Virus?

[jim70463]

Gateway MX6455 notebook w/Windows XP
Phoenix Bios Ver. 68.04
ATT Security Suite

I am hoping someone can please help me with this problem. I was downloading a uTorrent file and then a second party dvd burner app the other day when my security software came on to warn me of a virus. I immediatly stopped the application, but now my cd drive is not recognized at all. After twice trying to do a system restore from different restore points I did a full recovery also with no success.

I show no drive in My Computer, explore, or device manager. In my bios the only mention of a cd drive is in the boot sequence:
1) cd/dvd drive
2) removable device
3) main hard drive
4) boot to LAN
5) USB storage stick

However if you hit the F10 key upon startup that option is not there. The only options are:

3) main hard drive
4) boot to LAN

Not even mentioning options 1,2&5.

I was using the drive just before this happened. If I put a disc in the activity light flashes and the drive does spin up. It will also flash if I put the recovery disc in and reboot, but will go right past it.


Thank You in advance for any help.

DDS:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 17:49:50.34 on Thu 06/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1568 [GMT -5:00]

AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: AT&T Internet Security Suite AT&T Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\Documents and Settings\Owner.YOUR-0177D390DF\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6455
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6455
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6455
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\at&t\at&t internet security suite\pkR.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [AT&T Internet Security Suite] "c:\program files\at&t\at&t internet security suite\Rps.exe"
mRun: [-FreedomNeedsReboot] "c:\program files\at&t\at&t internet security suite\ZkRunOnceR.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [Power2GoExpress] NA
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243894823593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-6-1 200576]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2009-6-1 69692]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-2 33176]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\system32\dllhost.exe [2006-4-16 5120]

=============== Created Last 30 ================

2009-06-02 17:11 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-02 11:46 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-01 20:03 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-01 20:02 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-01 20:02 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-01 20:02 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-01 20:02 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-01 20:02 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-01 20:02 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-01 20:02 <DIR> --d----- C:\7bb5e4dbc19bd04b37c5cbd9
2009-06-01 20:02 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-01 19:56 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-01 18:24 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-01 18:23 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-01 18:23 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-01 18:23 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-01 18:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-01 18:22 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-01 18:22 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-01 18:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-01 18:21 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-01 18:21 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-01 18:09 <DIR> --d----- c:\windows\system32\scripting
2009-06-01 18:09 <DIR> --d----- c:\windows\l2schemas
2009-06-01 18:09 <DIR> --d----- c:\windows\system32\en
2009-06-01 18:09 <DIR> --d----- c:\windows\system32\bits
2009-06-01 18:05 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-01 18:01 <DIR> --d----- c:\windows\network diagnostic
2009-06-01 17:45 64,352 -------- c:\windows\system32\drivers\ativmc20.cod
2009-06-01 17:24 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-01 17:20 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-01 17:11 266,360 a------- c:\windows\system32\TweakUI.exe
2009-06-01 17:11 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-06-01 16:54 <DIR> --dsh--- c:\documents and settings\owner.your-0177d390df\UserData
2009-06-01 16:22 <DIR> --d----- c:\documents and settings\owner.your-0177d390df\WINDOWS
2009-06-01 16:22 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\You've Got Pictures Screensaver
2009-06-01 16:22 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\AOL
2009-06-01 16:22 <DIR> --d----- c:\documents and settings\Owner.YOUR-0177D390DF
2009-06-01 16:17 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-01 16:16 31,648 a------- c:\windows\system32\Status.MPF
2009-06-01 16:15 0 a------- c:\windows\system32\Gateway_MX6455_Rev.1_T3563L1008288.MRK
2009-06-01 16:15 333 a------- c:\windows\system32\$ncsp$.inf
2009-06-01 15:58 <DIR> --d----- c:\windows\tiinst
2009-06-01 15:58 67,072 a------- c:\windows\POWERCFG.EXE
2009-06-01 15:57 <DIR> --d----- c:\program files\ATI Technologies
2009-06-01 15:57 <DIR> --d----- c:\program files\Microsoft Money 2006
2009-06-01 15:57 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-01 15:57 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-06-01 15:57 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-01 15:56 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-06-01 15:56 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-06-01 15:56 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-06-01 15:56 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-06-01 15:56 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-06-01 15:56 7,552 a------- c:\windows\system32\drivers\mskssrv.sys
2009-06-01 15:56 4,992 a------- c:\windows\system32\drivers\mspqm.sys
2009-06-01 15:56 5,376 a------- c:\windows\system32\drivers\mspclock.sys
2009-06-01 15:56 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-06-01 15:56 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-06-01 15:56 129,536 a------- c:\windows\system32\ksproxy.ax
2009-06-01 15:56 4,096 a------- c:\windows\system32\ksuser.dll
2009-06-01 15:54 <DIR> --d----- c:\program files\MSN Encarta Plus
2009-06-01 15:54 <DIR> --d----- c:\program files\common files\Nullsoft
2009-06-01 15:54 <DIR> --d----- c:\program files\common files\Real
2009-06-01 15:54 <DIR> --d----- c:\program files\Viewpoint
2009-06-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-06-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-06-01 15:53 <DIR> --d----- c:\program files\Pure Networks
2009-06-01 15:53 1,182 a---h--- C:\IPH.PH
2009-06-01 15:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2009-06-01 15:52 <DIR> --d----- c:\program files\Napster
2009-06-01 15:52 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
2009-06-01 15:52 <DIR> --d----- C:\ses2_client_bin_2_8_13g
2009-06-01 15:52 4 a------- c:\windows\Pix11.dat
2009-06-01 15:51 <DIR> --d----- c:\program files\Microsoft Digital Image 2006
2009-06-01 15:51 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-06-01 15:50 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-01 15:50 185,824 a------- c:\windows\system32\drivers\SynTP.sys
2009-06-01 15:50 114,688 a------- c:\windows\system32\SynCtrl.dll
2009-06-01 15:50 90,202 a------- c:\windows\system32\SynTPAPI.dll
2009-06-01 15:50 81,920 a------- c:\windows\system32\SynTPCo2.dll
2009-06-01 15:50 77,917 a------- c:\windows\system32\SynCOM.dll
2009-06-01 15:50 69,722 a------- c:\windows\system32\SynTPFcs.dll
2009-06-01 15:50 <DIR> --d----- c:\program files\Synaptics
2009-06-01 15:47 94,208 a------- c:\windows\system32\bae.dll
2009-06-01 15:45 51,656 a------- c:\windows\system32\OEMLOGO.bmp
2009-06-01 15:41 376 a------- c:\windows\ODBC.INI
2009-06-01 15:41 24,816 a------- c:\windows\system32\mdimon.dll
2009-06-01 15:41 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-01 15:41 <DIR> --d----- c:\windows\SHELLNEW
2009-06-01 15:35 20,480 a------- c:\windows\system32\Marker32.exe
2009-06-01 15:35 <DIR> --d----- c:\program files\common files\New Boundary
2009-06-01 15:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-06-01 15:33 2 ---shr-- C:\USER
2009-06-01 15:33 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-01 15:33 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-01 15:33 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-01 15:32 <DIR> --d----- c:\program files\CONEXANT
2009-06-01 15:30 2 a------- c:\windows\msoffice.ini
2009-06-01 14:41 <DIR> --d----- c:\program files\Raxco
2009-06-01 14:39 <DIR> --d-h--- c:\windows\PIF
2009-06-01 14:33 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-06-01 14:33 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-06-01 14:32 <DIR> --d----- c:\program files\common files\Authentium
2009-06-01 14:32 <DIR> --d----- c:\program files\CA
2009-06-01 14:32 <DIR> --d----- c:\program files\common files\Scanner
2009-06-01 14:31 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\AT&T
2009-06-01 14:31 <DIR> --d----- c:\program files\AT&T
2009-06-01 14:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AT&T
2009-06-01 14:29 60 a------- c:\windows\system32\SYSDRV.DAT
2009-06-01 14:29 <DIR> --d----- c:\windows\creator
2009-06-01 14:28 1,038,208 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-01 14:28 703,616 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-01 14:28 230,912 a------- c:\windows\system32\drivers\yk51x86.sys
2009-06-01 14:28 200,576 a------- c:\windows\system32\drivers\HSFHWATI.sys
2009-06-01 14:28 129,045 a------- c:\windows\system32\drivers\HSFProf.cty
2009-06-01 14:28 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-01 14:28 42,858 a------- c:\windows\system32\hsfci014.dll
2009-06-01 14:28 35,840 a------- c:\windows\system32\drivers\AmdK8.sys
2009-06-01 14:28 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-01 14:28 <DIR> --d----- c:\windows\SMINST
2009-06-01 14:27 <DIR> --d----- c:\windows\I386
2009-06-01 14:27 13,824 a------- c:\windows\system32\wowfaxui.dll
2009-06-01 14:27 3,200 a------- c:\windows\system32\wowfax.dll
2009-06-01 14:27 23,552 a------- c:\windows\system32\wdmaud.drv
2009-06-01 14:27 49,211 a------- c:\windows\system32\usrvpa.dll
2009-06-01 14:27 45,116 a------- c:\windows\system32\usrvoica.dll
2009-06-01 14:27 49,209 a------- c:\windows\system32\usrv80a.dll
2009-06-01 14:27 102,457 a------- c:\windows\system32\usrv42a.dll
2009-06-01 14:27 41,019 a------- c:\windows\system32\usrsvpia.dll
2009-06-01 14:27 69,700 a------- c:\windows\system32\usrshuta.exe
2009-06-01 14:27 49,211 a------- c:\windows\system32\usrsdpia.dll
2009-06-01 14:27 77,883 a------- c:\windows\system32\usrrtosa.dll
2009-06-01 14:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-06-01 14:25 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-06-01 14:24 36,736 a------- c:\windows\system32\drivers\crusoe.sys
2009-06-01 14:23 47,104 a------- c:\windows\system32\cnbjmon.dll

==================== Find3M ====================

2009-06-01 18:14 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-01 15:59 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-01 15:54 8,552 a------- c:\windows\system32\drivers\asctrm.sys

============= FINISH: 17:50:39.62 ===============

[Ried]

Hello jim70463,

You've done a full recovery - if that is so, your system has been formatted and the OS reinstalled, which would have cleared any malware.

You'd be better served discussing this issue with the folks in the Windows XP Support section of this forum.

[jim70463]

Thank you but I have resolved the problem.

[Ried]

Thanks for letting me know. Take care.