Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Windows Recovery, hard drive error


  • This topic is locked This topic is locked
3 replies to this topic

#1 LAB811

LAB811

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 30 May 2011 - 08:12 AM

Hi I have an HP that is badly infected. There is nothing in my c drive or so it wants you to believe. It has one of those bogus XP recovery diagnostic pop ups and Hard drive problem pop ups.It stopped my Avira anti virus and right now I have had problems downloading Malwarebytes. No matter what i do it tells me that access is denied or it downloads but when I try to open it I can't. I was able to download and run Superantispyware and it found over 400 detections and I removed them but who knows what is really removed. I know I'm supposed to post first first but I was able to run rkill and here is that log if it helps at all. My OS is Windows XP What else can I try.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05/30/2011 at 8:47:26.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Documents and Settings\All Users\Application Data\xXjsKiNbkvU.exe
C:\Documents and Settings\All Users\Application Data\19586852.exe


Rkill completed on 05/30/2011 at 8:47:32.

I'm probably wrong doing this before anyone posting but I also ran the rootkit unhooked scan. Here is that log. Sorry I'm running these before anyone helping but I am limited getting into the forum and what I can run.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0BF000 C:\WINDOWS\System32\ati3duag.dll 2412544 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9374000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1368064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB916C000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1097728 bytes (Agere Systems, SoftModem Device Driver)
0xB9E4E000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xBF30C000 C:\WINDOWS\System32\ativvaxx.dll 602112 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB9D60000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8E11000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB929C000 C:\WINDOWS\system32\drivers\cmaudio.sys 380928 bytes (C-Media Inc, C-Media Audio WDM Driver)
0xB4AD8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB1EFE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF39F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB1F7E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 258048 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF051000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB4AA1000 C:\WINDOWS\system32\drivers\pctgntdi.sys 225280 bytes (PC Tools, PC Tools Generic TDI Driver)
0xBF08A000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB8E6F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB2247000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D33000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB1283000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB4A2C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB4A79000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB49E0000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB4A06000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB4994000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9278000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB933C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9319000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB4A57000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E16000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB92F9000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB19F7000 C:\WINDOWS\system32\drivers\pctplfw.sys 110592 bytes (PC Tools, PC Tools FW Plugin Driver)
0xB9D19000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E36000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB4954000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9DED000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9141000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4B8C000 C:\WINDOWS\system32\drivers\SBREdrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xB2727000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB22EA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9158000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB1EC2000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 81920 bytes (PC Tools, PC Tools App Monitor Driver)
0xB9360000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB4B31000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E04000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9130000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB20D7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9542000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB238F000 C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys 65536 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0xB9522000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB9532000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB24C7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA308000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8F60000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB9512000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0xB94F2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB94D2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA148000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9552000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB94E2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB9502000 C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 40960 bytes (Juniper Networks, dsNcAdapter)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA2B8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB8F50000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB94C2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA318000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB2677000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8F40000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\aracpi.sys 24576 bytes (Microsoft Corporation, Microsoft AR ACPI Driver (Beta 2 Release 2))
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xBA410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBA3B8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xBA488000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA408000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xBA398000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA420000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8BD2000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB2770000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB8BD6000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB9CF5000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB4B58000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9CD5000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB8BC6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB1F5A000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 12288 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xB8BC2000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9CF1000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA540000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5D6000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xBA66C000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xBA666000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA65C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5BE000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA65A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA65E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA660000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA600000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA650000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7B2000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA71C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7EB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

EDIT: Posts merged ~Budapest

Edited by Budapest, 30 May 2011 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 PM

Posted 01 June 2011 - 05:05 PM

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic400147.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 LAB811

LAB811
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 01 June 2011 - 08:07 PM

Yes it is the same computer it started with the black screen and I was unable to access anything on the computer. There was a fake windows security or AV screen and all my programs and drives were hidden and inaccessible. Sorry I had separate posts but I wasn't sure if I was explaining my problem well and how bad the problem was and I was also having trouble accessing the internet so I could only post when I could get on. I was able to finally run Malwarebyes and you can see the log. Here is the latest Hijack this log. I've been trying everything in desperation as you can see. Now I have odd things happening. My taksbar has my desktop, my documents, my computer all in the taskbar and I keep getting the Malwarebytes set up popping up to install. I reboot and it comes back. Can you advise what my next step is because even though Malwarebytes came back with 0 detections as well. Here is the Avira report with virus found:
Avira AntiVir Personal
Report file date: Monday, May 30, 2011 12:01

Scanning for 2777280 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-4DACD0EA75

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 5/13/2011 20:23:39
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/8/2010 22:13:37
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:21:26
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 23:54:52
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 12:21:59
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 12:21:59
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 12:22:00
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 12:22:00
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 12:22:00
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 12:22:00
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 12:22:00
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 12:22:00
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 12:22:01
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 12:22:01
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 13:16:27
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 23:12:27
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 00:09:10
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 00:03:48
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 00:03:53
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 23:14:09
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 20:23:39
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 20:23:39
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 20:23:39
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 20:23:39
VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 20:23:39
VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 20:23:39
VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 20:23:39
VBASE026.VDF : 7.11.8.16 147456 Bytes 5/13/2011 20:23:39
VBASE027.VDF : 7.11.8.46 169472 Bytes 5/17/2011 01:19:46
VBASE028.VDF : 7.11.8.109 181760 Bytes 5/24/2011 13:48:06
VBASE029.VDF : 7.11.8.158 191488 Bytes 5/27/2011 13:26:04
VBASE030.VDF : 7.11.8.159 2048 Bytes 5/27/2011 13:26:04
VBASE031.VDF : 7.11.8.169 89600 Bytes 5/30/2011 13:26:05
Engineversion : 8.2.5.6
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 5/26/2011 22:48:30
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 03:32:22
AESBX.DLL : 8.2.1.33 323956 Bytes 5/25/2011 22:48:03
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 21:03:22
AEPACK.DLL : 8.2.6.8 557430 Bytes 5/16/2011 23:53:43
AEOFFICE.DLL : 8.1.1.23 205178 Bytes 5/26/2011 22:48:28
AEHEUR.DLL : 8.1.2.122 3494263 Bytes 5/26/2011 22:48:28
AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 01:19:54
AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 01:19:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 03:32:13
AECORE.DLL : 8.1.21.1 196983 Bytes 5/25/2011 22:47:55
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 01:19:48
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 5/13/2011 20:23:39
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/8/2010 22:13:34
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, May 30, 2011 12:01

The scan of running processes will be started
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process '19586852.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'xXjsKiNbkvU.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\Documents and Settings\All Users\Application Data\xXjsKiNbkvU.exe>
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
[NOTE] Process 'xXjsKiNbkvU.exe' was terminated
[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xXjsKiNbkvU> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '49721bb4.qua'.
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Trjscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
Scan process 'HPBootOp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'lburke.tmp' - '1' Module(s) have been scanned
Scan process 'lburke.scr' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'dsNcService.exe' - '1' Module(s) have been scanned
Scan process 'CSHelper.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '470' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Documents and Settings\HP_Administrator\0.8158844749548945.exe
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\48c8f3a9-62d13d49
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.P Java virus
--> FAQ/Template.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.P Java virus
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache5716848188472812307.tmp
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache6630729465611699927.tmp
[DETECTION] Is the TR/Dldr.Bebeber.A.13 Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP368\A0055574.exe
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP368\A0055574.exe
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
[NOTE] The file was moved to the quarantine directory under the name '51bc9202.qua'.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache6630729465611699927.tmp
[DETECTION] Is the TR/Dldr.Bebeber.A.13 Trojan
[NOTE] The file was moved to the quarantine directory under the name '03a1c89d.qua'.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache5716848188472812307.tmp
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6596875f.qua'.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\48c8f3a9-62d13d49
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.P Java virus
[NOTE] The file was moved to the quarantine directory under the name '2003aa0b.qua'.
C:\Documents and Settings\HP_Administrator\0.8158844749548945.exe
[DETECTION] Is the TR/FakeSysdef.A.942 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f439873.qua'.


End of the scan: Monday, May 30, 2011 18:24
Used time: 6:12:20 Hour(s)

The scan has been done completely.

12183 Scanned directories
581333 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
581327 Files not concerned
15770 Archives were scanned
0 Warnings
6 Notes
Then the next day it found 1 more. Here is that report:
Avira AntiVir Personal
Report file date: Tuesday, May 31, 2011 12:00

Scanning for 2777280 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-4DACD0EA75

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 5/13/2011 20:23:39
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/8/2010 22:13:37
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:21:26
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 23:54:52
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 12:21:59
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 12:21:59
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 12:22:00
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 12:22:00
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 12:22:00
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 12:22:00
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 12:22:00
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 12:22:00
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 12:22:01
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 12:22:01
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 13:16:27
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 23:12:27
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 00:09:10
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 00:03:48
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 00:03:53
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 23:14:09
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 20:23:39
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 20:23:39
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 20:23:39
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 20:23:39
VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 20:23:39
VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 20:23:39
VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 20:23:39
VBASE026.VDF : 7.11.8.16 147456 Bytes 5/13/2011 20:23:39
VBASE027.VDF : 7.11.8.46 169472 Bytes 5/17/2011 01:19:46
VBASE028.VDF : 7.11.8.109 181760 Bytes 5/24/2011 13:48:06
VBASE029.VDF : 7.11.8.158 191488 Bytes 5/27/2011 13:26:04
VBASE030.VDF : 7.11.8.159 2048 Bytes 5/27/2011 13:26:04
VBASE031.VDF : 7.11.8.169 89600 Bytes 5/30/2011 13:26:05
Engineversion : 8.2.5.6
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 5/26/2011 22:48:30
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 03:32:22
AESBX.DLL : 8.2.1.33 323956 Bytes 5/25/2011 22:48:03
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 21:03:22
AEPACK.DLL : 8.2.6.8 557430 Bytes 5/16/2011 23:53:43
AEOFFICE.DLL : 8.1.1.23 205178 Bytes 5/26/2011 22:48:28
AEHEUR.DLL : 8.1.2.122 3494263 Bytes 5/26/2011 22:48:28
AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 01:19:54
AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 01:19:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 03:32:13
AECORE.DLL : 8.1.21.1 196983 Bytes 5/25/2011 22:47:55
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 01:19:48
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 5/13/2011 20:23:39
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/8/2010 22:13:34
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, May 31, 2011 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'lburke.tmp' - '1' Module(s) have been scanned
Scan process 'lburke.scr' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'Mixer.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'dsNcService.exe' - '1' Module(s) have been scanned
Scan process 'CSHelper.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '472' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP369\A0055597.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP369\A0055597.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '492ac8c1.qua'.


End of the scan: Tuesday, May 31, 2011 18:30
Used time: 4:55:19 Hour(s)

The scan has been done completely.

12211 Scanned directories
581439 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
581438 Files not concerned
15693 Archives were scanned
0 Warnings
1 Notes

The last 2 Avira scans came back no detections found.

Here is the latest Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:47 PM, on 6/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueSwitchEsaya\TrueWizard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=US&language=en&PURCH_DT_MONTH=03&PURCH_DT_DAY=24&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=MXF60905D5&application=305&modelID=EL454AA&LF=blue
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ueskraos] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\xnbykdlcf\srmjesluqiw.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 2.0.lnk.disabled
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchEsaya\TrueWizard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} (Invoke Solutions MILiveParticipantPadHelper Control) - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13638 bytes

Sorry if this is too much info but it is all that i have done. Thanks for any advice.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 PM

Posted 03 June 2011 - 03:37 PM

Please reply to your other topic. I will close this one.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users