GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Security Tools Virus

2 posters

descriptionSecurity Tools Virus EmptySecurity Tools Virus4th January 2010, 11:10 pm

more_horiz
Hi,

Yesterday my computer was infected by this virus (Security Tools), all of the popups began displaying all of the various fake warnings and messages. I ran Malwarebytes straight away which found the related components and I believe took it's standard actions but I was then unable to check the quarantine files tab to remove or take any further action and my computer crashed and went to blue screen.

So I turned it off and then back on and my computer went to the choice for starting in safe mode or normal mode etc, normal mode just turns off again and restarts but only back to this menu screen, safe mode goes to a weird blue screen I've never seen before with the only symbols "- ?" in the top left corner the computer sounds like it's working pretty hard really reving up and getting noisey. So i've turned it off. (currently on a different computer)

I'm guessing my computer is in a serious spot of trouble, and any help would be greatly appreciated.

Thank you

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus4th January 2010, 11:13 pm

more_horiz
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
  • Download The Avira AntiVir Rescue System from Antivir.de.
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.
Security Tools Virus 2i8vzwo

Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.
Security Tools Virus 33dxve1

Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.
Security Tools Virus 2aaby46

Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus4th January 2010, 11:56 pm

more_horiz
Thank you for the advice I will try tonight and let you know tomorrow.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus5th January 2010, 3:49 am

more_horiz
Post when ready.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus5th January 2010, 10:14 pm

more_horiz
Hi,

I burnt Avira to a CD and managed to boot from it and managed to run the various scans which initially found 14 threats and 108 or so warnings, the results said the 14 were 'attempted to repair/renamed', I tried restarting my computer but still had the same problem. I re-ran the scan a couple of times, changed some of the settings, changed to remove the 14 files which it did succesfully but still the same startup problem. The last scan I ran it had no threats but still the 200+ warnings.

So the computer when started still goes to the menu - choice for starting in safe mode or normal mode etc, normal mode just turns off again and restarts but only back to this menu screen, safe mode goes to a weird blue screen I've never seen before with the only symbols "- ?" in the top left corner

any ideas?

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus5th January 2010, 11:11 pm

more_horiz
Hi again,

also scrolling through some of the other posts here I'm now unsure if what popped up on my screen initially was 'Security Tools' or 'Internet Security 2010' just seeing this in the other posts I think "2010" may have been in the title/name..

just wanted to let you know in case this changes the solution for fixing?

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus6th January 2010, 3:01 am

more_horiz
Do you have the Windows XP cd?

We need to work in the Recovery Console, so the computer can be configure to start up again.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus6th January 2010, 3:18 am

more_horiz
I don't think I do off the top of my head. I may have only been given a recovery CD from the manufacturer, but I'd have to find that too.. (never used it)

if I can't find it, is there any other options for me to try tonight?

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus6th January 2010, 3:30 am

more_horiz
Ultimate Boot CD (UBCD):

Download: http://www.ubcd4win.com/downloads.htm

Tutorial: http://www.ubcd4win.com/howto.htm

==

Let me know when you are ready to get started, after you burn the UBCD.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus6th January 2010, 4:25 am

more_horiz
Thanks, I'm currently downloading ubcd4.11.exe

I'll print out the 'howto' and take it home with me to try tonight (currently at work).. any other instructions?

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus6th January 2010, 5:27 am

more_horiz
ok I'm ready to get started, I've burned the UBCD to a CD..

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus6th January 2010, 5:48 am

more_horiz
Ok. Boot to the CD.

Start the computer and place the CD in the drive. It should boot from the CD. Let me know if it does not.

If it boots successfully, tell me if you have the following options:

Antivir
Trend Micro SysClean
McAfee Stinger

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus7th January 2010, 8:11 am

more_horiz
ok it didn't boot from the CD..

but I did find my XP CD, so I went through the Install CD and did the restore latest XP which worked and has allowed the computer to start up again.

I then used Malwarebytes to remove Internet Security 2010 which was causing most of the problems I think. Still unable to access the internet however, and still recieving what looks like lots of fake pop up warnings.

I've run AVG FREE and SUPER Antispyware that have deleted a heap of crap off but not whatever is causing the internet problem and fake messages. I can access task manager now, so slowly getting a bit of control back, however whatever it is seems to be is stopping McAfee from running and Spyware Doctor, also Malwarebytes from updating..

any tips on what I should do to fix these latest problems?

