Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log


  • This topic is locked This topic is locked
8 replies to this topic

#1 MaxRussian

MaxRussian

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 08 November 2006 - 06:39 AM

I need some help,recently i have been having alot of trouble with my computer working slower then usual, my internet randomly turing off on my computer though i think its not a problem with my connection, and i have been getting pop ups when i'm not online. I appreciate all help, thanks.
Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:13:33 AM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30D898AA-0D48-1033-0208-060202060001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [TxtEpgExe] "C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlow.dll,startup
O4 - HKLM\..\Run: [gwujjhi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gwujjhi.dll,jmyqis
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe





Also there is another file gebyx.dll that one of my antivirus programs flagged but didnít show up on HijackThis.

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:30 AM

Posted 08 November 2006 - 01:12 PM

Go to this folder where Hijackthis is kept and rename the hijackthis application to "showme".
This can be done by right clicking on the program and clicking "rename".
Press enter, then open "showme.exe" by double clicking.
Post a new Hijackthis log from the newly named application.

#3 MaxRussian

MaxRussian
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 08 November 2006 - 03:16 PM

Is this what you mean?

Logfile of HijackThis v1.99.1
Scan saved at 3:12:37 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\showme.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53F615E6-29D3-31B4-44F6-0177D5EE0800} - C:\WINDOWS\system32\rdcwahk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30D898AA-0D48-1033-0208-060202060001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D5E0E58E-F80F-4074-984F-D1E91CBD7961} - C:\WINDOWS\system32\gebyx.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\swptsonj.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30D898AA-0D48-1033-0208-060202060001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [TxtEpgExe] "C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlow.dll,startup
O4 - HKLM\..\Run: [gwujjhi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gwujjhi.dll,jmyqis
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:30 AM

Posted 08 November 2006 - 05:45 PM

That's what I was after. :thumbsup:
Let's get started on the infections you have.

Please download VundoFix.exe to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

David

Edited by D-Trojanator, 08 November 2006 - 05:45 PM.


#5 MaxRussian

MaxRussian
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 09 November 2006 - 05:47 PM

I used vundofix but i still have some problems.
here is my hijackthis log




Logfile of HijackThis v1.99.1
Scan saved at 5:39:55 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Administrator\Desktop\showme.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53F615E6-29D3-31B4-44F6-0177D5EE0800} - C:\WINDOWS\system32\rdcwahk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30D898AA-0D48-1033-0208-060202060001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D5E0E58E-F80F-4074-984F-D1E91CBD7961} - C:\WINDOWS\system32\gebyx.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\swptsonj.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30D898AA-0D48-1033-0208-060202060001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [TxtEpgExe] "C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlow.dll,startup
O4 - HKLM\..\Run: [gwujjhi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gwujjhi.dll,jmyqis
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe




and this is my VundoFix doc

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.8

Scan started at 7:17:09 PM 11/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.8

Scan started at 7:53:30 PM 11/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\gwujjhi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gwujjhi.dll
C:\WINDOWS\system32\gwujjhi.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.8

Scan started at 3:00:10 PM 11/9/2006

Listing files found while scanning....

No infected files were found.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:30 AM

Posted 12 November 2006 - 07:06 AM

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#7 MaxRussian

MaxRussian
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 14 November 2006 - 05:41 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:35:55 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\showme.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53F615E6-29D3-31B4-44F6-0177D5EE0800} - C:\WINDOWS\system32\rdcwahk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - {D5E0E58E-F80F-4074-984F-D1E91CBD7961} - C:\WINDOWS\system32\gebyx.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\swptsonj.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [TxtEpgExe] "C:\Program Files\Common Files\InterVideo\TxtEpg\TtxEpgAcq.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlow.dll,startup
O4 - HKLM\..\Run: [gwujjhi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gwujjhi.dll,jmyqis
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe









Administrator - 06-11-14 17:32:32.00 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{30D898AA-0D48-1033-0208-060202060001}
C:\Program Files\Common Files\{90D898AA-0D48-1033-0208-060202060001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-14 16:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-07 16:36 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-11-07 16:36 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-11-07 16:36 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-11-07 15:40 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-11-07 15:40 270,336 --a------ C:\WINDOWS\system32\imon.dll
2006-11-05 21:11 59,392 --a------ C:\WINDOWS\system32\drvlow.dll
2006-10-23 11:20 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-22 21:20 90,112 --a------ C:\WINDOWS\unvise32.exe
2006-10-18 20:18 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-18 15:00 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-17 19:47 139,264 --a------ C:\WINDOWS\system32\UStorSrv.exe
2006-10-17 19:47 139,264 --a------ C:\WINDOWS\system32\OPDSL.DLL
2006-10-17 16:10 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-17 14:22 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-10-17 14:22 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-17 14:22 620,180 --a------ C:\WINDOWS\system32\divx.dll
2006-10-17 14:22 593,938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-10-17 14:22 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-10-17 14:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-10-17 14:22 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-17 14:22 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-10-17 14:22 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-10-17 14:22 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-17 14:22 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-10-17 13:34 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-17 05:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-16 22:25 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-10-16 22:21 36,864 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2006-10-16 22:21 23,040 -ra------ C:\WINDOWS\system32\IntelNic.dll
2006-10-16 22:21 157,696 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2006-10-16 22:21 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2006-10-16 22:17 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-10-16 22:17 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-16 22:17 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-16 22:17 61,440 --a------ C:\WINDOWS\system32\SFIDLOCK.dll
2006-10-16 22:17 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-16 22:17 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-16 22:17 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-16 22:17 53,248 --a------ C:\WINDOWS\system32\IASBB.dll
2006-10-16 22:17 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-16 22:17 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-16 22:17 40,960 --a------ C:\WINDOWS\system32\SFIMLARK.dll
2006-10-16 22:17 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-16 22:17 274,432 --a------ C:\WINDOWS\system32\IASMXDLL.dll
2006-10-16 22:17 274,432 --a------ C:\WINDOWS\system32\IASDLL.dll
2006-10-16 22:17 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-16 22:17 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-16 22:17 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-16 22:17 14,848 --a------ C:\WINDOWS\system32\DPGCALL.DLL
2006-10-16 22:16 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-16 22:16 41,216 --a------ C:\WINDOWS\system32\drivers\sfng32.sys
2006-10-16 22:16 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-16 22:16 151,552 --a------ C:\WINDOWS\system32\stacapi.dll
2006-10-16 22:16 109,056 --a------ C:\WINDOWS\system32\staco.dll
2006-10-16 22:16 1,021,608 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2006-10-16 21:53 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-16 21:52 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-16 21:52 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-16 21:52 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-16 21:52 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-16 21:47 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2006-10-16 21:46 860,192 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-10-16 21:46 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-10-16 21:46 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-10-16 21:46 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-10-16 21:46 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-10-16 21:46 5,115,904 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-10-16 21:46 41,472 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-10-16 21:46 405,504 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-10-16 21:46 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2006-10-16 21:46 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-10-16 21:46 282,624 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-10-16 21:46 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-10-16 21:46 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-10-16 21:46 255,488 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-10-16 21:46 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2006-10-16 21:46 2,604,128 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-10-16 21:46 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-10-16 21:46 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-10-16 21:46 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-10-16 21:46 1,478,656 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-16 21:34 49,152 -ra------ C:\WINDOWS\system32\HookAPI.dll
2006-10-16 21:34 45,056 -ra------ C:\WINDOWS\DxpAppEx.exe
2006-10-16 21:34 33,249 -ra------ C:\WINDOWS\system32\drivers\RITFSD.sys
2006-10-16 21:34 32,768 -ra------ C:\WINDOWS\system32\RitShell.dll
2006-10-16 21:34 31,872 -ra------ C:\WINDOWS\system32\drivers\Rcfilter.sys
2006-10-16 21:34 183,987 --a------ C:\WINDOWS\system32\drivers\VVBackd5.sys
2006-10-16 21:34 14,074 -ra------ C:\WINDOWS\system32\drivers\exdisk.sys
2006-10-16 21:30 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2006-10-16 21:29 59,392 --a------ C:\WINDOWS\system32\iviaspi.sys
2006-10-16 21:29 5,248 --------- C:\WINDOWS\system32\drivers\udffsrec.sys
2006-10-16 21:29 38,784 --------- C:\WINDOWS\system32\drivers\ivicd.sys
2006-10-16 21:29 26,694 --a------ C:\WINDOWS\HWS.exe
2006-10-16 21:29 26,694 --a------ C:\WINDOWS\HMD.exe
2006-10-16 21:29 116,224 --------- C:\WINDOWS\system32\drivers\IviUdf.sys
2006-10-16 21:28 6,144 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
