Trojan.nebuler and loads more- assistance needed please!!!

Unknown · May 2007

I have used Ad-Aware SE and Spybot search and destroy and they continually keep finding more viruses. Norton has told me on several occasions it cannot remove trojan.nebuler amongst others. Also keeps coming up with a message about malicious script that i can't do anything about either. I thought i had half solved the problem but i think its actually getting worse.
I have used Hijack this and according to the thread because i don't have any 02 entries so i must have malware other than Smitfraud present.
I have tried everything others have reccommended but it is not getting any better.
Oh, and i now also have Counterspy that i cannot get rid of either which is causing more problems.
I have tried running in safe mode but things just seem a lot , lot worse.
Please can somebody help me or does anyone have any ideas?
Thankyou for reading all this.

Here is the log file for hijack

Logfile of HijackThis v1.99.1
Scan saved at 10:34:29, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
D:\Documents and Settings\All Users\Application Data\hspuvety.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\MsiExec.exe
D:\WINDOWS\system32\MsiExec.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\L-J\My Documents\download crap\hijack this\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "D:\WINDOWS\TEMP\E_S1CD8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [hspuvety.exe] D:\Documents and Settings\All Users\Application Data\hspuvety.exe
O4 - HKLM\..\Run: [SBCSTray] D:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\ugqygcbj.dll",realset
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Baabiouz · June 2007

Hi!

#1
Please rename your HijackThis.exe to Scanner.exe.

#2

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

#3

Please download VundoFix.exeto your desktop.

Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

#4

Please, send a SdFix log, Vundofix log and a fresh HjT log (scanner.exe)

laura · June 2007

Hi
First of all when i type Y in SDFix it wont do anything. It asks me to download a2 and two other programs but my computer is not letting me load the web sites to do this.
What should i do?

Baabiouz · June 2007

Hi!

Forget that Sdfix and run vundofix only.

laura · June 2007

Hi,
Vundo said it has removed everything but norton still keeps coming up with trojan messages. I have the HIJack this log :

Logfile of HijackThis v1.99.1
Scan saved at 12:54:59, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
D:\Documents and Settings\All Users\Application Data\hspuvety.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\L-J\My Documents\download crap\hijack this\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {3CD3AD4D-A06D-4AB5-9CE9-8AEC3DFE1D2C} - D:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58695489-B242-4B44-86DF-1A85A707F314} - D:\WINDOWS\system32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - D:\WINDOWS\system32\xxywtqn.dll (file missing)
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - D:\WINDOWS\system32\ljjkjih.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - D:\WINDOWS\system32\ubvtfomt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "D:\WINDOWS\TEMP\E_S1CD8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [hspuvety.exe] D:\Documents and Settings\All Users\Application Data\hspuvety.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winadg32 - D:\WINDOWS\SYSTEM32\winadg32.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Baabiouz · June 2007

I need vundofix log, please send it

and Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

laura · June 2007

Hi, here are the log reports :

"L-J" - 2007-06-01 15:11:19 Service Pack 2
ComboFix 07-05.27.BV - Running from: "D:\Documents and Settings\L-J\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

D:\WINDOWS\system32\ubvtfomt.dll
D:\WINDOWS\system32\winadg32.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"D:\Program Files\Common Files\Yazzle1162OinAdmin.exe"
"D:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
"D:\WINDOWS\system32\wnsinticomsv32.exe"
"D:\Program Files\outerinfo\Terms.rtf"
"D:\Program Files\outerinfo"

-- Purity Folders:

D:\WINDOWS\system32\ASEMBL~1
D:\WINDOWS\RACLE~1
D:\Program Files\TSKS~1
D:\DOCUME~1\L-J\APPLIC~1\SSTEM3~1

((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))

2007-06-01 16:05 40,183 ---hs---- D:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-06-01 15:09 60,928 --a

