1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: I have a Vundo problem

Discussion in 'Virus & Other Malware Removal' started by justonegoal, Nov 5, 2007.

Thread Status:
Not open for further replies.
  1. justonegoal

    justonegoal Thread Starter

    Joined:
    May 25, 2007
    Messages:
    118
    Hi all:D

    I am getting a high alert pop up from my Norton’s Antivirus about a Vundo problem

    File or path name C:\WINDOWS\systems\nnnnonks.dll

    Anyway it can’t access the file to delete it

    Also I had a version of Lime wire and during this process it kept on starting automatically so I deleted the program but is still is trying to open and i get a Java script pop up. Don’t know if it is related to my current problems but i thought i would mention it. The more information you know about what i am experiencing the better i think.
    I then downloaded Vundo fix Version 6.5.0.11 and this found nothing

    I have downloaded hijackthis Version 1.99.1

    This is the log file:

    1.99.1Logfile of HijackThis v1.99.1
    Scan saved at 7:49:23 PM, on 5/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
    O2 - BHO: {47bb4346-1936-119b-0434-3c66d8243711} - {1173428d-66c3-4340-b911-63916434bb74} - C:\WINDOWS\system32\krqwfrfc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://remote.adbri.com.au/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://video.vividas.com/media/4516_Nike/web/player/vivid_ocx.jpeg
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140322883578
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181112589328
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001B1FE.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    I had a version of Combo fix so I ran that and this is the log file:

    Owner" - 2007-11-05 19:28:42 Service Pack 2
    ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Owner\My Documents\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ddaba.dll
    C:\WINDOWS\system32\abadd.bak1
    C:\WINDOWS\system32\abadd.ini2
    C:\WINDOWS\system32\abadd.tmp
    C:\WINDOWS\system32\abadd.bak1
    C:\WINDOWS\system32\abadd.ini2
    C:\WINDOWS\system32\abadd.tmp
    C:\WINDOWS\system32\abadd.bak1
    C:\WINDOWS\system32\abadd.ini2
    C:\WINDOWS\system32\abadd.tmp


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\z.exe"
    "C:\svchost.exe"
    "C:\WINDOWS\system32\drivers\sfsync02.sys"


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_SFSYNC02
    -------\sfsync02


    ((((((((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))))))


    2007-11-05 19:35 0 --a------ C:\WINDOWS\system32\sfsync02.dll
    2007-11-05 19:25 10,816 --a------ C:\WINDOWS\system32\eksbdbep.dll
    2007-11-05 19:25 10,816 --a------ C:\WINDOWS\system32\__c001B1FE.dat
    2007-11-05 19:03 10,816 --a------ C:\WINDOWS\system32\rruylqvj.dll
    2007-11-05 19:03 10,816 --a------ C:\WINDOWS\system32\gcfweyur.dll
    2007-11-05 19:03 10,816 --a------ C:\WINDOWS\system32\difbbexn.dll
    2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\ttborvca.dll
    2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\ldjkfhxi.dll
    2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\deroxvpc.dll
    2007-11-05 18:59 10,816 --a------ C:\WINDOWS\system32\cxksxhew.dll
    2007-11-05 18:59 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-05 18:56 10,816 --a------ C:\WINDOWS\system32\sgflnqjv.dll
    2007-11-05 18:56 10,816 --a------ C:\WINDOWS\system32\gjymlyqf.dll
    2007-11-05 18:56 10,816 --a------ C:\WINDOWS\system32\aodclbkg.dll
    2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\opxnfxcu.dll
    2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\mhkemliv.dll
    2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\lbxyivbv.dll
    2007-11-05 18:52 10,816 --a------ C:\WINDOWS\system32\jxskqlup.dll
    2007-11-05 18:50 10,816 --a------ C:\WINDOWS\system32\txsleftq.dll
    2007-11-05 18:50 10,816 --a------ C:\WINDOWS\system32\tbovkhah.dll
    2007-11-05 18:50 10,816 --a------ C:\WINDOWS\system32\jjfavscw.dll
    2007-11-05 18:49 10,816 --a------ C:\WINDOWS\system32\gndtxfyl.dll
    2007-11-05 18:40 10,816 --a------ C:\WINDOWS\system32\ivvbiiwu.dll
    2007-11-05 18:40 10,816 --a------ C:\WINDOWS\system32\hsydyajh.dll
    2007-11-05 18:40 10,816 --a------ C:\WINDOWS\system32\hokwbwmc.dll
    2007-11-05 18:39 10,816 --a------ C:\WINDOWS\system32\cqguovqh.dll
    2007-11-05 18:22 35,328 --a------ C:\WINDOWS\system32\mljjijk.dll
    2007-11-03 19:44 87,616 --a------ C:\WINDOWS\system32\ybjpbion.dll
    2007-11-03 19:41 81,472 --a------ C:\WINDOWS\system32\krqwfrfc.dll
    2007-11-03 19:37 10,816 --a------ C:\WINDOWS\system32\agxrprbs.dll
    2007-11-03 19:37 10,816 --a------ C:\WINDOWS\system32\__c008F5A9.dat
    2007-11-03 17:49 35,328 --a------ C:\WINDOWS\system32\hggddax.dll
    2007-11-03 17:49 28,672 --a------ C:\Documents and Settings\Owner\iexplorer.exe
    2007-11-03 17:49 28,672 --a------ C:\DOCUME~1\Owner\iexplorer.exe
    2007-11-03 17:49 <DIR> d-------- C:\WINDOWS\system32\Mz18r
    2007-11-03 17:49 <DIR> d-------- C:\temp\mZOr
    2007-10-30 22:20 6,465 --ahs---- C:\WINDOWS\system32\pqstv.bak1
    2007-10-30 22:17 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-10-30 22:14 82 --a------ C:\n.bat
    2007-10-30 22:14 32,256 --------- C:\WINDOWS\system32\nnnnonk.dll
    2007-10-30 22:14 0 --a------ C:\z.dat
    2007-10-30 22:13 28,672 --a------ C:\Documents and Settings\Owner\update.exe
    2007-10-30 22:13 28,672 --a------ C:\DOCUME~1\Owner\update.exe
    2007-10-30 21:59 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
    2007-10-30 21:59 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-10-30 21:59 <DIR> d-------- C:\Program Files\Adssite Games Collection
    2007-10-30 21:59 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
    2007-10-30 21:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Adssite Advanced Toolbar
    2007-10-30 21:58 <DIR> d-------- C:\Program Files\ContextTool
    2007-10-26 05:08 35,840 --a------ C:\WINDOWS\mrofinu1188.exe
    2007-10-23 19:52 <DIR> d-------- C:\Program Files\iPod


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-11-05 08:55:31 10,816 ----a-w C:\WINDOWS\system32\__c001B1FE.dat
    2007-11-05 08:33:55 -------- d-----w C:\Program Files\LimeWire
    2007-11-03 09:07:30 10,816 ----a-w C:\WINDOWS\system32\__c008F5A9.dat
    2007-11-03 07:22:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-10-23 09:22:37 -------- d-----w C:\Program Files\iTunes
    2007-09-19 13:29:40 -------- d-----w C:\Program Files\Apple Software Update
    2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {0D39A900-0F3A-4C29-A254-3E65244FDC34}=C:\Program Files\ContextTool\ContextTool-2.dll [2007-06-28 06:57]
    {1173428d-66c3-4340-b911-63916434bb74}=C:\WINDOWS\system32\krqwfrfc.dll [2007-11-03 19:41]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 01:11]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 14:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-07-04 21:54]
    {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "BigPond Toolbar"="C:\Program Files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 15:06]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 16:41]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 16:38]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:30]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-11-03 18:41]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\__c001B1FE.dat

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\ddaba.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\RunGame.exe


    Contents of the 'Scheduled Tasks' folder
    2007-10-15 04:12:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-11-05 09:11:06 C:\WINDOWS\tasks\MP Scheduled Scan.job
    2007-10-26 11:19:24 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-05 19:39:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-11-05 19:44:34 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-11-05 19:44
    C:\ComboFix2.txt ... 2007-05-29 21:23
    C:\ComboFix3.txt ... 2007-05-27 16:36

    --- E O F ---


    Hope you can help me out like you did last time I was here with a problem. (y)
     
  2. justonegoal

    justonegoal Thread Starter

    Joined:
    May 25, 2007
    Messages:
    118
    Can any one help me??

    If i have sorted it out myself can someone tell me please!!
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647955

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice