0

Hi there i'm not fantastic with pc's but i'm not totally useles i can easliy follow instructions.

Right anyway I am having serious problems with my pc. I cannot download any antivirus' also when i click on certain web links eg http://www.microsoft.com/security_essentials/ it brings up problem loading page. This happens with the majority of antivirus software. I have been able to download AVG and Avira but when it comes to the installation it continually say's I have no internet connection but I do.

I have no idea how to fix these problems and the more I try to download antivirus' the worse it seems to get.

Thanks in advance if anyone can help.

4
Contributors
26
Replies
28
Views
7 Years
Discussion Span
Last Post by tania.smith1990
0

If you have another PC, download the installer for MalwareBytes


Boot the PC into safe mode, START - run - MSCONFIG and choose selective startup and uncheck the startup items. Reboot normal and you should be able to load malware bytes and update and run a scan.

You can also run a scan of malware bytes in safe mode if needed.

0

Thankyou very much this has worked it found 24 infections most of these were Trojans!! I managed to download malware bytes from cnet. I have now installed avira

Thank you once again

0

You need to post the MBA-M log here. Other steps may be required, especially with the number of Trojans found. These may just be the "tip of the iceberg". There very well could be a rootkit on there which will just bring in more infections.

Edited by jholland1964: n/a

0

I will post the log shortly.

I do appologise for taking so long to reply i dont get on here very often as I have a 6 month old baby.

Thanks

Edited by tania.smith1990: n/a

0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4784

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/10/2010 10:13:19
mbam-log-2010-10-09 (10-13-19).txt

Scan type: Quick scan
Objects scanned: 135997
Time elapsed: 12 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{e86544a8-d059-7969-04cc-cc90594e2d94} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://dymasearch.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\alahohsxds.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\qirexu.dll (Worm.Conficker) -> Delete on reboot.
C:\WINDOWS\system32\spool\prtprocs\w32x86\qG79317s.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\s9eI79q.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\w93yWS3.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke\Local Settings\Temporary Internet Files\Content.IE5\72H37HQ6\setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke\Local Settings\Temporary Internet Files\Content.IE5\72H37HQ6\ga6c42[1].exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke\Local Settings\Temporary Internet Files\Content.IE5\72H37HQ6\gae509[1].exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\alahohsxds.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

0

Understand the time a 6 month old baby takes, hope though that you are not using the computer for anything else other than cleanup either. You obviously had/have some very serious infections on there. If you are using the computer for anything else than cleaning it up then all these steps will be for nothing.
Please now do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.

When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

0

C:\Documents and Settings\Luke\Application Data\762A8E280F3756DA5B8960E419630E97\newsecureapp70700.exe a variant of Win32/Kryptik.GJT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Luke\Application Data\Oqxio\inin.exe Win32/Spy.Zbot.ZR trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\40612cda-3bdfadb0 probably a variant of Win32/Agent.LMMBFXF trojan cleaned by deleting - quarantined

i'll add the mba-m logs shortly.

0

MBA-M Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4784

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/10/2010 20:24:03
mbam-log-2010-10-15 (20-24-03).txt

Scan type: Quick scan
Objects scanned: 137447
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

tania, that is not the full ESET log, we need to see the entire log from top to bottom, not just what was found/removed. Your computer appears to still be grossly infected.

Also, you did NOT update MBA-M as crunchie requested. Your database still shows 4784, which is the very same one you used on the last scan. MBA-M has multiple updates DAILY which is why updating must be run each and every time you scan, even for multiple scans done on the same day. The current database version, as of 5 minutes ago is Database version: 4840. Plus you only ran a Quick Scan. When infection is found using a Quick Scan, as your original scan showed, then the program should immediately be updated again and a Full Scan should then be run. The Quick Scan does not scan all files. If some of those files are found to be infected then it is vitally important that the Full Scan be run immediately.
Please follow these instructions and post back with the entire ESET log and also a log from a Fully Updated FULL scan with MBA-M.
Judy

Edited by jholland1964: n/a

0

CimmerianX, I realize you wish to assist but please look at the logs and the MBA-M run. The first log is likely a portion of the ESET scanner log, however without the entire log we cannot be certain the scan was done correctly.
The 2nd MBA-M log, while it looks clean, was NOT updated and not a Full Scan both of which should have been done. So to say "That's looks pretty good." is not correct. If if had been a full scan with an updated program, "maybe" you could say it looks pretty good but since steps have not been followed correctly, no it doesn't look pretty good. It looks incomplete and inaccurate.

Tania, please complete the steps given ok?

Edited by jholland1964: n/a

0

Sorry guys have had a bad few days with the little one. I usually try to get it done when he's asleep. I'm going to try and correctly do all you have said :D.

0

This is the updated and latest MBA-M log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4878

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/10/2010 11:35:02
mbam-log-2010-10-19 (11-35-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 158740
Time elapsed: 35 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Luke\My Documents\LimeWire\Incomplete\Preview-T-10568450-Virtual Dj Full Version.exe (P2P.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke\My Documents\LimeWire\Saved\Virtual Dj Full Version.exe (P2P.Dropper) -> Quarantined and deleted successfully.

0

I have also just ran a scan with Avira here's the log if this any use? It picked up 36 viruses or somthing??

Avira AntiVir Personal
Report file date: 19 October 2010 11:42

Scanning for 2948666 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LANPRTY-LUKE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 09:24:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 09:24:50
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 09:24:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 09:25:04
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 09:25:04
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 09:25:04
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 09:25:04
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 09:25:04
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 09:25:05
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 09:25:05
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 09:25:06
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 09:25:06
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 09:25:06
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 09:25:07
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 09:25:07
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 09:25:08
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 09:25:08
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 18:01:32
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 18:01:33
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 18:01:33
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 08:55:33
VBASE026.VDF : 7.10.12.239 2048 Bytes 10/18/2010 08:55:33
VBASE027.VDF : 7.10.12.240 2048 Bytes 10/18/2010 08:55:33
VBASE028.VDF : 7.10.12.241 2048 Bytes 10/18/2010 08:55:33
VBASE029.VDF : 7.10.12.242 2048 Bytes 10/18/2010 08:55:33
VBASE030.VDF : 7.10.12.243 2048 Bytes 10/18/2010 08:55:33
VBASE031.VDF : 7.10.12.247 59904 Bytes 10/19/2010 08:55:35
Engineversion : 8.2.4.82
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/9/2010 09:25:16
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/9/2010 09:25:16
AESCN.DLL : 8.1.6.1 127347 Bytes 10/9/2010 09:25:15
AESBX.DLL : 8.1.3.1 254324 Bytes 10/9/2010 09:25:16
AERDL.DLL : 8.1.9.2 635252 Bytes 10/9/2010 09:25:15
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/15/2010 18:01:42
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/9/2010 09:25:14
AEHEUR.DLL : 8.1.2.35 2961784 Bytes 10/15/2010 18:01:41
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/15/2010 18:01:36
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/9/2010 09:25:10
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/9/2010 09:25:10
AECORE.DLL : 8.1.17.0 196982 Bytes 10/9/2010 09:25:10
AEBB.DLL : 8.1.1.0 53618 Bytes 10/9/2010 09:25:10
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 19 October 2010 11:42