D:\WINDOWS\system32\skqnn.dll
2007-06-01 15:08 33,302 --a

D:\WINDOWS\system32\ljjjjji.dll
2007-06-01 13:53 33,302 --a

D:\WINDOWS\system32\efcbbbx.dll
2007-06-01 13:13 206 --a

D:\WINDOWS\g22032953.exe
2007-06-01 13:07 206 --a

D:\WINDOWS\g21669921.exe
2007-06-01 07:12 206 --a

D:\WINDOWS\g409562.exe
2007-06-01 06:42 206 --a

D:\WINDOWS\g67333140.exe
2007-06-01 06:20 206 --a

D:\WINDOWS\g66012453.exe
2007-06-01 06:00 206 --a

D:\WINDOWS\g64811421.exe
2007-06-01 05:38 206 --a

D:\WINDOWS\g63491171.exe
2007-06-01 05:16 206 --a

D:\WINDOWS\g62170906.exe
2007-06-01 04:54 206 --a

D:\WINDOWS\g60850625.exe
2007-06-01 04:32 206 --a

D:\WINDOWS\g59530343.exe
2007-06-01 04:10 206 --a

D:\WINDOWS\g58210359.exe
2007-06-01 03:50 206 --a

D:\WINDOWS\g57009375.exe
2007-06-01 03:28 206 --a

D:\WINDOWS\g55689046.exe
2007-06-01 03:06 206 --a

D:\WINDOWS\g54368718.exe
2007-06-01 02:44 206 --a

D:\WINDOWS\g53048468.exe
2007-06-01 02:24 206 --a

D:\WINDOWS\g51848812.exe
2007-06-01 02:02 206 --a

D:\WINDOWS\g50527718.exe
2007-05-31 15:42 <DIR> d

D:\Program Files\3wPlayer
2007-05-31 10:36 206 --a

D:\WINDOWS\g8100125.exe
2007-05-31 08:25 0 --a

D:\WINDOWS\system32\SBRC.dat
2007-05-31 08:19 206 --a

D:\WINDOWS\g33686859.exe
2007-05-31 07:57 206 --a

D:\WINDOWS\g32366484.exe
2007-05-31 07:37 206 --a

D:\WINDOWS\g31165515.exe
2007-05-31 07:15 206 --a

D:\WINDOWS\g29845187.exe
2007-05-31 06:53 206 --a

D:\WINDOWS\g28524765.exe
2007-05-31 06:31 206 --a

D:\WINDOWS\g27205390.exe
2007-05-31 06:11 206 --a

D:\WINDOWS\g26005359.exe
2007-05-31 02:00 0 --a

D:\WINDOWS\system32\SBFC.dat
2007-05-31 00:01 206 --a

D:\WINDOWS\g3782234.exe
2007-05-30 23:44 28,160 --a

D:\WINDOWS\system32\sysmon32.exe
2007-05-30 23:43 28,160 --a

D:\WINDOWS\system32\winsys64.exe
2007-05-30 23:11 <DIR> d

D:\WINDOWS\CSC
2007-05-30 20:22 206 --a

D:\WINDOWS\g4058343.exe
2007-05-30 20:07 626,688 --a

D:\WINDOWS\system32\msvcr80.dll
2007-05-30 20:02 206 --a

D:\WINDOWS\g2852890.exe
2007-05-30 19:56 206 --a

D:\WINDOWS\g2493578.exe
2007-05-30 19:54 206 --a

D:\WINDOWS\g2326671.exe
2007-05-30 18:35 <DIR> d

D:\VundoFix Backups
2007-05-30 18:10 206 --a

D:\WINDOWS\g118598437.exe
2007-05-30 17:50 206 --a

D:\WINDOWS\g117398718.exe
2007-05-30 17:30 206 --a

D:\WINDOWS\g116196828.exe
2007-05-30 17:08 206 --a

D:\WINDOWS\g114876906.exe
2007-05-30 16:46 206 --a

D:\WINDOWS\g113554765.exe
2007-05-30 16:24 206 --a

D:\WINDOWS\g112234343.exe
2007-05-30 16:02 206 --a

D:\WINDOWS\g110914171.exe
2007-05-30 15:42 206 --a

D:\WINDOWS\g109713515.exe
2007-05-30 15:20 206 --a

D:\WINDOWS\g108393156.exe
2007-05-30 14:58 206 --a

D:\WINDOWS\g107072968.exe
2007-05-30 14:36 206 --a

D:\WINDOWS\g105752531.exe
2007-05-30 10:36 <DIR> d

D:\DOCUME~1\L-J\APPLIC~1\Opera
2007-05-30 09:56 <DIR> d

D:\WINDOWS\system32\appmgmt
2007-05-30 07:54 57,344 --a

D:\DOCUME~1\ALLUSE~1\APPLIC~1\hspuvety.exe
2007-05-30 07:53 206 --a

D:\WINDOWS\g81594062.exe
2007-05-30 07:25 206 --a

D:\WINDOWS\g79859093.exe
2007-05-30 07:03 206 --a

D:\WINDOWS\g78534437.exe
2007-05-30 06:40 206 --a

D:\WINDOWS\g77210703.exe
2007-05-30 06:18 206 --a

D:\WINDOWS\g75887437.exe
2007-05-30 05:49 206 --a

D:\WINDOWS\g74140765.exe
2007-05-30 05:29 206 --a

D:\WINDOWS\g72936109.exe
2007-05-30 05:07 206 --a

D:\WINDOWS\g71612953.exe
2007-05-30 04:36 206 --a

D:\WINDOWS\g69721468.exe
2007-05-30 04:14 206 --a

D:\WINDOWS\g68398296.exe
2007-05-30 03:52 206 --a

D:\WINDOWS\g67076328.exe
2007-05-30 03:32 206 --a

D:\WINDOWS\g65874375.exe
2007-05-30 03:09 206 --a

D:\WINDOWS\g64553203.exe
2007-05-30 02:48 206 --a

D:\WINDOWS\g63254703.exe
2007-05-30 01:13 206 --a

D:\WINDOWS\g57567421.exe
2007-05-30 00:51 206 --a

D:\WINDOWS\g56246140.exe
2007-05-30 00:29 206 --a

D:\WINDOWS\g54924921.exe
2007-05-30 00:07 206 --a

D:\WINDOWS\g53603843.exe
2007-05-29 23:45 206 --a

D:\WINDOWS\g52282296.exe
2007-05-29 23:25 206 --a

D:\WINDOWS\g51071671.exe
2007-05-29 23:03 206 --a

D:\WINDOWS\g49750562.exe
2007-05-29 22:41 206 --a

D:\WINDOWS\g48429000.exe
2007-05-29 22:19 206 --a

D:\WINDOWS\g47105218.exe
2007-05-29 21:57 206 --a

D:\WINDOWS\g45780984.exe
2007-05-29 21:36 206 --a

D:\WINDOWS\g44572015.exe
2007-05-29 21:14 206 --a

D:\WINDOWS\g43250093.exe
2007-05-29 20:52 206 --a

D:\WINDOWS\g41928078.exe
2007-05-29 20:30 206 --a

D:\WINDOWS\g40606125.exe
2007-05-29 20:08 206 --a

D:\WINDOWS\g39284718.exe
2007-05-29 19:46 206 --a

D:\WINDOWS\g37961375.exe
2007-05-29 19:26 206 --a

D:\WINDOWS\g36757859.exe
2007-05-29 19:04 206 --a

D:\WINDOWS\g35433859.exe
2007-05-29 18:42 206 --a

D:\WINDOWS\g34112343.exe
2007-05-29 18:20 206 --a

D:\WINDOWS\g32789000.exe
2007-05-29 17:58 206 --a

D:\WINDOWS\g31465062.exe
2007-05-29 17:38 206 --a

D:\WINDOWS\g30262718.exe
2007-05-29 17:16 206 --a

D:\WINDOWS\g28941859.exe
2007-05-29 16:54 206 --a

D:\WINDOWS\g27621531.exe
2007-05-29 16:32 206 --a

D:\WINDOWS\g26298812.exe
2007-05-29 16:10 206 --a

D:\WINDOWS\g24977734.exe
2007-05-29 15:48 206 --a

D:\WINDOWS\g23654171.exe
2007-05-29 15:28 206 --a

D:\WINDOWS\g22452171.exe
2007-05-29 15:06 206 --a

D:\WINDOWS\g21130453.exe
2007-05-29 14:44 206 --a

D:\WINDOWS\g19809906.exe
2007-05-29 14:22 206 --a

D:\WINDOWS\g18484328.exe
2007-05-29 14:00 206 --a

D:\WINDOWS\g17164031.exe
2007-05-29 13:40 206 --a

D:\WINDOWS\g15963265.exe
2007-05-29 13:18 206 --a

D:\WINDOWS\g14634531.exe
2007-05-29 12:55 206 --a

D:\WINDOWS\g13313656.exe
2007-05-29 12:33 206 --a

D:\WINDOWS\g11993625.exe
2007-05-29 12:11 206 --a

D:\WINDOWS\g10664343.exe
2007-05-29 11:49 206 --a

D:\WINDOWS\g9340875.exe
2007-05-29 11:29 206 --a

D:\WINDOWS\g8141140.exe
2007-05-29 11:07 206 --a

D:\WINDOWS\g6822625.exe
2007-05-29 10:45 206 --a

D:\WINDOWS\g5497187.exe
2007-05-29 10:23 206 --a

D:\WINDOWS\g4173328.exe
2007-05-29 06:16 <DIR> d

D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-29 06:09 206 --a

D:\WINDOWS\g123192375.exe
2007-05-29 05:41 <DIR> d

D:\Program Files\Common Files\Adobe Systems Shared
2007-05-29 05:41 <DIR> d

D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-27 18:42 <DIR> d

D:\DOCUME~1\L-J\APPLIC~1\ImgBurn
2007-05-26 15:29 <DIR> d

D:\Program Files\ImgBurn
2007-05-23 17:53 <DIR> d

D:\WINDOWS\RegisteredPackages
2007-05-22 07:19 225,280 --a

D:\WINDOWS\system32\rewire.dll
2007-05-22 07:19 <DIR> d

D:\Program Files\VstPlugins
2007-05-22 07:17 <DIR> d

D:\Program Files\Image-Line
2007-05-22 06:41 <DIR> d

D:\Program Files\Alcohol Soft
2007-05-07 09:02 <DIR> d

D:\Program Files\Mystery Case Files - Ravenhearst
2007-05-07 09:00 <DIR> d

D:\Program Files\GameHouse
2007-05-05 14:08 <DIR> d

D:\DOCUME~1\L-J\APPLIC~1\EPSON
2007-05-05 09:22 <DIR> d

D:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-05-05 09:20 77,824 --a

D:\WINDOWS\system32\PICEntry.dll
2007-05-05 09:20 73,728 --a

D:\WINDOWS\system32\PICSDK.dll
2007-05-05 09:20 65,536 --a

D:\WINDOWS\system32\EPPicMgr.dll
2007-05-05 09:20 495,616 --a

D:\WINDOWS\system32\PICSDK2.dll
2007-05-05 09:20 4,943 --a

D:\WINDOWS\system32\EPPICPattern6.dat
2007-05-05 09:20 31,053 --a

D:\WINDOWS\system32\EPPICPattern131.dat
2007-05-05 09:20 27,417 --a

D:\WINDOWS\system32\EPPICPattern121.dat
2007-05-05 09:20 26,154 --a

D:\WINDOWS\system32\EPPICPattern1.dat
2007-05-05 09:20 24,903 --a

D:\WINDOWS\system32\EPPICPattern3.dat
2007-05-05 09:20 21,390 --a

D:\WINDOWS\system32\EPPICPattern5.dat
2007-05-05 09:20 20,148 --a

D:\WINDOWS\system32\EPPICPattern2.dat
2007-05-05 09:20 114,688 --a

D:\WINDOWS\system32\EpPicPrt.dll
2007-05-05 09:20 111,932 --a

D:\WINDOWS\system32\EPPICPrinterDB.dat
2007-05-05 09:20 11,811 --a

D:\WINDOWS\system32\EPPICPattern4.dat
2007-05-05 09:20 1,146 --a

D:\WINDOWS\system32\EPPICPresetData_DU.dat
2007-05-05 09:20 1,139 --a

D:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-05-05 09:20 1,139 --a

D:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-05-05 09:20 1,136 --a

D:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-05-05 09:20 1,129 --a

D:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-05-05 09:20 1,129 --a

D:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-05-05 09:20 1,120 --a

D:\WINDOWS\system32\EPPICPresetData_IT.dat
2007-05-05 09:20 1,107 --a

D:\WINDOWS\system32\EPPICPresetData_GE.dat
2007-05-05 09:20 1,104 --a

D:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-05-05 09:19 71,168 --a

D:\WINDOWS\system32\E_FLBBEE.DLL
2007-05-05 09:19 62,976 --a

D:\WINDOWS\system32\E_FD4BBEE.DLL
2007-05-05 09:19 49,152 --a

D:\WINDOWS\system32\E_DCINST.DLL
2007-05-05 09:09 46,080 --a

D:\WINDOWS\system32\escimgd.dll
2007-05-05 09:09 29,696 --a

D:\WINDOWS\system32\escwiad.dll
2007-05-05 09:09 22,016 --a

D:\WINDOWS\system32\esccmd.dll
2007-05-03 12:41 <DIR> d

D:\Program Files\Telltale Games
2007-05-01 08:35 146,432 ---hs---- D:\Program Files\Common Files\Yazzle1162OinAdmin.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 23:00:38 33,302 ----a-w D:\WINDOWS\system32\yayawus.dll
2007-06-01 22:08:35

d

w D:\Program Files\Google
2007-06-01 08:50:49

d

w D:\Program Files\EPSON
2007-05-31 04:34:12

d

w D:\DOCUME~1\L-J\APPLIC~1\OpenOffice.org2
2007-05-31 02:45:28

d--h--w D:\Program Files\InstallShield Installation Information
2007-05-30 20:54:00

d

w D:\Program Files\themexp
2007-05-30 17:05:20

d

w D:\Program Files\Flower Shop Big City Break
2007-05-30 17:01:28

d

w D:\Program Files\Democracy
2007-05-30 16:58:36

d

w D:\Program Files\GustoSoft
2007-05-26 23:45:27

d

w D:\DOCUME~1\L-J\APPLIC~1\dvdcss
2007-05-26 11:45:39

d

w D:\Program Files\BitComet
2007-05-18 01:50:42 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-05-07 16:51:10

d

w D:\DOCUME~1\L-J\APPLIC~1\Ahead
2007-05-05 16:28:29

d

w D:\Program Files\Common Files\InstallShield
2007-05-04 17:41:52

d

w D:\Program Files\Fairy Godmother Tycoon
2007-05-03 21:08:31

d

w D:\Program Files\Cake Mania
2007-04-29 15:56:50

d

w D:\DOCUME~1\L-J\APPLIC~1\Image Zone Express
2007-04-29 09:11:51

d

w D:\Program Files\ReflexiveArcade
2007-04-29 03:50:24

d

w D:\Program Files\Stand O`Food
2007-04-29 03:50:24

d

w D:\DOCUME~1\L-J\APPLIC~1\Gaijin Ent
2007-04-29 00:58:06

d

w D:\DOCUME~1\L-J\APPLIC~1\Printer Info Cache
2007-04-28 21:38:14

d

w D:\Program Files\Common Files\HP
2007-04-27 14:28:09

d

w D:\Program Files\Common Files\Sandlot Shared
2007-04-27 07:35:27

d--h--r D:\DOCUME~1\L-J\APPLIC~1\yahoo!
2007-04-27 07:35:07

d

w D:\Program Files\Yahoo!
2007-04-21 14:41:39

d

w D:\Program Files\Common Files\Ahead
2007-04-21 14:40:41

d

w D:\Program Files\Nero
2007-04-21 14:29:34

d

w D:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2007-04-21 14:04:42

d

w D:\Program Files\Cucusoft
2007-04-21 01:53:49

d

w D:\Program Files\WinLemm
2007-04-20 23:43:50

d

w D:\Program Files\Take 2 Interactive Software Europe
2007-04-20 18:58:33

d

w D:\Program Files\The Wonderful Wizard of Oz
2007-04-20 18:31:20 4,096 ----a-w D:\WINDOWS\d3dx.dat
2007-04-20 17:49:33

d

w D:\DOCUME~1\L-J\APPLIC~1\FloodLightGames
2007-04-20 04:14:29

d

w D:\Program Files\BFG
2007-04-20 01:59:11

d

w D:\Program Files\Diner Dash Flo on the Go
2007-04-20 01:51:02

d

w D:\DOCUME~1\L-J\APPLIC~1\PlayFirst
2007-04-18 16:12:23 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
2007-04-15 17:21:18

d

w D:\DOCUME~1\L-J\APPLIC~1\iWin
2007-04-15 17:18:00

d

w D:\Program Files\iWin Games
2007-04-02 21:58:36 12,528 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-04-02 09:57:13 8,464 ----a-w D:\WINDOWS\system32\sporder.dll
2007-04-02 09:13:26

d

w D:\Program Files\TGTSoft
2007-03-17 13:43:01 292,864 ----a-w D:\WINDOWS\system32\winsrv.dll
2007-03-12 08:01:33 1,298 ----a-w D:\WINDOWS\mozver.dat
2007-03-11 20:45:38 0 ----a-w D:\WINDOWS\nsreg.dat
2007-03-11 20:41:49 37,844,544 ----a-w D:\Program Files\iTunesSetup.exe
2007-03-08 15:36:28 577,536 ----a-w D:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w D:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w D:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w D:\WINDOWS\system32\win32k.sys
2007-03-05 20:34:28 676,224 ----a-w D:\WINDOWS\system32\OGACheckControl.DLL

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 02:29]
{3CD3AD4D-A06D-4AB5-9CE9-8AEC3DFE1D2C}=D:\WINDOWS\system32\sstqn.dll []
{53707962-6F74-2D53-2644-206D7942484F}=D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{58695489-B242-4B44-86DF-1A85A707F314}=D:\WINDOWS\system32\ssqpm.dll []
{8CA5ED52-F3FB-4414-A105-2E3491156990}=D:\PROGRA~1\IWINGA~1\IWINGA~1.DLL [2007-02-13 09:58]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{96094763-A7A5-DE5C-D17A-8BADA9E825E9}=D:\WINDOWS\system32\skqnn.dll [2007-05-21 06:59]
{B2030C9A-DE59-457D-A042-D827AD69C8F3}=D:\WINDOWS\system32\xxywtqn.dll []
{B71FA585-B351-4E48-8DA8-22F6F705EC73}=D:\WINDOWS\system32\ljjkjih.dll []
{BDF3E430-B101-42AD-A544-FADC6B084872}=D:\Program Files\Norton AntiVirus\NavShExt.dll [2005-01-10 13:20]
{E5225210-F293-40FE-BB2F-D5A3C7F13C47}=D:\WINDOWS\system32\ljjjjji.dll [2007-06-01 15:08]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 13:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"SoundMan"="SOUNDMAN.EXE" []
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-15 05:00 D:\WINDOWS\system32\bthprops.cpl]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 16:30]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-14 03:21]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"hspuvety.exe"="D:\Documents and Settings\All Users\Application Data\hspuvety.exe" [2007-05-30 07:54]
"smgr"="smgr.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-15 05:00]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"Bpuo"="D:\PROGRA~1\TSKS~1\mmc.exe" []
"Wlm"="D:\WINDOWS\?racle\??anregw.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=D:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
D:\Documents and Settings\L-J\My Documents\My Pictures\2007-02 (Feb)\HPIM0993.JPG

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
D:\Documents and Settings\L-J\My Documents\My Pictures\2007-02 (Feb)\HPIM0990.JPG

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B71FA585-B351-4E48-8DA8-22F6F705EC73}"="D:\WINDOWS\system32\ljjkjih.dll" []
"{B2030C9A-DE59-457D-A042-D827AD69C8F3}"="D:\WINDOWS\system32\xxywtqn.dll" []
"{E5225210-F293-40FE-BB2F-D5A3C7F13C47}"="D:\WINDOWS\system32\ljjjjji.dll" [2007-06-01 15:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjji]
ljjjjji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder
2007-05-30 21:14:03 D:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-26 11:16:28 D:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - L-J.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 15:57:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

D:\WINDOWS\system32\yayawus.dll

scan completed successfully
hidden files: 1

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

Completion time: 2007-06-01 16:18:43
D:\ComboFix-quarantined-files.txt ... 2007-06-01 16:18

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 16:28:29, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
D:\Documents and Settings\All Users\Application Data\hspuvety.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Documents and Settings\L-J\My Documents\download crap\VundoFix.exe
D:\PROGRA~1\TSKS~1\mmc.exe
D:\WINDOWS\?racle\??anregw.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\iTunes\iTunes.exe
D:\WINDOWS\system32\notepad.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\L-J\My Documents\download crap\hijack this\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {3CD3AD4D-A06D-4AB5-9CE9-8AEC3DFE1D2C} - D:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58695489-B242-4B44-86DF-1A85A707F314} - D:\WINDOWS\system32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96094763-A7A5-DE5C-D17A-8BADA9E825E9} - D:\WINDOWS\system32\skqnn.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - D:\WINDOWS\system32\xxywtqn.dll (file missing)
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - D:\WINDOWS\system32\ljjkjih.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - D:\WINDOWS\system32\ljjjjji.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hspuvety.exe] D:\Documents and Settings\All Users\Application Data\hspuvety.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bpuo] "D:\PROGRA~1\TSKS~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Wlm] D:\WINDOWS\?racle\??anregw.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjjjji - D:\WINDOWS\SYSTEM32\ljjjjji.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Still trying to get vundo log.

laura · June 2007

Hi,
here is the vundo log.

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 18:35:40 30/05/2007

Listing files found while scanning....

D:\WINDOWS\system32\ljjkjih.dll
D:\WINDOWS\system32\nqtss.bak1
D:\WINDOWS\system32\nqtss.bak2
D:\WINDOWS\system32\nqtss.ini
D:\WINDOWS\system32\rqrpqnm.dll
D:\WINDOWS\system32\sstqn.dll
D:\WINDOWS\system32\yayvwtt.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\ljjkjih.dll
D:\WINDOWS\system32\ljjkjih.dll Could not be deleted.

Attempting to delete D:\WINDOWS\system32\nqtss.bak1
D:\WINDOWS\system32\nqtss.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\nqtss.bak2
D:\WINDOWS\system32\nqtss.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\nqtss.ini
D:\WINDOWS\system32\nqtss.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\rqrpqnm.dll
D:\WINDOWS\system32\rqrpqnm.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\sstqn.dll
D:\WINDOWS\system32\sstqn.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\yayvwtt.dll
D:\WINDOWS\system32\yayvwtt.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\ljjkjih.dll
D:\WINDOWS\system32\ljjkjih.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 06:53:49 01/06/2007

Listing files found while scanning....

D:\WINDOWS\system32\fccdday.dll
D:\WINDOWS\system32\mpqss.bak1
D:\WINDOWS\system32\mpqss.bak2
D:\WINDOWS\system32\mpqss.ini
D:\WINDOWS\system32\mpqss.ini2
D:\WINDOWS\system32\mpqss.tmp
D:\WINDOWS\system32\ssqpm.dll
D:\WINDOWS\system32\ugqygcbj.dll
D:\WINDOWS\system32\xxywtqn.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\fccdday.dll
D:\WINDOWS\system32\fccdday.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\mpqss.bak1
D:\WINDOWS\system32\mpqss.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\mpqss.bak2
D:\WINDOWS\system32\mpqss.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\mpqss.ini
D:\WINDOWS\system32\mpqss.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\mpqss.ini2
D:\WINDOWS\system32\mpqss.ini2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\mpqss.tmp
D:\WINDOWS\system32\mpqss.tmp Has been deleted!

Attempting to delete D:\WINDOWS\system32\ssqpm.dll
D:\WINDOWS\system32\ssqpm.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\xxywtqn.dll
D:\WINDOWS\system32\xxywtqn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\xxywtqn.dll
D:\WINDOWS\system32\xxywtqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 07:11:48 01/06/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 13:12:01 01/06/2007

Listing files found while scanning....

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 13:37:21 01/06/2007

Listing files found while scanning....

D:\WINDOWS\system32\jkkkkhg.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\jkkkkhg.dll
D:\WINDOWS\system32\jkkkkhg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\jkkkkhg.dll
D:\WINDOWS\system32\jkkkkhg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 15:00:17 01/06/2007

Listing files found while scanning....

D:\WINDOWS\system32\ljjjjji.dll

Baabiouz · June 2007

Hi!

Run SDFix in safe mode, not in normal mode. It doesn't work in normal mode..
So, after SDfix please post SDfix's log

laura · June 2007

Hi, here is the SDFix log :

SDFix: Version 1.85

Run by L-J - 02/06/2007 - 1:23:06.21

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

D:\Program Files\Setup.exe - Deleted
D:\WINDOWS\Temp\win*.tmp - Deleted

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
D:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
D:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:

Backups Folder: - D:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

D:\Documents and Settings\L-J\Local Settings\Application Data\Microsoft\Messenger\alabamaviggo@hotmail.com\Sharing Folders\urbandamage@hotmail.co.uk\Thumbs.db
D:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll
D:\WINDOWS\system32\mljgh.dll
D:\Program Files\Common Files\Yazzle1162OinAdmin.exe
D:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
D:\WINDOWS\system32\Tools\All.exe
D:\WINDOWS\system32\Tools\Change.exe
D:\WINDOWS\system32\Tools\CheckPath.exe
D:\WINDOWS\system32\Tools\Counter.exe
D:\WINDOWS\system32\Tools\DelFolders.exe
D:\WINDOWS\system32\Tools\DirectSetup.exe
D:\WINDOWS\system32\Tools\RegClean.exe
D:\WINDOWS\system32\Tools\Regexe.exe
D:\WINDOWS\system32\Tools\Restart.exe
D:\WINDOWS\system32\Tools\RunRegexe.exe
D:\Program Files\InterActual\InterActual Player\iti1F.tmp

Finished

Baabiouz · June 2007

Hi!
#1

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

FUNWEB

And delete this folder:
D:\PROGRAM FiLES\IWINGA~1\
(folder like that..)

#2

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {3CD3AD4D-A06D-4AB5-9CE9-8AEC3DFE1D2C} - D:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {58695489-B242-4B44-86DF-1A85A707F314} - D:\WINDOWS\system32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {96094763-A7A5-DE5C-D17A-8BADA9E825E9} - D:\WINDOWS\system32\skqnn.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - D:\WINDOWS\system32\xxywtqn.dll (file missing)
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - D:\WINDOWS\system32\ljjkjih.dll (file missing)
O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - D:\WINDOWS\system32\ljjjjji.dll

O4 - HKLM\..\Run: [hspuvety.exe] D:\Documents and Settings\All Users\Application Data\hspuvety.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [Bpuo] "D:\PROGRA~1\TSKS~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Wlm] D:\WINDOWS\?racle\??anregw.exe

O20 - Winlogon Notify: ljjjjji - D:\WINDOWS\SYSTEM32\ljjjjji.dll

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

#3

Delete now this folder:

D:\PROGRAM FILES\TSKS~1
(someone like that..)

#4

Open Vundofix

Right click the list box (white box) in the main VundoFix window.
Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: D:\WINDOWS\system32\yayawus.dll
Copy and paste next in the second field: D:\WINDOWS\system32\skqnn.dll
Do the same thing for these files too:
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

#5

Open notepad and copy/paste the text in the quotebox below into it:

File::
D:\WINDOWS\g22032953.exe
D:\WINDOWS\g21669921.exe
D:\WINDOWS\g409562.exe
D:\WINDOWS\g67333140.exe
D:\WINDOWS\g66012453.exe
D:\WINDOWS\g64811421.exe
D:\WINDOWS\g63491171.exe
D:\WINDOWS\g62170906.exe
D:\WINDOWS\g60850625.exe
D:\WINDOWS\g59530343.exe
D:\WINDOWS\g58210359.exe
D:\WINDOWS\g57009375.exe
D:\WINDOWS\g55689046.exe
D:\WINDOWS\g54368718.exe
D:\WINDOWS\g53048468.exe
D:\WINDOWS\g51848812.exe
D:\WINDOWS\g50527718.exe
D:\WINDOWS\g8100125.exe
D:\WINDOWS\g33686859.exe
D:\WINDOWS\g32366484.exe
D:\WINDOWS\g31165515.exe
D:\WINDOWS\g29845187.exe
D:\WINDOWS\g28524765.exe
D:\WINDOWS\g27205390.exe
D:\WINDOWS\g26005359.exe
D:\WINDOWS\g3782234.exe
D:\WINDOWS\system32\sysmon32.exe
D:\WINDOWS\system32\winsys64.exe
D:\WINDOWS\g4058343.exe
D:\WINDOWS\g2852890.exe
D:\WINDOWS\g2493578.exe
D:\WINDOWS\g2326671.exe
D:\WINDOWS\g118598437.exe
D:\WINDOWS\g117398718.exe
D:\WINDOWS\g116196828.exe
D:\WINDOWS\g114876906.exe
D:\WINDOWS\g113554765.exe
D:\WINDOWS\g112234343.exe
D:\WINDOWS\g110914171.exe
D:\WINDOWS\g109713515.exe
D:\WINDOWS\g108393156.exe
D:\WINDOWS\g107072968.exe
D:\WINDOWS\g105752531.exe
C:\Documents and Settings\All Users\Application Data\hspuvety.exe
D:\WINDOWS\g81594062.exe
D:\WINDOWS\g79859093.exe
D:\WINDOWS\g78534437.exe
D:\WINDOWS\g77210703.exe
D:\WINDOWS\g75887437.exe
D:\WINDOWS\g74140765.exe
D:\WINDOWS\g72936109.exe
D:\WINDOWS\g71612953.exe
D:\WINDOWS\g69721468.exe
D:\WINDOWS\g68398296.exe
D:\WINDOWS\g67076328.exe
D:\WINDOWS\g65874375.exe
D:\WINDOWS\g64553203.exe
D:\WINDOWS\g63254703.exe
D:\WINDOWS\g57567421.exe
D:\WINDOWS\g56246140.exe
D:\WINDOWS\g54924921.exe
D:\WINDOWS\g53603843.exe
D:\WINDOWS\g52282296.exe
D:\WINDOWS\g51071671.exe
D:\WINDOWS\g49750562.exe
D:\WINDOWS\g48429000.exe
D:\WINDOWS\g47105218.exe
D:\WINDOWS\g45780984.exe
D:\WINDOWS\g44572015.exe
D:\WINDOWS\g43250093.exe
D:\WINDOWS\g41928078.exe
D:\WINDOWS\g40606125.exe
D:\WINDOWS\g39284718.exe
D:\WINDOWS\g37961375.exe
D:\WINDOWS\g36757859.exe
D:\WINDOWS\g35433859.exe
D:\WINDOWS\g34112343.exe
D:\WINDOWS\g32789000.exe
D:\WINDOWS\g31465062.exe
D:\WINDOWS\g30262718.exe
D:\WINDOWS\g28941859.exe
D:\WINDOWS\g27621531.exe
D:\WINDOWS\g26298812.exe
D:\WINDOWS\g24977734.exe
D:\WINDOWS\g23654171.exe
D:\WINDOWS\g22452171.exe
D:\WINDOWS\g21130453.exe
D:\WINDOWS\g19809906.exe
D:\WINDOWS\g18484328.exe
D:\WINDOWS\g17164031.exe
D:\WINDOWS\g15963265.exe
D:\WINDOWS\g14634531.exe
D:\WINDOWS\g13313656.exe
D:\WINDOWS\g11993625.exe
D:\WINDOWS\g10664343.exe
D:\WINDOWS\g9340875.exe
D:\WINDOWS\g8141140.exe
D:\WINDOWS\g6822625.exe
D:\WINDOWS\g5497187.exe
D:\WINDOWS\g4173328.exe
D:\WINDOWS\g123192375.exe
D:\WINDOWS\smgr.exe
D:\WINDOWS\SYSTEM32\smgr.exe

Folder::
D:\VundoFix Backups
D:\WINDOWS\?racle

Save this as ComboFix-Do.txt
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
IMG]http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif[/IMG]
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#6

Please, Post Combofix.txt, Vundofix log and HijackThislog.

laura · June 2007

Hi, I have the combofix and HIJack this logs :

"L-J" - 2007-06-03 5:21:37 Service Pack 2
ComboFix 07-05.27.BV - Running from: "D:\"
Command switches used :: ""D:\Documents and Settings\L-J\My Documents\ComboFix-Do.txt""

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

D:\WINDOWS\system32\idxmgpfc.dll
D:\WINDOWS\system32\ileiaknp.dll
D:\WINDOWS\system32\wvvwa.bak1
D:\WINDOWS\system32\wvvwa.ini
D:\WINDOWS\system32\hgjlm.bak1
D:\WINDOWS\system32\hgjlm.bak2
D:\WINDOWS\system32\hgjlm.ini
D:\WINDOWS\system32\wvvwa.bak1
D:\WINDOWS\system32\wvvwa.ini
D:\WINDOWS\system32\awvvw.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"D:\VundoFix Backups\efcbbbx.dll.bad"
"D:\VundoFix Backups\fccdday.dll.bad"
"D:\VundoFix Backups\jkkkkhg.dll.bad"
"D:\VundoFix Backups\ljjjjji.dll.bad"
"D:\VundoFix Backups\ljjkjih.dll.bad"
"D:\VundoFix Backups\mljgh.dll.bad"
"D:\VundoFix Backups\mpqss.bak1.bad"
"D:\VundoFix Backups\mpqss.bak2.bad"
"D:\VundoFix Backups\mpqss.ini.bad"
"D:\VundoFix Backups\mpqss.ini2.bad"
"D:\VundoFix Backups\mpqss.tmp.bad"
"D:\VundoFix Backups\nqtss.bak1.bad"
"D:\VundoFix Backups\nqtss.bak2.bad"
"D:\VundoFix Backups\nqtss.ini.bad"
"D:\VundoFix Backups\rqrpqnm.dll.bad"
"D:\VundoFix Backups\skqnn.dll.bad"
"D:\VundoFix Backups\ssqpm.dll.bad"
"D:\VundoFix Backups\sstqn.dll.bad"
"D:\VundoFix Backups\xxywtqn.dll.bad"
"D:\VundoFix Backups\yayawus.dll.bad"
"D:\VundoFix Backups\yayvwtt.dll.bad"
"D:\WINDOWS\g22032953.exe"
"D:\WINDOWS\g21669921.exe"
"D:\WINDOWS\g409562.exe"
"D:\WINDOWS\g67333140.exe"
"D:\WINDOWS\g66012453.exe"
"D:\WINDOWS\g64811421.exe"
"D:\WINDOWS\g63491171.exe"
"D:\WINDOWS\g62170906.exe"
"D:\WINDOWS\g60850625.exe"
"D:\WINDOWS\g59530343.exe"
"D:\WINDOWS\g58210359.exe"
"D:\WINDOWS\g57009375.exe"
"D:\WINDOWS\g55689046.exe"
"D:\WINDOWS\g54368718.exe"
"D:\WINDOWS\g53048468.exe"
"D:\WINDOWS\g51848812.exe"
"D:\WINDOWS\g50527718.exe"
"D:\WINDOWS\g8100125.exe"
"D:\WINDOWS\g33686859.exe"
"D:\WINDOWS\g32366484.exe"
"D:\WINDOWS\g31165515.exe"
"D:\WINDOWS\g29845187.exe"
"D:\WINDOWS\g28524765.exe"
"D:\WINDOWS\g27205390.exe"
"D:\WINDOWS\g26005359.exe"
"D:\WINDOWS\g3782234.exe"
"D:\WINDOWS\system32\sysmon32.exe"
"D:\WINDOWS\system32\winsys64.exe"
"D:\WINDOWS\g4058343.exe"
"D:\WINDOWS\g2852890.exe"
"D:\WINDOWS\g2493578.exe"
"D:\WINDOWS\g2326671.exe"
"D:\WINDOWS\g118598437.exe"
"D:\WINDOWS\g117398718.exe"
"D:\WINDOWS\g116196828.exe"
"D:\WINDOWS\g114876906.exe"
"D:\WINDOWS\g113554765.exe"
"D:\WINDOWS\g112234343.exe"
"D:\WINDOWS\g110914171.exe"
"D:\WINDOWS\g109713515.exe"
"D:\WINDOWS\g108393156.exe"
"D:\WINDOWS\g107072968.exe"
"D:\WINDOWS\g105752531.exe"
"D:\WINDOWS\g81594062.exe"
"D:\WINDOWS\g79859093.exe"
"D:\WINDOWS\g78534437.exe"
"D:\WINDOWS\g77210703.exe"
"D:\WINDOWS\g75887437.exe"
"D:\WINDOWS\g74140765.exe"
"D:\WINDOWS\g72936109.exe"
"D:\WINDOWS\g71612953.exe"
"D:\WINDOWS\g69721468.exe"
"D:\WINDOWS\g68398296.exe"
"D:\WINDOWS\g67076328.exe"
"D:\WINDOWS\g65874375.exe"
"D:\WINDOWS\g64553203.exe"
"D:\WINDOWS\g63254703.exe"
"D:\WINDOWS\g57567421.exe"
"D:\WINDOWS\g56246140.exe"
"D:\WINDOWS\g54924921.exe"
"D:\WINDOWS\g53603843.exe"
"D:\WINDOWS\g52282296.exe"
"D:\WINDOWS\g51071671.exe"
"D:\WINDOWS\g49750562.exe"
"D:\WINDOWS\g48429000.exe"
"D:\WINDOWS\g47105218.exe"
"D:\WINDOWS\g45780984.exe"
"D:\WINDOWS\g44572015.exe"
"D:\WINDOWS\g43250093.exe"
"D:\WINDOWS\g41928078.exe"
"D:\WINDOWS\g40606125.exe"
"D:\WINDOWS\g39284718.exe"
"D:\WINDOWS\g37961375.exe"
"D:\WINDOWS\g36757859.exe"
"D:\WINDOWS\g35433859.exe"
"D:\WINDOWS\g34112343.exe"
"D:\WINDOWS\g32789000.exe"
"D:\WINDOWS\g31465062.exe"
"D:\WINDOWS\g30262718.exe"
"D:\WINDOWS\g28941859.exe"
"D:\WINDOWS\g27621531.exe"
"D:\WINDOWS\g26298812.exe"
"D:\WINDOWS\g24977734.exe"
"D:\WINDOWS\g23654171.exe"
"D:\WINDOWS\g22452171.exe"
"D:\WINDOWS\g21130453.exe"
"D:\WINDOWS\g19809906.exe"
"D:\WINDOWS\g18484328.exe"
"D:\WINDOWS\g17164031.exe"
"D:\WINDOWS\g15963265.exe"
"D:\WINDOWS\g14634531.exe"
"D:\WINDOWS\g13313656.exe"
"D:\WINDOWS\g11993625.exe"
"D:\WINDOWS\g10664343.exe"
"D:\WINDOWS\g9340875.exe"
"D:\WINDOWS\g8141140.exe"
"D:\WINDOWS\g6822625.exe"
"D:\WINDOWS\g5497187.exe"
"D:\WINDOWS\g4173328.exe"
"D:\WINDOWS\g123192375.exe"
"D:\VundoFix Backups"

