WiredWX Hobby Weather ToolsLog in

 


descriptionhelp im infected with the "security tool " virus Emptyhelp im infected with the "security tool " virus

more_horiz
heres the log file below,now tell me what i do? thnx bb

ComboFix 11-01-10.08 - Owner 01/11/2011 11:50:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.487 [GMT -5:00]
Running from: c:\documents and settings\Owner\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\Dtdh.dll
c:\windows\system32\ps2.bat
c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
c:\documents and settings\Owner\Start Menu\Programs\Security Shield.lnk
c:\windows\system\oeminfo.ini
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 16:22 . 2011-01-11 16:22 -------- d-----w- c:\program files\Common Files\Java
2011-01-11 16:19 . 2011-01-11 16:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-11 16:18 . 2011-01-11 16:18 -------- d-----w- c:\program files\Java
2011-01-11 13:39 . 2011-01-11 13:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-11 13:30 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-11 13:30 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-11 13:30 . 2010-11-17 15:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-11 13:30 . 2010-11-25 15:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-11 13:30 . 2010-11-25 15:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-11 13:30 . 2010-11-25 15:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-11 13:30 . 2011-01-11 13:32 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-11 13:30 . 2011-01-11 15:48 -------- d-----w- c:\program files\PC Tools Security
2011-01-11 13:30 . 2011-01-11 13:30 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2011-01-11 13:30 . 2011-01-11 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-11 13:24 . 2011-01-11 16:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-11 12:46 . 2011-01-11 12:46 264192 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\flcabyruh.exe
2011-01-01 22:00 . 2011-01-01 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Photo Notifier and Animation Creator
2011-01-01 22:00 . 2011-01-01 22:00 -------- d-----w- c:\program files\Photo Notifier and Animation Creator
2010-12-19 21:43 . 2010-12-19 21:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-15 12:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-11 16:18 . 2010-05-12 21:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2009-10-14 22:43 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2009-10-14 22:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2009-10-14 22:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2009-10-14 22:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-10-14 22:43 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2009-10-14 22:41 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-10-14 22:43 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"hp Silent Service"="c:\windows\system32\HpSrvUI.exe" [2001-11-30 32768]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-06-16 212992]
"S3apphk"="S3apphk.exe" [2001-12-05 28672]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 10:43 57344 -c--a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"LexBceS"=2 (0x2)
"SamSs"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\drivers\PCTCore.sys [1/11/2011 8:30 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\SYSTEM32\drivers\pctDS.sys [1/11/2011 8:30 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\SYSTEM32\drivers\pctEFA.sys [1/11/2011 8:30 AM 656320]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [10/19/2009 12:36 PM 109168]
R3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [12/27/2001 10:11 PM 149244]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);c:\windows\SYSTEM32\drivers\LVVIMULB.SYS [9/30/2010 8:15 PM 163328]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [1/11/2011 8:30 AM 366840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-06-22 19:36]

2010-11-01 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-16 22:08]

2010-07-02 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-22 19:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baynews9.com/
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 11:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1241443622-3753018816-2163411867-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c00c\6&1f3af29a&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-01-11 12:02:30
ComboFix-quarantined-files.txt 2011-01-11 17:02

Pre-Run: 197,215,490,048 bytes free
Post-Run: 197,225,492,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

- - End Of File - - BB9AB2CA5DA9378E8453FF1BCF0A17D3

descriptionhelp im infected with the "security tool " virus EmptyRe: help im infected with the "security tool " virus

more_horiz
Hello.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionhelp im infected with the "security tool " virus Emptyhelp with security tool virus

more_horiz
i did both the above installed avira and run the scan seems the popup warnings are gone and nothing in my tool tray as far as icon, but does that mean it is off my system? or do i have to do something else? thnx bb

Last edited by beachbumtroy on 12th January 2011, 2:02 pm; edited 1 time in total (Reason for editing : spelling)

descriptionhelp im infected with the "security tool " virus EmptyRe: help im infected with the "security tool " virus

more_horiz
Did the ESET scan report any findings? if not, then everything should be good, the Combofix log looks fine.

descriptionhelp im infected with the "security tool " virus EmptyRe: help im infected with the "security tool " virus

more_horiz
i believe it did but i put fix automatically on it and it did apparently.thnx so much i thought i was done for Smile...

descriptionhelp im infected with the "security tool " virus EmptyRe: help im infected with the "security tool " virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum