LinkId=54896
R1 -

HKLM\Software\Microsoft\Inter

net Explorer\Main,Search Page

=

http://go.microsoft.com/fwlin

k/?LinkId=54896
R0 -

HKLM\Software\Microsoft\Inter

net Explorer\Main,Start Page

=

http://go.microsoft.com/fwlin

k/?LinkId=69157
F2 - REG:system.ini:

UserInit=C:\WINDOWS\system32

\winlogon32.exe,C:\WINDOWS\sy

stem32\sdra64.exe,
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\A

croIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2

SSV Helper - {DBC80044-A445-

435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO:

JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Program

Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin

.dll
O4 - HKLM\..\Run:

[IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1

\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run:

[PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/SYNC
O4 - HKLM\..\Run:

[PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4

\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [HP

Software Update] C:\Program

Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP

Component Manager]

"C:\Program

Files\HP\hpcoretech\hpcmpmgr.

exe"
O4 - HKLM\..\Run: [Adobe

Reader Speed Launcher]

"C:\Program

Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run:

[smss32.exe]

C:\WINDOWS\system32

\smss32.exe
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

"C:\Program Files\Common

Files\Java\Java

Update\jusched.exe"
O4 - HKCU\..\Run:

[ctfmon.exe]

C:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS]

"C:\Program

Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Internet

Security 2010] C:\Program

Files\InternetSecurity2010

\IS2010.exe
O4 - Global Startup: HP

Digital Imaging Monitor.lnk =

C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image

Zone Fast Start.lnk =

C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name)

- {e2e2dd38-d088-4134-82b7-

f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-

f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger

- {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock

LSP: c:\windows\system32

\helper32.dll
O10 - Unknown file in Winsock

LSP: c:\windows\system32

\helper32.dll
O16 - DPF: {C1FDEE68-98D5-

4F42-A4DD-D0BECF5077EB}

(EPUImageControl Class) -

http://tools.ebayimg.com/eps/

wl/activex/eBay_Enhanced_Pict

ure_Control_v1-0-27-0.cab
O23 - Service: avast! iAVS4

Control Service (aswUpdSv) -

ALWIL Software - C:\Program

Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: avast!

Antivirus - ALWIL Software -

C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail

Scanner - ALWIL Software -

C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web

Scanner - ALWIL Software -

C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick

Starter

(JavaQuickStarterService) -

Sun Microsystems, Inc. -

C:\Program Files\Java\jre6

\bin\jqs.exe
O23 - Service: Pml Driver

HPZ12 - HP -

C:\WINDOWS\system32

\HPZipm12.exe

--
End of file - 5342 bytes

descriptionINTERNET Security 2010 removal help LOG POSTED THANKS !!!! EmptyInternet Security 201016th January 2010, 11:16 pm

more_horiz
IT turns out I read the rest of the thread about the manual removal of the Internet Security 2010 bug and was able to successfully (so far) remove it.
I used the suggestion of the bleepingcomputer.com website for help and it worked.

descriptionINTERNET Security 2010 removal help LOG POSTED THANKS !!!! EmptyRe: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!17th January 2010, 1:10 am

more_horiz
Hello.
Please post a new Hijack This log, but please turn off Word Wrap before doing so.

To do so, go into the "Format" menu menu, and untick Word Wrap.

descriptionINTERNET Security 2010 removal help LOG POSTED THANKS !!!! EmptyRe: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!19th January 2010, 12:23 am

more_horiz
Arrgh...I thought I killed it but it's still around.
All of the annoying POP-UPs are gone.
When I do a google search and click on the links it redirects me to other sites.
Here is a new log with wordwrap turned off.
Please see if you can help.
Thanks, I really appreciate it, Jim.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:46 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4634 bytes

descriptionINTERNET Security 2010 removal help LOG POSTED THANKS !!!! EmptyRe: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!19th January 2010, 7:15 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionINTERNET Security 2010 removal help LOG POSTED THANKS !!!! EmptyRe: INTERNET Security 2010 removal help LOG POSTED THANKS !!!!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum