Infected with 'Antivirus XP 2010'

Rozzanger · Jan 31, 2010

I've just been infected with 'Antivirus XP 2010'. I think it's preventing me from running Malwarebytes since when I try to launch it I get redirected to the fake Windows security page.

Any advice on what to do?

Osiris · Jan 31, 2010

You need to get combofix downloaed somehow or trasnfered to that pc. Since it doesnt need to be installed, it should work. Also, if it will allow you to, go to Start, Run, type msconfig and press enter. Click disable all and then reboot.

Then run combofix and post its log when done, if that doesnt work try safemode.

Rozzanger · Jan 31, 2010

ComboFix 10-01-30.07 - Owner 31/01/2010 17:19:41.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1436 [GMT 0:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\SystemProc
C:\LOG.TXT
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 16:32 . 2010-01-31 16:32 178688 --sha-w- c:\documents and settings\Owner\Local Settings\Application Data\av.exe
2010-01-24 09:41 . 2010-01-24 09:42 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:41 . 2008-10-31 14:44 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-01-12 06:20 . 2008-09-08 15:55 -------- d-----w- c:\program files\World of Warcraft
2010-01-05 04:53 . 2009-12-05 02:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 05:09 . 2010-01-01 05:09 36884 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-01 03:53 . 2008-09-27 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-29 14:02 . 2009-12-29 01:36 118256 ----a-w- c:\windows\system32\R-EJ-O-_0tQK.exe
2009-12-27 20:10 . 2008-10-06 17:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-12-27 19:46 . 2008-10-06 17:58 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-26 05:24 . 2009-12-26 05:24 1191936 ----a-w- c:\windows\system32\z2b4kwnD4.dll
2009-12-15 00:37 . 2008-09-14 12:13 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-12-11 21:17 . 2009-12-08 17:48 78596 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-11 21:17 . 2009-12-08 17:48 5788192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-11 21:17 . 2009-12-08 17:48 11492 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-11 21:17 . 2009-12-08 17:48 111136 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-11 20:54 . 2009-12-08 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-11 20:54 . 2009-12-08 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-11 20:32 . 2009-12-08 01:16 -------- d-sh--w- c:\documents and settings\Owner\Application Data\System
2009-12-11 19:40 . 2009-10-14 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-11 19:39 . 2009-12-11 19:39 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-09 05:17 . 2009-12-08 01:21 120 ----a-w- c:\windows\Ifeseyojiyedoh.dat
2009-12-09 00:49 . 2009-12-08 01:21 0 ----a-w- c:\windows\Twupewoqanedev.bin
2009-12-08 17:49 . 2009-12-08 17:49 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-08 17:15 . 2009-12-08 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-12-08 02:36 . 2009-12-08 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\a78badf
2009-12-08 01:18 . 2009-12-08 01:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSKJPIQD_APDM
2009-12-08 01:16 . 2009-12-08 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Mozilla Firefox
2009-12-05 02:03 . 2009-12-05 02:03 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-12-05 02:03 . 2009-12-05 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-12-03 16:14 . 2009-10-14 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-10-14 16:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 16:36 . 2006-04-30 06:55 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 13:37 . 2008-07-26 11:28 43536 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 13:49 . 2009-12-08 01:18 457688 ----a-w- c:\documents and settings\All Users\Application Data\a78badf\sqlite3.dll
2009-11-06 13:49 . 2009-12-08 01:18 722392 ----a-w- c:\documents and settings\All Users\Application Data\a78badf\mozcrt19.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6e5180e-0c46-e5c9-9406-a1ccd9357ffb}]
2009-12-26 05:24 1191936 ----a-w- c:\windows\system32\z2b4kwnD4.dll

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HallsLogon_Old_New_S.exe [2008-7-4 937984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 20:57 155648 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-03 11:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HallsLogon_Old_New_S.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HallsLogon_Old_New_S.exe
backup=c:\windows\pss\HallsLogon_Old_New_S.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]
c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2006-08-30 07:40 89542 ------w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 439856 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-11 17:21 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2007-08-23 07:36 53248 ------w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2007-11-16 19:20 91432 ------r- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 02:03 152872 ------w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2007-11-01 03:39 1475072 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2007-11-29 12:30 1474048 ----a-w- c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 23:35 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-12-18 13:28 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-18 13:28 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 16:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 19:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10 120368 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2007-03-14 22:42 321088 ------w- c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-18 13:28 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
2007-03-16 12:26 31840 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 01:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-10-28 16:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-10 07:21 16384000 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2006-12-29 02:48 569344 ----a-w- c:\windows\vsnp2uvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ------w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-05-19 05:51 774233 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2007-04-09 18:03 58416 ------w- c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
2006-09-06 07:38 54824 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-03-04 10:34 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\utorent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"10622:TCP"= 10622:TCP:WaR1
"8040:TCP"= 8040:TCP:WaR2
"8041:TCP"= 8041:TCP:WaR3
"8042:TCP"= 8042:TCP:WaR4
"8043:TCP"= 8043:TCP:WaR4
"8044:TCP"= 8044:TCP:WaR5
"8045:TCP"= 8045:TCP:WaR6
"8046:TCP"= 8046:TCP:WaR7
"8047:TCP"= 8047:TCP:WaR8
"1024:UDP"= 1024:UDP:WaR10
"65535:UDP"= 65535:UDP:WaR11
"6881:TCP"= 6881:TCP:WaR12
"6882:TCP"= 6882:TCP:WaR13
"6883:TCP"= 6883:TCP:WaR13
"6884:TCP"= 6884:TCP:WaR14
"6885:TCP"= 6885:TCP:WaR15
"6886:TCP"= 6886:TCP:WaR16
"6887:TCP"= 6887:TCP:WaR17
"6888:TCP"= 6888:TCP:WaR18
"6889:TCP"= 6889:TCP:WaR19
"6969:TCP"= 6969:TCP:WaR16
"6881:UDP"= 6881:UDP:WaR20
"6882:UDP"= 6882:UDP:WaR21
"6883:UDP"= 6883:UDP:WaR22
"6884:UDP"= 6884:UDP:WaR23
"6885:UDP"= 6885:UDP:WaR24
"6886:UDP"= 6886:UDP:WaR25
"6887:UDP"= 6887:UDP:WaR26
"6888:UDP"= 6888:UDP:WaR27
"6889:UDP"= 6889:UDP:WaR28
"6969:UDP"= 6969:UDP:WaR29

