Solved: I have a Vundo problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

justonegoal

Thread Starter
Joined
May 25, 2007
Messages
118
Hi all:D

I am getting a high alert pop up from my Norton’s Antivirus about a Vundo problem

File or path name C:\WINDOWS\systems\nnnnonks.dll

Anyway it can’t access the file to delete it

Also I had a version of Lime wire and during this process it kept on starting automatically so I deleted the program but is still is trying to open and i get a Java script pop up. Don’t know if it is related to my current problems but i thought i would mention it. The more information you know about what i am experiencing the better i think.
I then downloaded Vundo fix Version 6.5.0.11 and this found nothing

I have downloaded hijackthis Version 1.99.1

This is the log file:

1.99.1Logfile of HijackThis v1.99.1
Scan saved at 7:49:23 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: {47bb4346-1936-119b-0434-3c66d8243711} - {1173428d-66c3-4340-b911-63916434bb74} - C:\WINDOWS\system32\krqwfrfc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://remote.adbri.com.au/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://video.vividas.com/media/4516_Nike/web/player/vivid_ocx.jpeg
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140322883578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181112589328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001B1FE.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

I had a version of Combo fix so I ran that and this is the log file:

Owner" - 2007-11-05 19:28:42 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Owner\My Documents\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\z.exe"
"C:\svchost.exe"
"C:\WINDOWS\system32\drivers\sfsync02.sys"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))))))


2007-11-05 19:35 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-11-05 19:25 10,816 --a------ C:\WINDOWS\system32\eksbdbep.dll
2007-11-05 19:25 10,816 --a------ C:\WINDOWS\system32\__c001B1FE.dat
2007-11-05 19:03 10,816 --a------ C:\WINDOWS\system32\rruylqvj.dll
2007-11-05 19:03 10,816 --a------ C:\WINDOWS\system32\gcfweyur.dll
2007-11-05 19:03 10,816 --a------ C:\WINDOWS\system32\difbbexn.dll
2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\ttborvca.dll
2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\ldjkfhxi.dll
2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\deroxvpc.dll
2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\cxksxhew.dll
2007-11-05 18:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-05 18:56 10,816 --a------ C:\WINDOWS\system32\sgflnqjv.dll
2007-11-05 18:56 10,816 --a------ C:\WINDOWS\system32\gjymlyqf.dll
2007-11-05 18:56 10,816 --a------ C:\WINDOWS\system32\aodclbkg.dll
2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\opxnfxcu.dll
2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\mhkemliv.dll
2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\lbxyivbv.dll
2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\jxskqlup.dll
2007-11-05 18:50 10,816 --a------ C:\WINDOWS\system32\txsleftq.dll
2007-11-05 18:50 10,816 --a------ C:\WINDOWS\system32\tbovkhah.dll
2007-11-05 18:50 10,816 --a------ C:\WINDOWS\system32\jjfavscw.dll
2007-11-05 18:49 10,816 --a------ C:\WINDOWS\system32\gndtxfyl.dll
2007-11-05 18:40 10,816 --a------ C:\WINDOWS\system32\ivvbiiwu.dll
2007-11-05 18:40 10,816 --a------ C:\WINDOWS\system32\hsydyajh.dll
2007-11-05 18:40 10,816 --a------ C:\WINDOWS\system32\hokwbwmc.dll
2007-11-05 18:39 10,816 --a------ C:\WINDOWS\system32\cqguovqh.dll
2007-11-05 18:22 35,328 --a------ C:\WINDOWS\system32\mljjijk.dll
2007-11-03 19:44 87,616 --a------ C:\WINDOWS\system32\ybjpbion.dll
2007-11-03 19:41 81,472 --a------ C:\WINDOWS\system32\krqwfrfc.dll
2007-11-03 19:37 10,816 --a------ C:\WINDOWS\system32\agxrprbs.dll
2007-11-03 19:37 10,816 --a------ C:\WINDOWS\system32\__c008F5A9.dat
2007-11-03 17:49 35,328 --a------ C:\WINDOWS\system32\hggddax.dll
2007-11-03 17:49 28,672 --a------ C:\Documents and Settings\Owner\iexplorer.exe
2007-11-03 17:49 28,672 --a------ C:\DOCUME~1\Owner\iexplorer.exe
2007-11-03 17:49 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-03 17:49 <DIR> d-------- C:\temp\mZOr
2007-10-30 22:20 6,465 --ahs---- C:\WINDOWS\system32\pqstv.bak1
2007-10-30 22:17 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-30 22:14 82 --a------ C:\n.bat
2007-10-30 22:14 32,256 --------- C:\WINDOWS\system32\nnnnonk.dll
2007-10-30 22:14 0 --a------ C:\z.dat
2007-10-30 22:13 28,672 --a------ C:\Documents and Settings\Owner\update.exe
2007-10-30 22:13 28,672 --a------ C:\DOCUME~1\Owner\update.exe
2007-10-30 21:59 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-10-30 21:59 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-10-30 21:59 <DIR> d-------- C:\Program Files\Adssite Games Collection
2007-10-30 21:59 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-10-30 21:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Adssite Advanced Toolbar
2007-10-30 21:58 <DIR> d-------- C:\Program Files\ContextTool
2007-10-26 05:08 35,840 --a------ C:\WINDOWS\mrofinu1188.exe
2007-10-23 19:52 <DIR> d-------- C:\Program Files\iPod


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-11-05 08:55:31 10,816 ----a-w C:\WINDOWS\system32\__c001B1FE.dat
2007-11-05 08:33:55 -------- d-----w C:\Program Files\LimeWire
2007-11-03 09:07:30 10,816 ----a-w C:\WINDOWS\system32\__c008F5A9.dat
2007-11-03 07:22:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-23 09:22:37 -------- d-----w C:\Program Files\iTunes
2007-09-19 13:29:40 -------- d-----w C:\Program Files\Apple Software Update
2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0D39A900-0F3A-4C29-A254-3E65244FDC34}=C:\Program Files\ContextTool\ContextTool-2.dll [2007-06-28 06:57]
{1173428d-66c3-4340-b911-63916434bb74}=C:\WINDOWS\system32\krqwfrfc.dll [2007-11-03 19:41]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 01:11]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 14:32]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-07-04 21:54]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"BigPond Toolbar"="C:\Program Files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 15:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 16:41]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 16:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-11-03 18:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c001B1FE.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\ddaba.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\RunGame.exe


Contents of the 'Scheduled Tasks' folder
2007-10-15 04:12:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-11-05 09:11:06 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-10-26 11:19:24 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 19:39:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-11-05 19:44:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-11-05 19:44
C:\ComboFix2.txt ... 2007-05-29 21:23
C:\ComboFix3.txt ... 2007-05-27 16:36

--- E O F ---


Hope you can help me out like you did last time I was here with a problem. (y)
 

justonegoal

Thread Starter
Joined
May 25, 2007
Messages
118
Can any one help me??

If i have sorted it out myself can someone tell me please!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top