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp\Parameters\{7351856c-14f3-4a9b-86e5-f82b9dbf2e84}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Epoch\epoch
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\leaseobtainedtime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\t1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\t2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\leaseterminatestime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\leaseobtainedtime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\t1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\t2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\leaseterminatestime
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'vssvc.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '87' Module(s) have been scanned
Scan process 'msdtc.exe' - '46' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'BelkinWCUI.exe' - '54' Module(s) have been scanned
Scan process 'ctfmon.exe' - '31' Module(s) have been scanned
Scan process 'avgnt.exe' - '50' Module(s) have been scanned
Scan process 'fwupdate.exe' - '30' Module(s) have been scanned
Scan process 'PDVD8Serv.exe' - '29' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '40' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'hkcmd.exe' - '33' Module(s) have been scanned
Scan process 'igfxtray.exe' - '33' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '26' Module(s) have been scanned
Scan process 'SMTray.exe' - '27' Module(s) have been scanned
Scan process 'Explorer.EXE' - '100' Module(s) have been scanned
Scan process 'alg.exe' - '39' Module(s) have been scanned
Scan process 'avshadow.exe' - '32' Module(s) have been scanned
Scan process 'SMAgent.exe' - '21' Module(s) have been scanned
Scan process 'RichVideo.exe' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '38' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '51' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '191' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '83' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1715' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache1436681447942142928.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack$1.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.C Java virus
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache3024112450055784008.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack$1.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.C Java virus
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache3288757114756970607.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> Exploit.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> PayloadCreater.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.C Java virus
--> PayloadClassLoader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.B Java virus
--> Payloader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.D Java virus
--> payload.ser
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache3951944931078930309.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> Exploit.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> PayloadCreater.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.C Java virus
--> PayloadClassLoader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.B Java virus
--> Payloader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.D Java virus
--> payload.ser
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache6413426900653372014.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> Exploit.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> PayloadCreater.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.C Java virus
--> PayloadClassLoader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.B Java virus
--> Payloader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.D Java virus
--> payload.ser
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache8180051082592797330.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack$1.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.C Java virus
C:\Documents and Settings\Luke\My Documents\Downloads\PDFTablet_Installer.exe
[0] Archive type: NSIS
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
--> ProgramFilesDir/installer.exe
--> Object
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\14\3050238e-73d2b6ef
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.M.3 Java virus
--> seopack.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.M.3 Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\3eed9817-5fd5e9ba
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.EX Java virus
--> a0ee3d65141.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.EX Java virus
--> a4cb9b1a8a5.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.EY Java virus
--> a66d578f084.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus
--> aa79d1019d8.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus
--> ab16db71cdc.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus
--> ab5601d4848.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus
--> ae28546890f.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus
--> af439f03798.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\6ddf919-6aa468d3
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.AF.2 Java virus
--> KAK/NED/NOD32.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.AF.2 Java virus
--> KAK/NED/sexxxy.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.25252 Java virus
--> KAK/NED/crime4u.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.9888 Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\30dcb2a1-432c4077
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.AJ.4 Java virus
--> JavaUpdateManager.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.AJ.4 Java virus
C:\Program Files\PDFReading\installer.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
--> Object
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

Beginning disinfection:
C:\Program Files\PDFReading\installer.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '462e2d23.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\30dcb2a1-432c4077
[DETECTION] Contains recognition pattern of the JAVA/Agent.AJ.4 Java virus
[NOTE] The file was moved to the quarantine directory under the name '5ea80246.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\6ddf919-6aa468d3
[DETECTION] Contains recognition pattern of the JAVA/Agent.9888 Java virus
[NOTE] The file was moved to the quarantine directory under the name '0cf75872.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\3eed9817-5fd5e9ba
[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
[NOTE] The file was moved to the quarantine directory under the name '6ac317b1.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\14\3050238e-73d2b6ef
[DETECTION] Contains recognition pattern of the JAVA/Agent.M.3 Java virus
[NOTE] The file was moved to the quarantine directory under the name '2e973a52.qua'.
C:\Documents and Settings\Luke\My Documents\Downloads\PDFTablet_Installer.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '507d08cf.qua'.
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache8180051082592797330.tmp
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.C Java virus
[NOTE] The file was moved to the quarantine directory under the name '1ce924a8.qua'.
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache6413426900653372014.tmp
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '60f164f8.qua'.
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache3951944931078930309.tmp
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '4dab4bb5.qua'.
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache3288757114756970607.tmp
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '54c3702f.qua'.
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache3024112450055784008.tmp
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.C Java virus
[NOTE] The file was moved to the quarantine directory under the name '389f5c1f.qua'.
C:\Documents and Settings\Luke\Local Settings\Temp\jar_cache1436681447942142928.tmp
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.C Java virus
[NOTE] The file was moved to the quarantine directory under the name '49266585.qua'.


End of the scan: 19 October 2010 13:04
Used time: 1:17:54 Hour(s)

The scan has been done completely.

3544 Scanned directories
154318 Files were scanned
36 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
12 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
154282 Files not concerned
844 Archives were scanned
0 Warnings
12 Notes
181099 Objects were scanned with rootkit scan
11 Hidden objects were found

0

Tania, the computer obviously is still infected. Likely the KEY reason of the for the continuing infections is found in that MBA-M log...

C:\Documents and Settings\Luke\My Documents\LimeWire\Saved\Virtual Dj Full Version.exe (P2P.Dropper)

Limewire is a P2P file sharing program. Used mainly to ILLEGALLY obtain copyrighted material, music and games especially, without payment to the rightful owners of the software being downloaded. This obviously is the case with these two infected files for sure.
Virtual Dj is a program that must be paid for when purchased LEGALLY. The cost is approximately $329. But, because the copy on your computer was obtained illegally via P2P it was "supposedly" FREE. But along with the illegally gotten software you also now have a grossly infected computer. This is proven by the fact that each and every scan finds newly infected files.
The files found by Avira scan contained a Trojan. These were contained in the folder C:\Documents and Settings\Luke\My Documents\Downloads\PDFTablet_Installer.exe
and held the TR/Dldr.Delphi.Gen Trojan. A trojan is created in order to bring onto the computer other infected files.

It is the policy of daniweb and stated very clearly in our Read Me First sticky that anyone posting for assistance in removing infections must do the following:
Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

I would like you to UNINSTALL ALL P2P file sharing programs on the computer immediately. These would include but are certainly not limited to the following:
Limewire, Frostwire, BitTorrent, iTorrent, morpheus, kazaa light, eMule, Shareaza, Ares and any others used for P2P. We cannot go forward unless or until any and all of the P2P programs are removed from the computer.
As long as those programs are on the computer and continued to be used the computer will continue to become more grossly infected and could eventually require a full reformat and reload of the computer. I also strongly recommend that ANY files obtained via P2P also be uninstalled from the computer. Not copied someplace else, but destroyed. If the P2P files are simply removed from the computer by copying them to something else, cd, flash drive, iPod, etc., then the infections will go with them onto whatever you happen to copy them to and therefore infect that item also.

0

I do appologise I didnt know it was on here. We got the computer of my partners little brother recently so this would be why it was on here I appologise again and i am in the process of removing this.

0

I Have re ran mba-m and here is the log nothing came up this time.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4889

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/10/2010 11:49:01
mbam-log-2010-10-20 (11-49-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 159280
Time elapsed: 39 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

I have also re ran Avira here's the log. Nothing came up on this either.

Avira AntiVir Personal
Report file date: 20 October 2010 12:12

Scanning for 2954042 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LANPRTY-LUKE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 09:24:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 09:24:50
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 09:24:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 09:25:04
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 09:25:04
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 09:25:04
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 09:25:04
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 09:25:04
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 09:25:05
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 09:25:05
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 09:25:06
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 09:25:06
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 09:25:06
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 09:25:07
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 09:25:07
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 09:25:08
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 09:25:08
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 18:01:32
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 18:01:33
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 18:01:33
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 08:55:33
VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 11:09:26
VBASE027.VDF : 7.10.12.255 2048 Bytes 10/20/2010 11:09:26
VBASE028.VDF : 7.10.13.0 2048 Bytes 10/20/2010 11:09:26
VBASE029.VDF : 7.10.13.1 2048 Bytes 10/20/2010 11:09:27
VBASE030.VDF : 7.10.13.2 2048 Bytes 10/20/2010 11:09:27
VBASE031.VDF : 7.10.13.4 11264 Bytes 10/20/2010 11:09:27
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/9/2010 09:25:16
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/9/2010 09:25:16
AESCN.DLL : 8.1.6.1 127347 Bytes 10/9/2010 09:25:15
AESBX.DLL : 8.1.3.1 254324 Bytes 10/9/2010 09:25:16
AERDL.DLL : 8.1.9.2 635252 Bytes 10/9/2010 09:25:15
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/15/2010 18:01:42
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/9/2010 09:25:14
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/20/2010 11:09:47
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/15/2010 18:01:36
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/9/2010 09:25:10
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/9/2010 09:25:10
AECORE.DLL : 8.1.17.0 196982 Bytes 10/9/2010 09:25:10
AEBB.DLL : 8.1.1.0 53618 Bytes 10/9/2010 09:25:10
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 20 October 2010 12:12

Starting search for hidden objects.
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\parseautoexec
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp\Parameters\{7351856c-14f3-4a9b-86e5-f82b9dbf2e84}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Epoch\epoch
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\leaseobtainedtime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\t1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\t2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\leaseterminatestime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\leaseobtainedtime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\t1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\t2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7351856C-14F3-4A9B-86E5-F82B9DBF2E84}\Parameters\Tcpip\leaseterminatestime
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '46' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'vssvc.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'plugin-container.exe' - '63' Module(s) have been scanned
Scan process 'firefox.exe' - '90' Module(s) have been scanned
Scan process 'alg.exe' - '39' Module(s) have been scanned
Scan process 'avshadow.exe' - '32' Module(s) have been scanned
Scan process 'SMAgent.exe' - '21' Module(s) have been scanned
Scan process 'RichVideo.exe' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '38' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'BelkinWCUI.exe' - '54' Module(s) have been scanned
Scan process 'ctfmon.exe' - '31' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'fwupdate.exe' - '30' Module(s) have been scanned
Scan process 'PDVD8Serv.exe' - '29' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '40' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'hkcmd.exe' - '33' Module(s) have been scanned
Scan process 'igfxtray.exe' - '33' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '26' Module(s) have been scanned
Scan process 'SMTray.exe' - '27' Module(s) have been scanned
Scan process 'Explorer.EXE' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '52' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '186' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1713' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: 20 October 2010 13:18
Used time: 1:05:50 Hour(s)

The scan has been done completely.

3569 Scanned directories
146599 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
146599 Files not concerned
750 Archives were scanned
0 Warnings
0 Notes
182059 Objects were scanned with rootkit scan
12 Hidden objects were found

0

Tell you what, I noticed something unusual about your first Full MBA-M scan and now with this second one and that is the fact that the scans only took 35 minutes. A full scan with MBA-M normally takes at least one hour. It is possible that these infections have corrupted MBA-M so I would like you to remove it and install a new copy.
Follow these instructions from the MBA-M website:
Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
Restart your computer (very important).
Download and run this utility.http://www.malwarebytes.org/mbam-clean.exe
It will ask to restart your computer (please allow it to).
After the computer restarts, Temporarily disable your Anti-Virus
To disable your Avira right click the little red umbrella in your system tray and remove the check mark from Enable Guard.
Next install the latest version of Malwarebytes' Anti-Malware from
http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1
Once it has installed, Update it and then run another Full Scan with it as you have previously. Have it remove everything found.
Reboot the computer, be certain your Avira has restarted and post back here with the log.

0

I have followed all of the above steps and mbam has still only taken 31mins to scan here is the log it hasn't picked anything up again.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/10/2010 21:58:43
mbam-log-2010-10-20 (21-58-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 159490
Time elapsed: 31 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:01:22, on 20/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\nbtstat.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5320 bytes


Once all this is sorted which anti virus software would you suggest i use, Avira seems pretty good and I know that AVG is good too but i have had problems installing it.

0

The log looks ok to me. Stick with the Avira. AVG Used to be good but consistently ranks now behind Avira and the other good free one Avast. I use Avira, have for several years and am very pleased with it.

I would also suggest adding SpywareBlaster. It provides excellent additional protection against ActiveX-based spyware, adware, dialers, browser hijackers,block spyware/tracking cookies in IE, Mozilla Firefox,and many other browsers, and restrict the actions of spyware/ad/tracking sites.
Just download, install, update, enable all and close the program. That's it. Check for new updates once a week, if there are any download and install, enable all close the program. I wouldn't run my computer without it. It IS FREE also.
http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

If all seems to be working well I would say this can be marked solved if you agree.
Judy

Edited by jholland1964: n/a

0

Thank you so so much for all your help!! I think i would have got that mad with this pc i would have ended up throwing it in the bin!!

I will stick with Avira seems to be doing its job.

Thankyou once again it is very much appreciated all the advice and walking me through each step!!

:D

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.