Hmm It seems Like I have a virus/trojan

A day ago I accidently screwed up something related to Windows OS booting up, I grabbed my XP disk and did a repair and presto all was good. But now I was back to SP2. So then I basically dedicated the next day to getting everything updated. All seemed about done, but after everything was said and restarted I noticed the windows notify icon in the taskbar and later that the control panel was messed up.Si thats why I have a virus/Trojan/etc. Problem is none of the software I have is picking anything up. I use Avast Home Ed. Spybot Search and Destroy from Safer-networking and Malwarebytes. None of these programs picked up anything but here’s why I’m getting paranoid.

-I cannot restore the active desktop, I have used desktop settings, gone directly to the pic and set it as desktop background but nothing changes.
-Pic
http://i296.photobucket.com/albums/mm185/kari10190/target-1.jpg

That’s about it so far

Based on what’s going on to the control panel something got to be going on, other than that so far my computer is still functioning but still Im concerned for all I know I have a key logger on my system

Post a HijackThis log.

Download it at

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html?tag=mncol

Try this link to HijackThis - it is a bit cleaner

http://www.filehippo.com/download_hijackthis/

Cleaner? What’s wrong with Cnet?

It has more ADs. :stuck_out_tongue:

CNET has improved lately. My browser wouldn’t go there before because the pages were not clean frames.

Ok so I’ve picked up SAS, based on recommendation and ran it through three times. It found a rootkit and 2 other trojans, fixed it but the rootkit stayed, ran it again, caught more of the rootkit but it was still around, ran last time and everything is in the green. Except my control panel and other stuff is still messed up. You guys say try out hijack this, I ran it. Everything but the 2 I highlighted are good as far as I know. The panda anti virus, I never ever tried to use that, the most I recall about that stuff is a pop up. But the thing that makes me suspicious is that its an active scan installer class. I dont want that stuff on my computer. And then I saw wnotify, the little crap thats in the corner of my screen and bugging me, but it has SAS tagged onto it. Something about that seems really fishy. So I’m thinking hmm delete it all? I dont really care about the SAS program.

One pic of the current situation & the other is what happens when I turn on my computer

http://i296.photobucket.com/albums/mm185/kari10190/hiahjackthis.jpg

http://i296.photobucket.com/albums/mm185/kari10190/untitled.jpg

Hi Lazi…er Guy

Could you copy that log into notepad or something? Or post original log. Otherwise no one will bother to read it. Also, I think you can reduce the size of your picture by using post reply text editor to change the properties in the hypertext line of the hyperlink to your image.


Besides what mkis posted above, the photo above does not show the beginning nor the end of the HJT log. This information is needed for a complete analysis. There is no way to copy the information from an image such as you posted, so, no analyzing will be done.

Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box.

When you post the log, be sure to include the complete log … header and ending.
Someone will review your log and then offer help.


Here’s the Highjack This log
P.s I suck with code.
PT1

What is this?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Internet is for P**n

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Is from a game but detected as malware. If you remove it, although, it will stop the game from working.

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Is from a game but detected as malware. If you remove it, although, it will stop the game from working.

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Kari\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
File Missing

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Kari\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
File Missing


Sorry, I’m not good at HijackThis Logs yet. Double file because it was doubled
in the hijackthis logfile.

A day ago I accidently screwed up something related to Windows OS booting up

Your words in your first post. Can you elaborate more?

You dont have any sign of a keylogger, not that I can tell anyway.
Did your operating system come out of repair a bit shaky or did it seem stable? DX9\SessionLauncher.exe may have been competing with Windows for resources - just a thought.
Someone should be along soon.


I think it tells you - Window Title

Also, HJT no longer rates PnkBstr as questionable nor bad. It rates it as a good entry.

Donovansrb10, please stop giving advice until you learn what is right and what is wrong.


An analysis of your HJT log :

We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.

[b]O4 - Startup: MagicDisc.lnk.disabled[/b]
If you are no longer using MagicDisc, this one can be fixed with HJT. 
http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm

[b]O24 - Desktop Component 0: (no name) - D:\Pictures\Desktop\Smalls\moon meets the water.jpg[/b]
BAD entry that should be fixed!



[b]Overview of running tasks : [/b]

smss.exe	
System task	
Session Manager Subsystem

winlogon.exe	
System task	
Microsoft Windows Logon Process

services.exe	
System task	
Windows Service Controller

lsass.exe	
System task	
Local Security Authority Service

svchost.exe	
System task	
Microsoft Service Host Process

svchost.exe	
System task	
Microsoft Service Host Process

svchost.exe	
System task	
Microsoft Service Host Process

spoolsv.exe	
System task	
Microsoft Printer Spooler Service

aswUpdSv.exe	
Virusscan	
Avast Anti-Virus Component

ashServ.exe	
Virusscan	
Avast

CTsvcCDA.exe	
Backgroundtask	
Creative CD-ROM Services

LSSrvc.exe	
Backgroundtask	
NERO Light Scribe Module

mdm.exe	
Application	
Machine Debug Manager

nvsvc32.exe	
Application	
NVIDIA Driver Helper Service

PnkBstrA.exe	
Suspicious task	(but we know why it is there)
pnkbstra.exe

tcpsvcs.exe	
System task	
TCP/IP Services

snmp.exe	
System task	
Microsoft SNMP Agent

svchost.exe	
System task	
Microsoft Service Host Process

ViewpointService.exe	
Backgroundtask	
View Manager Service

ashMaiSv.exe	
Virusscan	
Avast Anti-Virus Component

ashWebSv.exe	
Virusscan	
avast! Web Scanner

Explorer.EXE	
System task	
Microsoft Windows Explorer

ctfmon.exe	
System task	
Alternative User Input Services

ashDisp.exe	
Virusscan	
Avast AntiVirus

wscntfy.exe	
System task	
Microsoft Windows Security Center

TeaTimer.exe	
Application	
Spybot S&D Realtime Scanner

SUPERAntiSpyware.exe	
Anti Add/Spyware software	
SUPERAntiSpyware

Alarm.exe	
Unknown task	(alarm clock for Windows)
Unknown task    http://www.file.net/process/alarm.exe.html

HijackThis.exe	
Application	
Merijn Hijackthis

wuauclt.exe	
System task	
AutoUpdate Client

firefox.exe	
Application	
Mozilla Firefox

NOTEPAD.EXE	
Application	
Windows Notepad


***

The Pnkbster is from battlefield 2, I know thats good, magic disk i rarely use now, so i disabled the startup process using spybot S&D, the alarm program is a little something I found a while back, its an basic alarm clock software, its safe. My only thing is what about the SAS with windows notify on it.

Oko= this is a bit hard to explain. Lets see about a year ago I was trying to install Windows XP onto a HDD, also to add the CD was a non-bootable) copy of a XP cd. At the time I was thinking I would run XP off my computer and install it onto the said drive like you can do with most programs. No you can not do that I found out. So basically I had 2 OS on my computer, at the time I running a 80Gb and was already low on space and this extra addition of XP wasnt helping. I couldnt find an uninstall button so I deleted the folder. Not the smartest thing in retrospect, but what is done is done. But when my computer was starting up it would show the 2 OS to boot from. If I didnt select the 2nd one it would fail trying to boot off the 2nd XP OS that I accidentally installed. It was like that for a yr. Earlier this week my uncle asked me to fix his computer. I did that, I figured since I had a XP CD in hand (which was more legit and bootable) I’d run the repair function and fix that little error when the computer was starting up. I did repair and just let it go. But then I was back to SP2, I still had 2 options when windows startup but the 1st one is now the working OS. So no serious complaints. And then I noticed all the crap and was like panic.

Lastly say I did a shatty repair/install, would re-install do the job

PnkBstrA.exe is not a malware its for Punk Buster for when you go to PunkBuster Anti Cheat Server.

OK I got a question, say if whats going on with my computer is all from a crappy windows repair, would another repair job possible fix this. Also is there a way that I can keep the updated version of windows(saved to a disk if necessary [SP3])