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

2007-06-03 05:08 2,580 --a

D:\WINDOWS\system32\gvmixwqf.exe
2007-06-02 17:30 2,580 --a

D:\WINDOWS\system32\mrkdorau.exe
2007-06-02 01:01 206 --a

D:\WINDOWS\g36572421.exe
2007-06-02 00:39 206 --a

D:\WINDOWS\g35237593.exe
2007-06-02 00:18 206 --a

D:\WINDOWS\g34026000.exe
2007-06-01 23:56 206 --a

D:\WINDOWS\g32705734.exe
2007-06-01 23:34 206 --a

D:\WINDOWS\g31385328.exe
2007-06-01 23:12 206 --a

D:\WINDOWS\g30064968.exe
2007-06-01 22:50 206 --a

D:\WINDOWS\g28744687.exe
2007-06-01 22:28 206 --a

D:\WINDOWS\g27424062.exe
2007-06-01 22:08 206 --a

D:\WINDOWS\g26216390.exe
2007-06-01 21:46 206 --a

D:\WINDOWS\g24895781.exe
2007-06-01 21:24 206 --a

D:\WINDOWS\g23576812.exe
2007-06-01 21:04 206 --a

D:\WINDOWS\g22384140.exe
2007-06-01 20:42 206 --a

D:\WINDOWS\g21058656.exe
2007-06-01 20:22 206 --a

D:\WINDOWS\g19850109.exe
2007-06-01 20:00 206 --a

D:\WINDOWS\g18525859.exe
2007-06-01 19:38 206 --a

D:\WINDOWS\g17205406.exe
2007-06-01 19:16 206 --a

D:\WINDOWS\g15884953.exe
2007-06-01 18:54 206 --a

D:\WINDOWS\g14564468.exe
2007-06-01 18:32 206 --a

D:\WINDOWS\g13247062.exe
2007-06-01 18:12 206 --a

D:\WINDOWS\g12044828.exe
2007-06-01 17:31 131,124 --a

D:\WINDOWS\system32\nsprcurd.dll
2007-06-01 17:29 2,580 --a

D:\WINDOWS\system32\whcwmjev.exe
2007-06-01 16:18 49,152 --a

D:\WINDOWS\nircmd.exe
2007-06-01 15:08 33,302

D:\WINDOWS\system32\ljjjjji.dll
2007-05-31 08:25 0 --a

D:\WINDOWS\system32\SBRC.dat
2007-05-31 02:00 0 --a

D:\WINDOWS\system32\SBFC.dat
2007-05-30 23:11 <DIR> d

D:\WINDOWS\CSC
2007-05-30 20:07 626,688 --a

D:\WINDOWS\system32\msvcr80.dll
2007-05-30 10:36 <DIR> d

D:\DOCUME~1\L-J\APPLIC~1\Opera
2007-05-30 09:56 <DIR> d

D:\WINDOWS\system32\appmgmt
2007-05-30 07:54 57,344 --a

D:\DOCUME~1\ALLUSE~1\APPLIC~1\hspuvety.exe
2007-05-29 06:16 <DIR> d

D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-29 05:41 <DIR> d