2006-10-16 21:28 1,024 -rah----- C:\WINDOWS\system32\NTIBUN4.dll
2006-10-16 21:26 8,704 -ra------ C:\WINDOWS\system32\drivers\osaio.sys
2006-10-16 21:26 21,248 --a------ C:\WINDOWS\system32\drivers\intelsmb.sys
2006-10-16 21:26 11,018 -ra------ C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2006-10-16 21:25 10,752 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2006-10-16 21:24 98,304 --a------ C:\WINDOWS\system32\VbiCallback.dll
2006-10-16 21:24 499,712 --a------ C:\WINDOWS\system32\iviIPLW7.dll
2006-10-16 21:24 491,520 --a------ C:\WINDOWS\system32\iviIPLA6.dll
2006-10-16 21:24 466,944 --a------ C:\WINDOWS\system32\iviIPLPX.dll
2006-10-16 21:24 466,944 --a------ C:\WINDOWS\system32\iviIPL.dll
2006-10-16 21:24 45,056 --a------ C:\WINDOWS\system32\WSTDEC.dll
2006-10-16 21:24 442,368 --a------ C:\WINDOWS\system32\iviIPLP6.dll
2006-10-16 21:24 434,176 --a------ C:\WINDOWS\system32\iviIPLM6.dll
2006-10-16 21:24 421,888 --a------ C:\WINDOWS\system32\iviIPLM5.dll
2006-10-16 21:24 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2006-10-16 21:24 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2006-10-16 21:24 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2006-10-16 21:24 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2006-10-16 21:24 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2006-10-16 21:24 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2006-10-16 21:24 155,648 --a------ C:\WINDOWS\system32\log4cpp.dll
2006-10-16 21:24 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2006-10-16 21:24 1,024,000 --a------ C:\WINDOWS\system32\DM.dll
2006-10-16 21:18 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-16 21:18 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-16 21:17 28,352 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-10-16 21:16 36,484 -ra------ C:\WINDOWS\system32\drivers\SMBios.sys
2006-10-16 20:47 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-16 20:47 0 -rahs---- C:\MSDOS.SYS
2006-10-16 20:47 0 -rahs---- C:\IO.SYS
2006-10-16 20:47 0 --a------ C:\CONFIG.SYS
2006-10-16 20:47 0 --a------ C:\AUTOEXEC.BAT
2006-10-16 20:46 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-16 20:46 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-16 20:46 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-16 20:46 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-16 20:45 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-16 20:45 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-16 20:45 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-16 20:45 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-16 20:45 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-16 20:45 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-16 20:45 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-16 20:45 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-16 20:45 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-16 20:45 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-16 20:45 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-16 20:45 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-16 20:45 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-16 20:45 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-16 20:45 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-16 20:45 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-16 20:45 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-16 20:45 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-10-16 20:45 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-16 20:45 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-16 20:45 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-16 20:45 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-16 20:45 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-16 20:45 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-16 20:45 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-16 20:45 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-16 20:45 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-16 20:45 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-10-16 20:45 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-16 20:45 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-16 20:45 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-16 20:45 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-16 20:45 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-16 20:45 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-16 20:45 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-10-16 20:45 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-16 20:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-16 20:45 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-16 20:45 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-16 20:45 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-16 20:45 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-16 20:44 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-16 20:44 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-16 20:44 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-16 20:44 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-16 20:44 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-16 20:44 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-16 20:44 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-16 20:44 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-16 20:44 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-16 20:44 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-16 20:44 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-16 20:44 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-16 20:44 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-16 20:44 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-16 20:44 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-16 20:44 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-16 20:44 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-16 20:44 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-16 20:44 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-16 20:44 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-16 20:44 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-16 20:44 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-16 20:44 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-16 20:44 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-16 20:44 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-16 20:44 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-16 20:44 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-16 20:44 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-16 20:44 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-16 20:44 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-16 20:44 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-16 20:44 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-16 20:44 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-16 20:44 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-16 20:44 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-16 20:44 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-16 20:44 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-16 20:44 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-16 20:44 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-16 20:44 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-16 20:44 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-16 20:44 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-16 20:44 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-16 20:44 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-16 20:44 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-16 20:44 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-16 20:44 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-16 20:44 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-16 20:44 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-16 20:44 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-16 20:44 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-16 20:44 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-16 20:44 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-16 20:44 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-16 20:44 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-16 20:44 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-16 20:44 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-16 20:44 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-16 20:44 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-16 20:44 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-16 20:44 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-16 20:44 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-16 20:44 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-16 20:44 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-16 20:44 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-16 20:44 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-16 20:44 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-16 20:44 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-16 20:44 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-16 20:44 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-16 20:44 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-16 20:44 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-16 20:44 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-16 20:44 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-16 20:44 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-16 20:44 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-16 20:44 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-16 20:44 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-16 20:44 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-16 20:44 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-16 20:44 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-16 20:44 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-16 20:44 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-16 20:44 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-16 16:36 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-16 16:35 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-16 16:35 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-16 16:34 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-16 16:34 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-16 16:34 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-16 16:34 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-16 16:34 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-16 16:34 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-16 16:33 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-16 16:33 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-16 16:33 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-16 16:33 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-16 16:33 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-16 16:33 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-16 16:33 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-16 16:33 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-16 16:33 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-14 17:33 -------- d-------- C:\Program Files\Common Files
2006-11-14 16:41 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-14 15:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-14 15:22 -------- d-------- C:\Program Files\Firefly Studios
2006-11-14 14:55 -------- d-------- C:\Program Files\Atari
2006-11-14 12:08 -------- d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2006-11-14 12:02 -------- d-------- C:\Program Files\Norton Internet Security
2006-11-13 16:05 -------- d-------- C:\Program Files\Activision
2006-11-12 16:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2006-11-12 15:58 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-12 15:55 -------- d-------- C:\Program Files\Nero
2006-11-12 12:16 -------- d-------- C:\Program Files\EA GAMES
2006-11-11 23:30 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-11-11 17:30 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-11 09:50 -------- d-------- C:\Program Files\SymNetDrv
2006-11-11 09:50 -------- d-------- C:\Program Files\Symantec
2006-11-10 12:17 -------- d-------- C:\Program Files\BitTorrent
2006-11-07 22:16 -------- d-------- C:\Program Files\LimeWire
2006-11-07 22:11 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-11-07 16:09 692276 --a------ C:\WINDOWS\system32\gebyx.Vdll
2006-11-07 16:09 692276 --a------ C:\WINDOWS\system32\gebyx.V01dll
2006-11-07 16:09 692276 --a------ C:\WINDOWS\system32\gebyx.V00dll
2006-11-07 16:08 -------- d-------- C:\Program Files\ESET
2006-11-06 09:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Petroglyph
2006-11-06 08:32 -------- d-------- C:\Program Files\LucasArts
2006-11-06 08:19 -------- d-------- C:\Program Files\star wars
2006-11-05 21:38 -------- d-------- C:\Program Files\VSAdd-in
2006-11-05 21:15 -------- d-------- C:\Program Files\THQ
2006-11-05 21:06 -------- d-------- C:\Program Files\war hammar
2006-11-05 20:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\My Games
