1) The computer is not shared. I have multipal accounts setup for different operations of this PC. Each user loads different tools for that account.
2) Yes I have admin rights.
Vundo LogVundoFix V6.3.17
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 8:00:33 PM 3/21/2007
Listing files found while scanning....
No infected files were found.
Combo Fix Log"Nonya" - 07-03-21 20:05:32 Service Pack 2
ComboFix 07-03-19 - Running from: "C:\Documents and Settings\Nonya\Desktop"
/wow section not completed - STAGE #6D
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\windows\system32\explorer.exe
((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))
2007-03-21 09:33 32,768 --a------ C:\WINDOWS\system32\mp43.exe
2007-03-21 09:33 32,768 --a------ C:\WINDOWS\NOTEDAD.EXE
2007-03-21 09:07 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-03-20 23:48 697,975 --a------ C:\SDFix.exe
2007-03-20 22:13 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-20 15:15 <DIR> d-------- C:\Program Files\DeskAlerts
2007-03-19 13:32 <DIR> d-------- C:\Program Files\The Cleaner
2007-03-19 13:29 <DIR> d-------- C:\VundoFix Backups
2007-03-19 13:26 1,352 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-17 09:20 <DIR> d-------- C:\!KillBox
2007-03-17 01:54 32,768 --a------ C:\WINDOWS\system32\svchtoost.exe
2007-03-16 23:49 27,215 --a------ C:\WINDOWS\system32\vtsqo.exe
2007-03-16 23:49 19,654 --------- C:\WINDOWS\system32\hypdcz.dll
2007-03-16 23:44 8,535 --a------ C:\WINDOWS\system32\mljgdda.dll
2007-03-07 20:20 <DIR> d-------- C:\DOCUME~1\Nonya\APPLIC~1\teamspeak2
2007-02-24 20:30 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-21 09:33 32768 --a------ C:\WINDOWS\system32\mp43.exe
2007-03-21 09:33 32768 --a------ C:\WINDOWS\notedad.exe
2007-03-21 09:07 -------- d-------- C:\Program Files\windows resource kits
2007-03-21 00:58 1352 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-20 23:48 697975 --a------ C:\SDFix.exe
2007-03-20 23:17 -------- d-------- C:\Program Files\the cleaner
2007-03-20 22:13 8704 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-20 15:15 -------- d-------- C:\Program Files\deskalerts
2007-03-18 13:07 32768 --a------ C:\WINDOWS\system32\svchtoost.exe
2007-03-17 21:55 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-16 23:49 27215 --a------ C:\WINDOWS\system32\vtsqo.exe
2007-03-16 23:49 19654 --------- C:\WINDOWS\system32\hypdcz.dll
2007-03-16 23:44 8535 --a------ C:\WINDOWS\system32\mljgdda.dll
2007-03-16 23:40 -------- d-------- C:\Program Files\messenger
2007-03-16 15:05 -------- d-------- C:\DOCUME~1\Nonya\APPLIC~1\openoffice.org2
2007-03-07 20:20 -------- d-------- C:\DOCUME~1\Nonya\APPLIC~1\teamspeak2
2007-03-06 08:31 74 --a------ C:\DOCUME~1\Nonya\APPLIC~1\ftpfile.dat
2007-03-03 22:01 -------- d-------- C:\DOCUME~1\Nonya\APPLIC~1\limewire
2007-02-24 20:11 -------- d--h----- C:\Program Files\installshield installation information
2007-02-18 12:20 278528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-02-11 10:59 -------- d-------- C:\Program Files\sony setup
2007-02-11 10:59 -------- d-------- C:\Program Files\sony
2007-02-11 10:58 -------- d-------- C:\Program Files\vstplugins
2007-02-11 10:58 -------- d-------- C:\DOCUME~1\Nonya\APPLIC~1\publish providers
2007-02-11 10:57 -------- d-------- C:\DOCUME~1\Nonya\APPLIC~1\sony
2007-02-11 10:56 -------- d-------- C:\Program Files\microsoft sql server
2007-02-11 07:15 -------- d-------- C:\Program Files\google
2007-02-11 06:38 -------- d-------- C:\Program Files\samsung
2007-02-07 00:00 -------- d-------- C:\DOCUME~1\Nonya\APPLIC~1\google
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"IESet"="IExplorer.dll .dbt"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Launch Ai Booster"="\"C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe\""
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IESet"="IExplorer.dll .dbt"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IESet"="IExplorer.dll .dbt"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"adirka"="C:\\WINDOWS\\system32\\adirka.exe"
"IESet"="IExplorer.dll .dbt"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hypdcz
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8890ea90-4df0-11db-b86c-806d6172696f}]
Shell\AutoRun\command F:\Autorun.exe
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
cmd.exe [4016]
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-21 20:06:48
C:\ComboFix2.txt ... 07-03-19 16:20
AVG Spyware Log---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:25:53 PM 3/21/2007
+ Scan result:
C:\Documents and Settings\Nonya\Cookies\nonya@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@adorigin[2].txt -> TrackingCookie.Adorigin : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Nonya\Cookies\
[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nonya\Cookies\nonya@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
::Report end
Current HJT LogLogfile of HijackThis v1.99.1
Scan saved at 8:28:03 PM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Documents and Settings\Nonya\Desktop\HJT.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48145cb0-177c-4091-9208-ed85f2f31225} - C:\WINDOWS\system32\hypdcz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - Winlogon Notify: hypdcz - C:\WINDOWS\SYSTEM32\hypdcz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
On the AVG LOG it says no action taken. This is not correct. I saved the LOG before deleting all items. All items were deleted with no problems.
If there is anything else you need please let me know.
Edited by SlickNtz, 21 March 2007 - 07:34 PM.