Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.packed.9 Virus Help Please


  • Please log in to reply
16 replies to this topic

#1 Joanna106

Joanna106

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 19 September 2007 - 02:21 PM

Hi,
I am hoping to get some help as I have been working on trying to rid my computer of this awful virus! I have done many of the steps in hopes of getting rid of it but have had no luck. I just finshed following the steps on how to remove Spysheriff but the computer is still running very slow and I am still getting a pop-up that says windows has dectceted a spyware infection.
My log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:39 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [runner1] "C:\WINDOWS\retadpu.exe"
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKLM\..\Run: [E-Gold] C:\DOCUME~1\JOANNA~1\LOCALS~1\Temp\VRR1AD.tmp
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ytyckisn.dll",forkonce
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://mail.bradpharm.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/55/i...hp.cab?1,0,0,94
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11000 bytes

Thanks so much for any help!
Joanna

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 02:22 PM

Hi Joanna and Welcome to the Bleeping Computer Forums! :thumbsup:

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 20 September 2007 - 03:45 PM

Hi,
Thanks for your help but there is a new problem!! ComboFix was running and then the computer started to reboot and now after it goes the the windows uploading page I get the following message box:
Isass.exe-Operation Failed
The requested operation was unsuccessful. It will not let me do anythig it keeps rebooting and this message keeps coming up. I even tried going into safe mode but no luck!
HELP

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 03:50 PM

Errrrrrrrr!

If the selection screen appears when trying to go to safe mode,select Last Known Good Configuration and see wont it boot up normal.

#5 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 20 September 2007 - 04:04 PM

That worked! Here are the logs:
ComboFix 07-09-20.1 - "CARLOS VELEZ-DIAZ" 2007-09-20 16:09:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.902 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\d.exe
C:\DOCUME~1\JOANNA~1\Desktop\System Live Protect.lnk
C:\DOCUME~1\JOANNA~1\STARTM~1\Programs\System Live Protect
C:\DOCUME~1\JOANNA~1\STARTM~1\Programs\System Live Protect\System Live Protect Web site.url
C:\DOCUME~1\JOANNA~1\STARTM~1\Programs\System Live Protect\System Live Protect.lnk
C:\DOCUME~1\JOANNA~1\STARTM~1\Programs\System Live Protect\Uninstall.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\retadpu.exe
C:\WINDOWS\retadpu1000520.exe
C:\WINDOWS\retadpu21.exe
C:\WINDOWS\system32\awqvrfwq.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\SYSTEM32\gjllm.bak1
C:\WINDOWS\SYSTEM32\gjllm.ini
C:\WINDOWS\SYSTEM32\gjllm.ini2
C:\WINDOWS\SYSTEM32\gjllm.tmp
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\hggddab.dll
C:\WINDOWS\system32\kjmgijup.dll
C:\WINDOWS\system32\lut.dat
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\SYSTEM32\mlnmp.bak1
C:\WINDOWS\SYSTEM32\mlnmp.ini
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pnkrvhuw.dll
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\SYSTEM32\prqss.ini2
C:\WINDOWS\SYSTEM32\prqss.tmp
C:\WINDOWS\SYSTEM32\pujigmjk.ini
C:\WINDOWS\SYSTEM32\qncbxmhr.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.ini
C:\WINDOWS\SYSTEM32\qwfrvqwa.ini
C:\WINDOWS\system32\rhmxbcnq.dll
C:\WINDOWS\SYSTEM32\rqtwa.bak1
C:\WINDOWS\SYSTEM32\rqtwa.bak2
C:\WINDOWS\SYSTEM32\rqtwa.ini
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\SYSTEM32\stutv.bak1
C:\WINDOWS\SYSTEM32\stutv.bak2
C:\WINDOWS\SYSTEM32\stutv.ini
C:\WINDOWS\system32\tisa.cnf
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\SYSTEM32\wuhvrknp.ini
C:\WINDOWS\SYSTEM32\wvvwa.ini
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.

2007-09-20 16:16 83,008 --a------ C:\WINDOWS\SYSTEM32\hhahmlic.dll
2007-09-20 16:08 1,977,596 --ahs---- C:\WINDOWS\SYSTEM32\vyadd.bak1
2007-09-20 16:07 306,784 --a------ C:\WINDOWS\SYSTEM32\ddayv.dll
2007-09-20 16:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-19 15:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 10:52 4,526 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-09-17 11:12 <DIR> d-------- C:\DOCUME~1\CARLOS~1\APPLIC~1\Bitdefender
2007-09-17 10:30 81,984 --a------ C:\WINDOWS\SYSTEM32\bdod.bin
2007-09-17 10:25 <DIR> d-------- C:\DOCUME~1\JOANNA~1\APPLIC~1\Bitdefender
2007-09-17 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-09-16 20:32 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-09-16 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-16 19:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-16 10:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-09-16 10:36 <DIR> d-------- C:\DOCUME~1\JOANNA~1\.housecall6.6
2007-09-15 22:12 71,168 --a------ C:\hxvaqsbo.exe
2007-09-15 22:12 66,048 --a------ C:\hbwpb.exe
2007-09-13 20:43 66,048 --a------ C:\mcdumrks.exe
2007-09-13 20:43 103,936 --a------ C:\voqw.exe
2007-08-26 20:13 <DIR> d-------- C:\Program Files\Avery Dennison
2007-08-26 20:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avery
2007-08-24 02:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-24 02:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 17:09 --------- d-------- C:\Program Files\NavNT
2007-09-17 16:58 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 13:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-13 13:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-26 20:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 03:08 --------- d-------- C:\DOCUME~1\CARLOS~1\APPLIC~1\CyberLink
2007-08-12 03:07 --------- d-------- C:\Program Files\CyberLink
2007-08-12 03:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-12 03:03 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-12 02:37 --------- d-------- C:\Program Files\Microsoft Money
2007-08-10 18:37 --------- d-------- C:\Program Files\Common Files\Intuit
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 10:10 --------- d-------- C:\Program Files\Microsoft WSE
2005-07-01 00:24:09 104 --sh--r C:\WINDOWS\SYSTEM32\05CD97AFDE.sys
2004-06-24 13:18:36 8 -csh--r C:\WINDOWS\SYSTEM32\C37DABB841.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C8DE14D-EF92-492f-BBF7-B61F1405F328}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7BB0F44-6F25-4247-BF94-5D2DD686D5D9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5DD7311-9BE9-4D3D-BE64-0071E8BB78DD}]
2007-09-20 16:07 306784 --a------ C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 03:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-10-31 11:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 03:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 04:00]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-11 17:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-24 15:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"E-Gold"="C:\WINDOWS\TEMP\VRR11.tmp" []
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SearchIndexer"="C:\WINDOWS\system32\hhahmlic.dll" [2007-09-20 16:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-09 23:50:53]
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\CARLOS~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-09 23:50:53]
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\JOANNA~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\LIVES\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\QBDATA~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggddab]
hggddab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkhhh

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R2 Packet;Auto Internet Protocol;C:\WINDOWS\system32\DRIVERS\packet.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
S3 CW50;CW50 Device;C:\WINDOWS\system32\DRIVERS\CW50.sys
S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 19:46:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-01-09 04:45:00 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-09-15 00:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OFFICE-JOANNA VELEZ-DIAZ).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 16:51:34
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?@?????B???@?????P?????@?? ????????A~??????????@???????????????????B?????L??????????????????????|????r?B

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-20 16:58:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 16:57
.
--- E O F ---

Here is HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:54 PM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - windsw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B7BB0F44-6F25-4247-BF94-5D2DD686D5D9} - (no file)
O2 - BHO: (no name) - {E5DD7311-9BE9-4D3D-BE64-0071E8BB78DD} - C:\WINDOWS\system32\ddayv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [E-Gold] C:\WINDOWS\TEMP\VRR11.tmp
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hhahmlic.dll",sitypnow
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://mail.bradpharm.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/55/i...hp.cab?1,0,0,94
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: hggddab - hggddab.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11304 bytes

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 04:21 PM

Small issue...bear with me while i talk to someone about this,if we fix all vundos infections like before,you will crash again.

BRB!

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 04:40 PM

Click Start--> Click Run--> Copy&Paste all the test below into the open Run box and click OK.

regedit /e c:\results.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa"

Now,click start--> MyComputer--> Local Disk C:\

There you should find results.txt,please copy&paste that into the next reply.

#8 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 20 September 2007 - 07:17 PM

HI,
Here is the log

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,43,\
00,3a,00,5c,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,5c,00,\
73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,5c,00,6a,00,6b,00,68,\
00,68,00,68,00,00,00,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
00
"LsaPid"=dword:0000032c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=hex:ed,d5,32,76,e5,ee,90,48,37,d6,eb,56,bb,46,e7,84,61,36,35,34,66,\
64,36,64,00,00,00,00,01,00,00,00,b4,01,00,00,b8,01,00,00,34,ca,06,00,45,9d,\
bf,71,04,00,00,00,10,00,00,00,00,00,00,00,c5,5d,93,f3

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=hex:59,28,ba,69,1b,0c,93,ac,f7

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=hex:3c,4b,11,f4,c5,1d

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=hex:72,f3,ff,0d,17,07,d6,38,02,55,d4,00,7c,18,29,81

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=hex:8e,d3,d2,9f,be,a1,c4,01

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 September 2007 - 03:23 AM

Copy all the text below into a blank notepad page and save it to the desktop with the name CFScript.txt

File::
C:\WINDOWS\SYSTEM32\hhahmlic.dll
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\ddayv.dll
C:\WINDOWS\SYSTEM32\bdod.bin
C:\WINDOWS\TEMP\VRR11.tmp
C:\hxvaqsbo.exe
C:\hbwpb.exe
C:\mcdumrks.exe
C:\voqw.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C8DE14D-EF92-492f-BBF7-B61F1405F328}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7BB0F44-6F25-4247-BF94-5D2DD686D5D9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5DD7311-9BE9-4D3D-BE64-0071E8BB78DD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E-Gold"=-
"SearchIndexer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggddab]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Once saved,drag CFScript.txt on top of ComboFix.exe

This will launch the program automatically and start the script.

Let ComboFix do its thing and wait for it to produce a log.

Post that log in the next reply please.

#10 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 21 September 2007 - 08:23 AM

ComboFix 07-09-20.1 - "CARLOS VELEZ-DIAZ" 2007-09-21 8:58:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.976 [GMT -4:00]
Command switches used :: C:\Documents and Settings\CARLOS VELEZ-DIAZ\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\hhahmlic.dll
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\ddayv.dll
C:\WINDOWS\SYSTEM32\bdod.bin
C:\WINDOWS\TEMP\VRR11.tmp
C:\hxvaqsbo.exe
C:\hbwpb.exe
C:\mcdumrks.exe
C:\voqw.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hbwpb.exe
C:\hxvaqsbo.exe
C:\mcdumrks.exe
C:\voqw.exe
C:\WINDOWS\SYSTEM32\bdod.bin
C:\WINDOWS\SYSTEM32\ddayv.dll
C:\WINDOWS\SYSTEM32\hhahmlic.dll
C:\WINDOWS\SYSTEM32\vyadd.bak1

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-20 16:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-19 15:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 10:52 4,526 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-09-17 11:12 <DIR> d-------- C:\DOCUME~1\CARLOS~1\APPLIC~1\Bitdefender
2007-09-17 10:25 <DIR> d-------- C:\DOCUME~1\JOANNA~1\APPLIC~1\Bitdefender
2007-09-17 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-09-16 20:32 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-09-16 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-16 19:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-16 10:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-09-16 10:36 <DIR> d-------- C:\DOCUME~1\JOANNA~1\.housecall6.6
2007-08-26 20:13 <DIR> d-------- C:\Program Files\Avery Dennison
2007-08-26 20:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avery
2007-08-24 02:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-24 02:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 17:09 --------- d-------- C:\Program Files\NavNT
2007-09-17 16:58 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 13:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-13 13:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-26 20:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 03:08 --------- d-------- C:\DOCUME~1\CARLOS~1\APPLIC~1\CyberLink
2007-08-12 03:07 --------- d-------- C:\Program Files\CyberLink
2007-08-12 03:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-12 03:03 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-12 02:37 --------- d-------- C:\Program Files\Microsoft Money
2007-08-10 18:37 --------- d-------- C:\Program Files\Common Files\Intuit
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 10:10 --------- d-------- C:\Program Files\Microsoft WSE
2005-07-01 00:24:09 104 --sh--r C:\WINDOWS\SYSTEM32\05CD97AFDE.sys
2004-06-24 13:18:36 8 -csh--r C:\WINDOWS\SYSTEM32\C37DABB841.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-20_165543.54 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 16,384 2007-09-21 13:11:05 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
-c--a-w 32,768 2007-09-21 13:11:05 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
-c--a-w 32,768 2007-09-21 13:11:05 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
----a-w 26,624 2007-09-20 20:50:41 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\adv735[1].exe
.
-c--a-w 16,384 2007-09-20 20:49:48 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
-c--a-w 32,768 2007-09-20 20:49:48 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
-c--a-w 32,768 2007-09-20 20:49:48 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
----a-w 12,288 2007-09-20 20:50:41 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\adv735[1].exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 03:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-10-31 11:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 03:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 04:00]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-11 17:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-24 15:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-09 23:50:53]
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\CARLOS~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-09 23:50:53]
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\JOANNA~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\LIVES\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\DOCUME~1\QBDATA~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R2 Packet;Auto Internet Protocol;C:\WINDOWS\system32\DRIVERS\packet.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
S3 CW50;CW50 Device;C:\WINDOWS\system32\DRIVERS\CW50.sys
S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 19:46:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-01-09 04:45:00 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-09-15 00:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OFFICE-JOANNA VELEZ-DIAZ).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 09:12:58
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?@?????B???@?????P?????@?? ????????A~??????????@???????????????????B?????L??????????????????????|????r?B

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-21 9:19:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 09:18
C:\ComboFix2.txt ... 2007-09-20 16:58
.
--- E O F ---

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 September 2007 - 02:55 PM

Look much better now,Please run the Bit Defender Online Scan
http://www.bitdefender.com/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here along with a fresh HijackThis log.

#12 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 21 September 2007 - 07:53 PM

Hi,
Quick question. I have been running the bitdefender scan for over 3 hours and it says it still has over 8 hours to go, is this normal?? Should I just let it keep going until it is done?
Also I had not been getting any more virus messages from norton but since the scanning start i keep getting a pop-up telling me that the w32.virut.u virus has been found, clean failed:quartine succeeded access denied.

FYI..typing this from another computer as I do not want to mess with the one that is scanning with bitdefender.

Thanks!!

#13 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 22 September 2007 - 02:19 AM

Ok things are bad!! The scan finally finshed but now I cannot do anything. The hjt program will not load it says missing shotcut so I went to reinstall but won't let me so then I went to the control panel to uninstall thinking then maybe I could reinstall then but everytime I go to click on add or remove programs i get a message saying: windows cannot find c:\windows\systems32\rundill32.exe so then I try to go to the internet and it says the item selected is unavailable. I also keep getting norton warings for everything I click saying virus found virus name w32.virut.u

I was having none of these issues before doing the ditdefender scan so I am not sure if that had anything to do with it.

Thanks

#14 Joanna106

Joanna106
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 22 September 2007 - 07:46 PM

I think the computer is beyond repair (I hope not) but now when i rebooted it I get a log into windows screen asking me for a password which i dont have. I can't get beyond this screen I even tried to load in safe mode and do last known good configuration and the windows xp screen is still popping up?
Any ideas????

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 September 2007 - 10:35 PM

w32.virut.u

This is very bad indeed,this infection has been running rampid for a few weeks.

This is like the terminal cancer of computer viruses.

There is no recovery from this,only reformatting the entire computer.

At this point,the only thing we can possibly try is to salvage whatever documents are of value to you before the machine is wiped.

So now,I need to know the following:

Do you have a Windows CD for this machine?

If this is an HP computer,the option for a destructive recovery is a possibility.

Is there a floopy drive we can use?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users