feable

I also downloaded Avira, however it keeps telling me i have a TR/Patched.gen virus various system32 files, including scvhost.exe explore.exe lsass.exe winlogon.exe Could there still be viruses that MBAM didnt pickup, or are these mistakes on their guards part. Here is a hijack this log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:11 AM, on 2/23/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\ncsoft\launcher\NCLauncher.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe C:\Program Files\Malwarebytes' Anti-Malware\xhfkdfsk.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2823 bytes

Here are my Logs,(in order) to show what was removed Malwarebytes' Anti-Malware 1.44 Database version: 3769 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/21/2010 6:10:16 AM mbam-log-2010-02-21 (06-10-16).txt Scan type: Full Scan (C:\|) Objects scanned: 75150 Time elapsed: 26 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\admin\Desktop\Frozen Throne\1.21nocd\worldedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Desktop\Games\Frozen Throne\1.21nocd\worldedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temp\exawmsnroc.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temp\qkkixtrp.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\MRNXU70S\arzuoz[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\MRNXU70S\txfdyselte[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\R5GLBUKF\exe[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\S8Y1N1DW\hyxrmxs[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\S8Y1N1DW\dfghfghgfj[1].dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SWMNBPTG\vzgomuf[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SWMNBPTG\mqlselg[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully. 2nd log Malwarebytes' Anti-Malware 1.44 Database version: 3769 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 2/21/2010 3:40:35 PM mbam-log-2010-02-21 (15-40-35).txt Scan type: Full Scan (C:\|) Objects scanned: 188218 Time elapsed: 41 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Start Menu\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\admin\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 3rd Malwarebytes' Anti-Malware 1.44 Database version: 3769 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/21/2010 10:56:18 PM mbam-log-2010-02-21 (22-56-18).txt Scan type: Quick Scan Objects scanned: 125092 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\clbel.sys (Rootkit.Agent) -> Delete on reboot. 4th Malwarebytes' Anti-Malware 1.44 Database version: 3769 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/21/2010 11:07:35 PM mbam-log-2010-02-21 (23-07-35).txt Scan type: Quick Scan Objects scanned: 122215 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

i wanted to say that after some research i managed to get mbam installed and im well on my way to solving this. i managed to get alot of help from your self help guides, and wanted to let you know that _VOID is another rootkit. i plan to post some logs when i think im done. maybe you guys will find the info useful. ps; i know i already posted several times, and probably went againt 5 or 6 forum rules. if it wasnt for the fact that im using the onscreen keyboard to browse, i probably would have read not to do that before i posted. sorry

Can't*** open IE or FF

Update 2 After running AD-Aware, my problem remains the same, well actually worse. In addition to the previous problems i now can open IE or FF. The original shortcuts cant be found and when navigating to the orrignal to open either it auto closes and my virus tells me they are threats. I am still able to browse by opening other dirrectories (like my computer) and then comming here to post. I also managed to install the latest MBAM, but to no avail. Just like IE and FF it says that they are infected and auto closes. I plan to get a flash drive from a co-worker tomorrow, maybe i can run MBAM off the flash without running into problems, we will see. In the meantime, are there any other programs i can download or run that will provide simular results to hijackthis so that i can actually attatch a log? Just as an FYI the most apparent virus is the Security Essencials 2010.

UPDATE: i also found out that the "Manage" tab for my computer is gone, however i did find an old hard drive with at least ad aware installed, i managed to add the second hard drive, update ad aware and start a scan. awaiting results

I'm going to be perfectly upfront from the start. I would love to post the hijack this log, but i cant install the program. I recently found that my PC was a victim of a virus (probably many) causing too many problems to handle. Here is the problem At first i figured i would try and fight it, went to download hijack this and malwarebytes (this pc is relatively new so i didnt have them yet) and found out when i ran the exe files nothing happens. Attempted to remove the virus (without success) and found that my registry has been disabled (although i can enable it), but more importantly. That my system restore option is disabled by group policies. I know how to change such information in both the registry and using group policies, but when attempting to change in the registry i found that DisableConfig isnt there. At this point i decided to just reformat, too bad my disks are MIA. Suggestions?