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/08/2009 11:51 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/08/2009 11:51 108552]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 18:48 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/08/2009 11:50 297752]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 18:45 106496]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 02:22 54832]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 20:11 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 22:59 30336]
S1 egh15de;egh15de;c:\windows\system32\drivers\egh15de.sys --> c:\windows\system32\drivers\egh15de.sys [?]
S1 eklbcbe;eklbcbe;c:\windows\system32\drivers\eklbcbe.sys --> c:\windows\system32\drivers\eklbcbe.sys [?]
S1 ekmbb2e;ekmbb2e;c:\windows\system32\drivers\ekmbb2e.sys --> c:\windows\system32\drivers\ekmbb2e.sys [?]
S1 fgna207;fgna207;c:\windows\system32\drivers\fgna207.sys --> c:\windows\system32\drivers\fgna207.sys [?]
S1 mnp0fe2;mnp0fe2;c:\windows\system32\drivers\mnp0fe2.sys --> c:\windows\system32\drivers\mnp0fe2.sys [?]
S1 mstd742;mstd742;c:\windows\system32\drivers\mstd742.sys --> c:\windows\system32\drivers\mstd742.sys [?]
S1 oacb548;oacb548;c:\windows\system32\drivers\oacb548.sys --> c:\windows\system32\drivers\oacb548.sys [?]
S1 opr3fc8;opr3fc8;c:\windows\system32\drivers\opr3fc8.sys --> c:\windows\system32\drivers\opr3fc8.sys [?]
S1 pqd9b09;pqd9b09;c:\windows\system32\drivers\pqd9b09.sys --> c:\windows\system32\drivers\pqd9b09.sys [?]
S1 prd95b9;prd95b9;c:\windows\system32\drivers\prd95b9.sys --> c:\windows\system32\drivers\prd95b9.sys [?]
S1 sab45a8;sab45a8;c:\windows\system32\drivers\sab45a8.sys --> c:\windows\system32\drivers\sab45a8.sys [?]
S1 tbh8e29;tbh8e29;c:\windows\system32\drivers\tbh8e29.sys --> c:\windows\system32\drivers\tbh8e29.sys [?]
S3 kbeepm;kbeepm;\??\c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://scanyourpc-onlinex.com/pr.cgi?id=2847
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - your home for the latest news, sport and entertainment
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\truj5vq4.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{61281789-a863-5613-fa76-21bfff233bff}\components\JCluyp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Owner\My Documents\Downloads\HijackThis.exe

Rozzanger · Jan 31, 2010

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-31 17:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-01-31 17:25:58
ComboFix-quarantined-files.txt 2010-01-31 17:25
ComboFix2.txt 2009-12-11 19:24

Pre-Run: 29,779,566,592 bytes free
Post-Run: 29,771,960,320 bytes free

- - End Of File - - 91F2868F2F8E9736384F9C0B1A994AB8

Osiris · Jan 31, 2010

Can you run malwarebytes now? Or download it? You still getting the antivirus 2010 warnings?

Rozzanger · Jan 31, 2010

I can run it now, should I do a full scan?

Osiris · Jan 31, 2010

No, use quick scan. Did it update?

Rozzanger · Jan 31, 2010

I updated MWB manually before I started scanning. Doing a quick scan now then.

Osiris · Jan 31, 2010

After the scan, post the log and then reboot when prompted. Run it again to see if any infections return. I'd also disable System Restore because its probably infected as well. Then if you still want System Restore, after your pc is clean you an enable it again.

Rozzanger · Jan 31, 2010

Malwarebytes' Anti-Malware 1.44
Database version: 3668
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

31/01/2010 18:18:57
mbam-log-2010-01-31 (18-18-57).txt

Scan type: Quick Scan
Objects scanned: 131010
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6e5180e-0c46-e5c9-9406-a1ccd9357ffb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6e5180e-0c46-e5c9-9406-a1ccd9357ffb} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\z2b4kwnD4.dll (Adware.BHO) -> Quarantined and deleted successfully.

Infected with 'Antivirus XP 2010'

Rozzanger

Baseband Member

Osiris

Golden Master

Rozzanger

Baseband Member

Rozzanger

Baseband Member

Osiris

Golden Master

Rozzanger

Baseband Member

Osiris

Golden Master

Rozzanger

Baseband Member

Osiris

Golden Master

Rozzanger

Baseband Member

Similar threads