2006-11-02 22:19 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-02 22:15 -------- d-------- C:\Program Files\2K Games
2006-11-02 22:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-02 19:34 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-02 19:24 -------- d-------- C:\Program Files\Firaxis Games
2006-10-25 22:13 -------- d-------- C:\Program Files\Google
2006-10-25 22:13 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Google
2006-10-24 17:28 -------- d-------- C:\Program Files\AIM
2006-10-24 17:28 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-10-23 14:32 -------- d-------- C:\Program Files\Microsoft Games
2006-10-23 11:23 -------- d-------- C:\Program Files\The Guild 2
2006-10-23 09:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2006-10-23 09:56 -------- d---s---- C:\Program Files\Xfire
2006-10-22 20:06 -------- d-------- C:\Program Files\Electronic Arts
2006-10-22 19:34 -------- d-------- C:\Program Files\QuickPar
2006-10-18 20:15 -------- d-------- C:\Program Files\Internet Explorer
2006-10-18 19:42 -------- d-------- C:\Program Files\Sierra
2006-10-18 19:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2006-10-18 15:23 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-10-18 14:59 -------- d-------- C:\Program Files\Microsoft Office
2006-10-18 14:59 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-18 14:59 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-18 14:58 -------- d-------- C:\Program Files\Common Files\System
2006-10-18 14:57 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-17 19:51 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-10-17 17:17 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-17 14:22 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-17 14:17 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-10-17 13:35 -------- d-------- C:\Program Files\WinRAR
2006-10-17 05:48 -------- d-------- C:\Program Files\Viewpoint
2006-10-17 05:43 -------- d-------- C:\Program Files\AOD
2006-10-17 05:43 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2006-10-16 22:36 -------- d-------- C:\Program Files\Java
2006-10-16 22:35 -------- d-------- C:\Program Files\Common Files\Java
2006-10-16 22:34 -------- d-------- C:\Program Files\QuickTime
2006-10-16 22:34 -------- d-------- C:\Program Files\iTunes
2006-10-16 22:34 -------- d-------- C:\Program Files\iPod
2006-10-16 22:34 -------- d-------- C:\Program Files\Apple Software Update
2006-10-16 22:25 -------- d-------- C:\Program Files\Adobe
2006-10-16 22:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-10-16 22:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2006-10-16 22:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-10-16 22:17 -------- d-------- C:\Program Files\Intel Audio Studio
2006-10-16 22:16 -------- d-------- C:\Program Files\SigmaTel
2006-10-16 22:06 -------- d-------- C:\Program Files\Microsoft Digital Image 2006
2006-10-16 21:54 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2006-10-16 21:50 -------- d-------- C:\Program Files\Common Files\ATI Technologies
2006-10-16 21:48 -------- d-------- C:\Program Files\ATI Technologies
2006-10-16 21:39 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-10-16 21:38 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-16 21:34 -------- d-------- C:\Program Files\FarStone
2006-10-16 21:32 -------- d-------- C:\Program Files\Jasc Software Inc
2006-10-16 21:32 -------- d-------- C:\Program Files\Common Files\Jasc Software Inc
2006-10-16 21:32 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-16 21:32 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2006-10-16 21:30 56 --a------ C:\Program Files\Common Files\appop.log
2006-10-16 21:30 -------- d-------- C:\Program Files\InterVideo
2006-10-16 21:28 -------- d-------- C:\Program Files\NewTech Infosystems
2006-10-16 21:28 -------- d-------- C:\Program Files\Common Files\NewTech Infosystems
2006-10-16 21:27 -------- d-------- C:\Program Files\Intel
2006-10-16 21:27 -------- d-------- C:\Program Files\Executive Software
2006-10-16 21:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2006-10-16 21:24 -------- d-------- C:\Program Files\Common Files\InterVideo
2006-10-16 21:17 -------- d-------- C:\Program Files\Musicmatch
2006-10-16 21:15 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-16 21:12 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-16 21:12 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-10-16 20:47 -------- d-------- C:\Program Files\xerox
2006-10-16 20:47 -------- d-------- C:\Program Files\Windows Media Player
2006-10-16 20:47 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-16 20:46 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-16 20:46 -------- d-------- C:\Program Files\Outlook Express
2006-10-16 20:46 -------- d-------- C:\Program Files\NetMeeting
2006-10-16 20:46 -------- d-------- C:\Program Files\Common Files\Services
2006-10-16 20:46 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-16 20:45 -------- d-------- C:\Program Files\Online Services
2006-10-16 20:45 -------- d-------- C:\Program Files\Movie Maker
2006-10-16 20:45 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-16 20:44 -------- d-------- C:\Program Files\Windows NT
2006-10-16 20:44 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-16 20:44 -------- d-------- C:\Program Files\MSN
2006-10-16 20:44 -------- d-------- C:\Program Files\Messenger
2006-10-16 16:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-16 16:34 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-16 16:33 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Home Theater SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"TxtEpgExe"="\"C:\\Program Files\\Common Files\\InterVideo\\TxtEpg\\TtxEpgAcq.exe\""
"WINCINEMAMGR"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinCinemaMgr.exe\""
"ipTray.exe"="\"C:\\Program Files\\Intel\\IDU\\iptray.exe\""
"awTray.exe"="\"C:\\Program Files\\Intel\\IDU\\awtray.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"farstone"=""
"RestoreIT!"="\"C:\\Program Files\\FarStone\\RestoreIT\\RestoreIT_XP\\VBPTASK.EXE\" VBStart"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SigmatelSysTrayApp"="sttray.exe"
"IntelAudioStudio"="\"C:\\Program Files\\Intel Audio Studio\\IntelAudioStudio.exe\" TRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvlow.dll,startup"
"gwujjhi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gwujjhi.dll,jmyqis"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,03,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDrives"=hex:02,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyg32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-14 17:34:10.59
C:\ComboFix.txt ... 06-11-14 17:34