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus7th January 2010, 11:14 am

more_horiz
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus8th January 2010, 8:17 am

more_horiz
Hi,

Downloaded and ran combofix.. Internet is back working! is the Log below what you are after?

Thanks again,
Dwayne


ComboFix 10-01-04.01 - Dwayne 08/01/2010 18:55:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.561 [GMT 11:00]
Running from: c:\program files\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dwayne\Application Data\inst.exe
c:\documents and settings\Dwayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Dwayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\documents and settings\Dwayne\Local Settings\Application Data\emhudv
c:\documents and settings\Dwayne\Local Settings\Application Data\emhudv\cmdxsysguard.exe
C:\s
c:\windows\system32\10334.exe
c:\windows\system32\11478.exe
c:\windows\system32\12371.exe
c:\windows\system32\12548.exe
c:\windows\system32\13701.exe
c:\windows\system32\1413198755.dat
c:\windows\system32\14582.exe
c:\windows\system32\14932.exe
c:\windows\system32\15724.exe
c:\windows\system32\16011.exe
c:\windows\system32\18467.exe
c:\windows\system32\18577.exe
c:\windows\system32\19007.exe
c:\windows\system32\19169.exe
c:\windows\system32\19624.exe
c:\windows\system32\22118.exe
c:\windows\system32\22305.exe
c:\windows\system32\2275.exe
c:\windows\system32\22862.exe
c:\windows\system32\24172.exe
c:\windows\system32\25338.exe
c:\windows\system32\25973.exe
c:\windows\system32\26163.exe
c:\windows\system32\26500.exe
c:\windows\system32\26995.exe
c:\windows\system32\2730.exe
c:\windows\system32\27462.exe
c:\windows\system32\27501.exe
c:\windows\system32\28656.exe
c:\windows\system32\30152.exe
c:\windows\system32\31615.exe
c:\windows\system32\31808.exe
c:\windows\system32\31909.exe
c:\windows\system32\32121.exe
c:\windows\system32\3595.exe
c:\windows\system32\41.exe
c:\windows\system32\4234.exe
c:\windows\system32\4273.exe
c:\windows\system32\5416.exe
c:\windows\system32\6334.exe
c:\windows\system32\7112.exe
c:\windows\system32\833.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\flags.ini
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\uses32.dat
c:\windows\system32\winhelper86.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 07:45 . 2010-01-08 07:41 3819182 ----a-r- c:\program files\ComboFix.exe
2010-01-07 08:34 . 2010-01-07 08:28 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\documents and settings\Owner
2010-01-07 00:54 . 2010-01-07 00:54 -------- d-----w- c:\program files\Common Files\Skype
2010-01-06 23:23 . 2004-08-04 10:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-01-06 23:23 . 2004-08-04 10:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-01-06 23:23 . 2004-08-04 10:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-01-06 23:23 . 2004-08-04 10:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-01-06 23:23 . 2004-08-04 10:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-01-06 23:23 . 2004-08-04 10:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2010-01-06 23:23 . 2004-08-04 10:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2010-01-06 23:23 . 2004-08-04 10:00 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2010-01-06 23:23 . 2004-08-04 10:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2010-01-06 23:23 . 2004-08-04 10:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys
2010-01-06 23:23 . 2004-08-04 10:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-01-06 23:21 . 2004-08-04 10:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-01-06 23:20 . 2004-08-04 10:00 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2010-01-06 22:49 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-06 22:49 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-06 22:49 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-06 22:49 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-06 20:58 . 2010-01-08 08:04 6144 ----a-w- c:\documents and settings\Dwayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
2010-01-06 20:58 . 2010-01-08 08:04 22528 ----a-w- c:\documents and settings\Dwayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
2010-01-06 20:56 . 2010-01-06 20:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-06 19:51 . 2010-01-06 19:51 -------- d-----w- c:\windows\dell
2010-01-06 10:04 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-21 11:49 . 2009-12-21 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\80322621
2009-12-15 11:25 . 2009-12-15 11:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-11 21:35 . 2010-01-02 09:38 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 08:03 . 2009-11-27 10:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 08:03 . 2008-09-07 06:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-08 08:03 . 2008-09-07 05:59 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-07 02:13 . 2006-06-22 15:10 -------- d-----w- c:\program files\Microsoft Works
2010-01-07 00:55 . 2008-06-21 10:38 -------- d-----w- c:\documents and settings\Dwayne\Application Data\Skype
2010-01-07 00:54 . 2008-06-21 10:33 -------- d-----r- c:\program files\Skype
2010-01-07 00:54 . 2008-06-21 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-07 00:52 . 2008-06-21 10:41 -------- d-----w- c:\documents and settings\Dwayne\Application Data\skypePM
2010-01-06 23:17 . 2004-08-10 05:02 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-06 23:17 . 2010-01-06 23:17 1663 ----a-w- c:\windows\inf\COM158.tmp
2010-01-06 22:26 . 2009-04-19 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-06 22:03 . 2006-06-29 08:33 43760 ----a-w- c:\documents and settings\Dwayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 20:57 . 2007-06-11 03:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-06 20:57 . 2007-06-11 03:06 -------- d-----w- c:\documents and settings\Dwayne\Application Data\SUPERAntiSpyware.com
2010-01-06 10:27 . 2006-07-04 06:22 -------- d-----w- c:\program files\Dl_cats
2009-11-27 20:19 . 2009-11-27 10:16 -------- d-----w- c:\program files\Spyware Doctor
2009-11-27 10:37 . 2009-11-27 10:16 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-27 10:16 . 2009-11-27 10:16 -------- d-----w- c:\documents and settings\Dwayne\Application Data\PC Tools
2009-11-27 10:16 . 2009-11-27 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-27 09:57 . 2009-11-27 09:57 34132720 ----a-w- C:\sdasetup_aff.exe
2009-11-09 23:28 . 2009-11-27 10:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 23:28 . 2009-11-27 10:36 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 23:28 . 2009-11-27 10:36 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 23:26 . 2009-11-27 10:36 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 00:20 . 2009-11-27 10:16 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-30 00:11 . 2009-11-27 10:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-27 14:36 . 2009-11-27 10:36 1152444 ----a-w- c:\windows\UDB.zip
2007-05-20 01:58 . 2007-05-20 01:58 21612432 ----a-w- c:\program files\DivXInstaller.exe
2006-09-07 08:03 . 2006-09-07 08:03 3064200 ----a-w- c:\program files\LimeWireWin-full.exe
2006-09-07 08:00 . 2006-09-07 07:59 359112 ----a-w- c:\program files\LimeWireWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-22 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 73728]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-03 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

c:\documents and settings\Dwayne\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\movies\LimeWire\LimeWire.exe [2009-8-1 139776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-23 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-7 66864]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 05:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 23:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-14 18:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcdmon.exe]
2005-10-06 12:01 430080 ----a-w- c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-31 19:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternodeUsage]
2008-10-14 07:46 1339904 ----a-w- c:\progra~1\INTERN~2\mum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 08:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 08:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-02-13 03:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-22 08:59 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 02:35 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2005-09-06 09:37 290816 ----a-w- c:\program files\Dell Photo AIO Printer 944\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 04:19 1121280 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 08:20 339968 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-08-19 12:34 1576176 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-07-03 10:32 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 06:15 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Movies\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2275:UDP"= 2275:UDP:Windows Media Format SDK (iexplore.exe)
"2274:UDP"= 2274:UDP:Windows Media Format SDK (iexplore.exe)
"2448:UDP"= 2448:UDP:Windows Media Format SDK (iexplore.exe)
"2449:UDP"= 2449:UDP:Windows Media Format SDK (iexplore.exe)
"2899:UDP"= 2899:UDP:Windows Media Format SDK (iexplore.exe)
"2898:UDP"= 2898:UDP:Windows Media Format SDK (iexplore.exe)
"3080:UDP"= 3080:UDP:Windows Media Format SDK (iexplore.exe)
"3081:UDP"= 3081:UDP:Windows Media Format SDK (iexplore.exe)

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27/11/2009 9:16 PM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/04/2009 11:36 AM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [19/08/2008 11:34 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19/08/2008 11:34 PM 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [19/04/2009 11:36 AM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [27/11/2009 9:36 PM 112592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19/08/2008 11:34 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
HKCU-Run-rtaxkmxp - c:\documents and settings\Dwayne\Local Settings\Application Data\emhudv\cmdxsysguard.exe
HKLM-Run-rtaxkmxp - c:\documents and settings\Dwayne\Local Settings\Application Data\emhudv\cmdxsysguard.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)
MSConfigStartUp-alg - c:\windows\alg.exe
MSConfigStartUp-Deluxe Tree - c:\documents and settings\Dwayne\Desktop\Christmas.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-netc - c:\windows\svc.exe
MSConfigStartUp-netsv32 - c:\windows\sv.exe
MSConfigStartUp-netw - c:\windows\svw.exe
MSConfigStartUp-Network Associates Error Reporting Service - c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe
MSConfigStartUp-netx - c:\windows\svx.exe
MSConfigStartUp-odb - c:\windows\odb.exe
MSConfigStartUp-odby - c:\windows\odb.exe
MSConfigStartUp-runsql - c:\windows\runsql.exe
MSConfigStartUp-sms - c:\windows\sms.exe
MSConfigStartUp-spool - c:\windows\spool.exe
MSConfigStartUp-SunServer - c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
MSConfigStartUp-taskmg - c:\windows\taskmg.exe
MSConfigStartUp-UpdateWin - c:\windows\system32\1037v.exe
MSConfigStartUp-vlc - c:\windows\vlc.exe
MSConfigStartUp-wdmon - c:\windows\wdmon.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 19:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2972)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\dlcdcoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-01-08 19:11:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 08:11
ComboFix2.txt 2007-06-11 04:49

Pre-Run: 79,320,023,040 bytes free
Post-Run: 82,412,445,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 478094BDE7F1F1A1E61A3A5E33A549A9

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus8th January 2010, 8:46 am

more_horiz
Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus8th January 2010, 10:02 am

more_horiz
I've just realised the internet isn't working completely..

can't follow that link you provided, can't type in addresses, can search with google and find the eset website but not follow the scanner link?

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus8th January 2010, 1:42 pm

more_horiz
Odd.

Please go to this webpage: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

This is a Conficker test. Please let me know if you see all the images at the table at the top of the page. If you do not, please tell me which ones are missing. (I.E. Top Row Second Column, or Bottom Row First Column, etc.).

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus9th January 2010, 12:27 am

more_horiz
wouldn't let me follow the link..

got there by searching google following the linke, result - could see all images..

so the message that is displayed when I try and do things in internet explorer when it won't let me is "Windows can not access the specified device, path, or file. You may not have the appropriate permission to access the item"

so for example I tried downloading IE8 and then Firefox and it doesn't let me.. can't type in www.hotmail.com.. can't following links..

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus9th January 2010, 3:28 am

more_horiz
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:


    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus9th January 2010, 4:47 am

more_horiz
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:35 on 09/01/2010 by Dwayne (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--- 180224 bytes [10:24 05/07/2006] [21:00 03/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 180224 bytes [08:10 08/01/2010] [10:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\scecli.dll --a--- 181248 bytes [04:35 09/01/2010] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll --a--- 181248 bytes [17:04 07/01/2010] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll --a--- 181248 bytes [13:15 26/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [10:00 04/08/2004] [10:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll ------ 180224 bytes [10:00 04/08/2004] [10:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--- 407040 bytes [10:22 05/07/2006] [21:00 03/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [08:10 08/01/2010] [10:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\netlogon.dll --a--- 407040 bytes [04:34 09/01/2010] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll --a--- 407040 bytes [17:03 07/01/2010] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll --a--- 407040 bytes [13:15 26/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [10:00 04/08/2004] [10:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll ------ 407040 bytes [10:00 04/08/2004] [10:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--- 55808 bytes [10:20 05/07/2006] [21:00 03/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 55808 bytes [08:10 08/01/2010] [10:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\eventlog.dll --a--- 56320 bytes [04:33 09/01/2010] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll --a--- 56320 bytes [17:02 07/01/2010] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --a--- 56320 bytes [13:14 26/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [10:00 04/08/2004] [10:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll ------ 55808 bytes [10:00 04/08/2004] [10:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78

Searching for "winlogon.exe"
C:\i386\winlogon.exe --a--- 502272 bytes [10:26 05/07/2006] [21:00 03/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a--- 502272 bytes [08:10 08/01/2010] [10:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\winlogon.exe --a--- 507904 bytes [04:36 09/01/2010] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe --a--- 507904 bytes [17:04 07/01/2010] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe --a--- 507904 bytes [13:16 26/08/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\dllcache\winlogon.exe --a--c 502272 bytes [10:00 04/08/2004] [10:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\system32\winlogon.exe ------ 502272 bytes [10:00 04/08/2004] [10:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE

Searching for "comres.dll"
C:\i386\comres.dll --a--- 792064 bytes [10:17 05/07/2006] [21:00 03/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\comres.dll --a--- 792064 bytes [04:32 09/01/2010] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll --a--- 792064 bytes [17:02 07/01/2010] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll --a--- 792064 bytes [13:14 26/08/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [10:00 04/08/2004] [10:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\system32\dllcache\comres.dll --a--c 792064 bytes [10:00 04/08/2004] [10:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\i386\crypt32.dll --a--- 597504 bytes [10:17 05/07/2006] [21:00 03/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\crypt32.dll --a--- 599040 bytes [04:32 09/01/2010] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\crypt32.dll --a--- 599040 bytes [17:02 07/01/2010] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\crypt32.dll --a--- 599040 bytes [13:14 26/08/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 597504 bytes [10:00 04/08/2004] [10:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\system32\dllcache\crypt32.dll --a--c 597504 bytes [10:00 04/08/2004] [10:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\i386\rundll32.exe --a--- 33280 bytes [10:24 05/07/2006] [21:00 03/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\rundll32.exe --a--- 33280 bytes [04:35 09/01/2010] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rundll32.exe --a--- 33280 bytes [17:04 07/01/2010] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rundll32.exe --a--- 33280 bytes [13:15 26/08/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33280 bytes [10:00 04/08/2004] [10:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [10:00 04/08/2004] [10:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "sfc.dll"
C:\i386\sfc.dll --a--- 5120 bytes [10:24 05/07/2006] [21:00 03/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ERDNT\cache\sfc.dll --a--- 5120 bytes [08:10 08/01/2010] [10:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\sfc.dll --a--- 5120 bytes [04:35 09/01/2010] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll --a--- 5120 bytes [17:04 07/01/2010] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll --a--- 5120 bytes [13:15 26/08/2008] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [10:00 04/08/2004] [10:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\system32\sfc.dll ------ 5120 bytes [10:00 04/08/2004] [10:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E

Searching for "svchost.exe"
C:\i386\svchost.exe --a--- 14336 bytes [10:25 05/07/2006] [21:00 03/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ERDNT\cache\svchost.exe --a--- 14336 bytes [08:10 08/01/2010] [10:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\svchost.exe --a--- 14336 bytes [04:35 09/01/2010] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe --a--- 14336 bytes [17:04 07/01/2010] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe --a--- 14336 bytes [13:15 26/08/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\dllcache\svchost.exe --a--c 14336 bytes [10:00 04/08/2004] [10:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\svchost.exe ------ 14336 bytes [10:00 04/08/2004] [10:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\i386\beep.sys --a--- 4224 bytes [10:19 05/07/2006] [21:00 03/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\ERDNT\cache\beep.sys --a--- 4224 bytes [08:10 08/01/2010] [10:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\dllcache\beep.sys --a--c 4224 bytes [10:00 04/08/2004] [10:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys ------ 4224 bytes [10:00 04/08/2004] [10:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\i386\wscntfy.exe --a--- 13824 bytes [10:27 05/07/2006] [21:00 03/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\ERDNT\cache\wscntfy.exe --a--- 13824 bytes [08:10 08/01/2010] [10:00 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\wscntfy.exe --a--- 13824 bytes [04:37 09/01/2010] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe --a--- 13824 bytes [17:04 07/01/2010] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe --a--- 13824 bytes [13:16 26/08/2008] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--c 13824 bytes [10:00 04/08/2004] [10:00 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\system32\wscntfy.exe ------ 13824 bytes [10:00 04/08/2004] [10:00 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297

Searching for "atapi.sys"
C:\i386\atapi.sys --a--- 95360 bytes [10:18 05/07/2006] [14:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [08:10 08/01/2010] [10:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\atapi.sys --a--- 96512 bytes [04:32 09/01/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [17:02 07/01/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a--- 96512 bytes [13:14 26/08/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [10:00 04/08/2004] [10:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus9th January 2010, 5:40 am

more_horiz
Open NOTEPAD.exe and copy/paste the text in the codebox below:
(don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"Start"=dword:00000004

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this: Security Tools Virus Reg
Double click on fix.reg & allow it to merge into the registry

==

Then, tell me what happens when you use the web browser.

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus9th January 2010, 5:50 am

more_horiz
looks like I can download stuff now (downloaded firefox), and enter web addresses directly, but still unable to log into sites, i.e. hotmail, my work email, myspace..

probably unrelated but AVG running in the background continues to find some admt cookie tracker or something?

descriptionSecurity Tools Virus Emptybump12th January 2010, 9:06 am

more_horiz
bump

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus12th January 2010, 10:19 am

more_horiz
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

descriptionSecurity Tools Virus EmptyRe: Security Tools Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum