Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Generic Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 drenelt

drenelt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 08 July 2008 - 07:36 AM

Tried deleting files but said object could not be found. Getting frustrated. Attaching log file. Ad Aware picked Malware in X of spy Quarantine and I can find the file. Thanks for the help. Drenelt
Bitdefender keeps blocking-Generic Malware Ddld!! 73D0722c
-C:\windows\resources\Avpdrv.dll


Deckard's System Scanner v20071014.68
Run by Laura Marshall on 2008-07-07 11:42:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
124: 2008-07-07 15:43:08 UTC - RP734 - Deckard's System Scanner Restore Point
123: 2008-07-07 04:16:27 UTC - RP733 - Installed Ad-Aware
122: 2008-07-07 04:09:13 UTC - RP732 - Removed Ad-Aware
121: 2008-07-07 03:45:12 UTC - RP731 - PC Registry Cleaner Sun, Jul 06, 08 23:44
120: 2008-07-06 21:35:18 UTC - RP730 - Installed Ad-Aware


-- First Restore Point --
1: 2008-07-04 02:13:57 UTC - RP611 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Laura Marshall.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53: VIRUS ALERT!, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Laura Marshall\My Documents\Drew\Data\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Laura Marshall.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 778670 helper - {1B12F639-CBA9-45DD-89FE-9FA7D4340716} - (no file)
O2 - BHO: (no name) - {28D62235-A939-46B6-8DB4-8C4B7F4EE2F3} - C:\WINDOWS\system32\tuvvWpnM.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\pmnmjHaa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [fcbdfa85] rundll32.exe "C:\WINDOWS\system32\vllpatmp.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Registry Cleaner] C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: pmnmjHaa - C:\WINDOWS\SYSTEM32\pmnmjHaa.dll
O21 - SSODL: axrfgvek - {AEA8FA6D-2B97-4120-807B-20EFCFE53DF9} - C:\WINDOWS\axrfgvek.dll (file missing)
O21 - SSODL: AvpDrv - {454e1e9e-b087-4dd9-b3c6-2ef09b552b94} - C:\WINDOWS\Resources\AvpDrv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7774 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080706-162521-136 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
backup-20080706-162521-249 O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
backup-20080706-162521-375 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080706-162521-854 O3 - Toolbar: nqgpedlr - {B0DBF6AE-D8A1-47E3-9E8A-EE9D41D9BE1C} - C:\WINDOWS\nqgpedlr.dll (file missing)
backup-20080706-162521-904 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
backup-20080706-162523-663 O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
backup-20080706-162524-437 O21 - SSODL: AvpDrv - {454e1e9e-b087-4dd9-b3c6-2ef09b552b94} - C:\WINDOWS\Resources\AvpDrv.dll
backup-20080706-162525-526 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080706-162623-767 O21 - SSODL: AvpDrv - {454e1e9e-b087-4dd9-b3c6-2ef09b552b94} - C:\WINDOWS\Resources\AvpDrv.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 bdftdif (BitDefender Firewall TDI Filter) - c:\program files\common files\softwin\bitdefender firewall\bdftdif.sys <Not Verified; Softwin SRL; BitDefender 10>
R1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>
R3 Bdfndisf (BitDefender Firewall NDIS Filter Service) - c:\windows\system32\drivers\bdfndisf.sys <Not Verified; Softwin SRL; BitDefender 10>
R3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - c:\windows\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 bdfdll - c:\program files\softwin\bitdefender9\bdfdll.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 04:51:58 88576 --a------ C:\WINDOWS\system32\vllpatmp.dll
2008-07-07 00:16:42 0 d-------- C:\Program Files\Lavasoft
2008-07-07 00:15:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 17:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-06 16:12:30 0 d-------- C:\Program Files\Trend Micro
2008-07-06 04:55:32 89088 --a------ C:\WINDOWS\system32\ggnrkdjf.dll
2008-07-06 00:24:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Bitdefender
2008-07-05 23:08:06 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-05 23:08:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-05 23:08:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-05 23:08:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-05 23:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-07-05 23:08:05 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-05 23:08:05 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-05 23:08:05 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-05 23:08:05 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-05 23:08:05 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-05 23:08:05 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-05 23:08:05 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-05 23:08:05 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-05 23:08:04 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-05 02:40:00 0 d-------- C:\Documents and Settings\Laura Marshall\Application Data\TmpRecentIcons
2008-07-04 04:09:05 0 d-------- C:\WINDOWS\system32\778670
2008-07-03 23:00:48 0 d-------- C:\Documents and Settings\Laura Marshall\Application Data\Micrografx
2008-07-03 22:56:41 0 d-------- C:\Documents and Settings\Laura Marshall\Application Data\Corel
2008-07-03 22:38:01 0 d-------- C:\Program Files\Common Files\Corel
2008-07-03 22:37:06 0 d-------- C:\Program Files\Corel
2008-07-03 22:13:46 143027 --ahs---- C:\WINDOWS\system32\MnpWvvut.ini2
2008-07-03 22:13:44 318720 --a------ C:\WINDOWS\system32\tuvvWpnM.dll
2008-07-03 22:08:30 28800 --a------ C:\WINDOWS\system32\pmnmjHaa.dll
2008-07-03 22:07:51 94208 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-02 21:19:25 0 d-------- C:\Program Files\Serif
2008-06-30 23:01:10 0 d-------- C:\Program Files\gs
2008-06-30 22:59:24 12972544 --a------ C:\Program Files\gs854w32.exe
2008-06-30 22:50:59 0 d-------- C:\Program Files\IrfanView
2008-06-30 22:49:31 1156096 --a------ C:\Program Files\iview410_setup.exe <Not Verified; Irfan Skiljan; IrfanView Installer>


-- Find3M Report ---------------------------------------------------------------

2008-07-07 11:50:20 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-07 11:24:42 0 d-------- C:\Program Files\XoftSpySE
2008-07-07 10:21:36 0 d-------- C:\Documents and Settings\Laura Marshall\Application Data\uTorrent
2008-07-07 00:15:06 0 d-------- C:\Program Files\Common Files
2008-07-06 23:44:04 0 d-------- C:\Documents and Settings\Laura Marshall\Application Data\PC Registry Cleaner
2008-07-05 15:21:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 09:56:14 0 d-------- C:\Program Files\uTorrent
2008-06-03 11:16:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-03 06:52:54 420974 --a------ C:\Program Files\XviD-04102002-1.exe
2008-06-02 12:27:53 121334 --a------ C:\WINDOWS\HPHins15.dat
2008-06-02 12:07:28 0 d-------- C:\Program Files\Intel
2008-06-02 11:14:28 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 21:57:19 130505 --a------ C:\WINDOWS\HPHins13.dat
2008-05-13 19:00:50 0 d-------- C:\Program Files\HP


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B12F639-CBA9-45DD-89FE-9FA7D4340716}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28D62235-A939-46B6-8DB4-8C4B7F4EE2F3}]
03/07/2008 22:13: VIRUS ALERT! 318720 --a------ C:\WINDOWS\system32\tuvvWpnM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
03/07/2008 22:08: VIRUS ALERT! 28800 --a------ C:\WINDOWS\system32\pmnmjHaa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11/05/2000 03:00: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/02/2005 08:49: VIRUS ALERT!]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 06:50: VIRUS ALERT!]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [09/07/2001 06:50: VIRUS ALERT!]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10:35: VIRUS ALERT!]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10:36: VIRUS ALERT!]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10:32: VIRUS ALERT!]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [17/09/2003 12:43: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00: VIRUS ALERT!]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 15:30: VIRUS ALERT!]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [02/04/2007 16:48: VIRUS ALERT!]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51: VIRUS ALERT!]
"NWEReboot"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 16:24: VIRUS ALERT!]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe" [07/07/2008 00:42: VIRUS ALERT!]
"fcbdfa85"="C:\WINDOWS\system32\vllpatmp.dll" [07/07/2008 04:51: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24: VIRUS ALERT!]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [07/09/2007 19:01: VIRUS ALERT!]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03: VIRUS ALERT!]
"PC Registry Cleaner"="C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe" [23/11/2005 23:35: VIRUS ALERT!]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [31/01/2008 15:11: VIRUS ALERT!]

C:\Documents and Settings\Laura Marshall\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 3:04:12 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 10:40:10 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 3:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= C:\WINDOWS\system32\pmnmjHaa.dll [03/07/2008 22:08: VIRUS ALERT! 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {AEA8FA6D-2B97-4120-807B-20EFCFE53DF9} - C:\WINDOWS\axrfgvek.dll [ ]
"AvpDrv"= {454e1e9e-b087-4dd9-b3c6-2ef09b552b94} - C:\WINDOWS\Resources\AvpDrv.dll [04/07/2008 04:08: VIRUS ALERT! 14886]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjHaa]
pmnmjHaa.dll 03/07/2008 22:08: VIRUS ALERT! 28800 C:\WINDOWS\SYSTEM32\pmnmjHaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvvWpnM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER



-- End of Deckard's System Scanner: finished at 2008-07-07 11:56:59 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:14 AM

Posted 31 July 2008 - 04:11 PM

Hello drenelt,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:14 AM

Posted 12 August 2008 - 04:46 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users