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:30 AM

Posted 15 November 2006 - 03:22 PM

Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs.
Remove anything related to Viewpoint products.[/list]Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {53F615E6-29D3-31B4-44F6-0177D5EE0800} - C:\WINDOWS\system32\rdcwahk.dll (file missing)
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - {D5E0E58E-F80F-4074-984F-D1E91CBD7961} - C:\WINDOWS\system32\gebyx.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\swptsonj.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlow.dll,startup
O4 - HKLM\..\Run: [gwujjhi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gwujjhi.dll,jmyqis
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\gebyx.Vdll
C:\WINDOWS\system32\gebyx.V01dll
C:\WINDOWS\system32\gebyx.V00dll
C:\WINDOWS\system32\gwujjhi.dll
C:\WINDOWS\system32\drvlow.dll

Reboot back to normal mode.

Please download, install, and update AVG antispyware
Load Ewido and then click the Update tab at the top.
Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top.
Click the "Settings" tab and then change the recommended action to Quarantine.
Click Automatically generate report after every scan.
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action.
Click the Apply all actions button.
AVG antispyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As".
This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close AVG antispyware and reboot!! I need the log later.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

Also post the ewido log.
David

Edited by D-Trojanator, 15 November 2006 - 03:28 PM.


#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:30 AM

Posted 03 December 2006 - 01:10 PM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users