It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:













Posted 12/6/2005 6:29 PM
User avatar

Alfonso Valued member

Date Joined Nov 2016
Total Posts: 11
I need some help with my computer, i think it has some virus , can anyone help me please??? <br/> <br/> <br/> <br/> <br/>here is my HJT log <br/> <br/> <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 11:52:39 AM, on 12/6/2005 <br/>Platform: Windows 2000 (WinNT 5.00.2195) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\System32\Wintab32.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>C:\WINDOWS\system32\MSTask.exe <br/>C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe <br/>C:\WINDOWS\Explorer.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\System32\WBEM\WinMgmt.exe <br/>C:\WINDOWS\HPLRA.EXE <br/>C:\WINDOWS\System32\ccwtup32.exe <br/>C:\WINDOWS\GTCO\wtxpload.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\WINDOWS\GTCO\xpoint32.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/>C:\Program Files\MediaGateway\MediaGateway.exe <br/>C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe <br/>C:\Program Files\Microsoft Office\Office\Osa.exe <br/>C:\WINDOWS\System32\rundll32.exe <br/>C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe <br/>C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe <br/>C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe <br/>C:\Program Files\Kine\Runner.EXE <br/>C:\WINDOWS\system32\wincntrl.exe <br/>C:\temp\atiupdate.exe <br/>D:\WinZip\WINZIP32.EXE <br/>D:\WINZIP\wzqkpick.exe <br/>C:\temp\wz19c8\HijackThis.exe <br/> <br/>F0 - system.ini: Shell=progman.exe <br/>O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebyv.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe <br/>O4 - HKLM\..\Run: [RegAgent] C:\WINDOWS\HPLRA.EXE <br/>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe <br/>O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO <br/>O4 - HKLM\..\Run: [ntdll.dll] C:\windows\timessquare.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe <br/>O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer <br/>O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray <br/>O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe <br/>O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook <br/>O4 - HKCU\..\Run: [Norton Antivirus] nortonav.exe <br/>O4 - HKCU\..\RunServices: [Norton Antivirus] nortonav.exe <br/>O4 - Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe <br/>O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe <br/>O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe <br/>O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE <br/>O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe <br/>O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE <br/>O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE <br/>O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE <br/>O9 - Extra button: SMP/IS Help Home Page - {7C99025F-7982-42DD-826C-A744AD61A036} - C:\Program Files\MMI\helpsys\index.htm <br/>O9 - Extra 'Tools' menuitem: &SMP/IS Help - {7C99025F-7982-42DD-826C-A744AD61A036} - C:\Program Files\MMI\helpsys\index.htm <br/>O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <br/>O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <br/>O12 - Plugin for .spop: C:\Program Files\Plus!\Microsoft Internet\Plugins\NPDocBox.dll <br/>O16 - DPF: Yahoo! Chat - <br/>O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <br/>O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - <br/>O20 - Winlogon Notify: gebyv - C:\WINDOWS\SYSTEM32\gebyv.dll <br/>O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe <br/>O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe
Posted 12/7/2005 8:32 PM
User avatar

JSntgvr Advanced member

Date Joined Nov 2016
Total Posts: 526
Please print these instructions out for use in Safe Mode. <br/> <br/> <br/> <br/> <br/>Please download VundoFix.exe to your desktop: <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>Double-click VundoFix.exe to extract the files. <br/> <br/> <br/>This will create a VundoFix folder on your desktop. <br/> <br/> <br/>After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. <br/> <br/> <br/>Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat <br/> <br/> <br/>You will first be presented with a warning. <br/>It should look like this <br/> <br/> <br/> <br/> <br/>VundoFix V2.15 by Atri <br/>By using VundoFix you agree that you are doing so at your own risk. <br/> <br/> <br/>Press enter to continue <br/> <br/> <br/>At this point press Enter one time. <br/> <br/> <br/>Next you will see: <br/> <br/> <br/> <br/>Please Type in the filepath as instructed by the forum staff <br/>and then press enter: <br/> <br/> <br/> <br/>At this point please type the following file path (make sure to enter it exactly as below!): <br/> <br/> <br/> <br/>[3]C:\WINDOWS\System32\gebyv.dll[/3] <br/> <br/> <br/> <br/>Press Enter to continue with the fix. <br/> <br/> <br/>Next you will see: <br/> <br/> <br/> <br/>Please type in the second filepath as instructed by the forum <br/>staff then press enter: <br/> <br/> <br/> <br/>At this point please type the following file path (make sure to enter it exactly as below!): <br/> <br/> <br/> <br/>[3]C:\WINDOWS\system32\vybeg.*[/3] <br/> <br/> <br/> <br/>Press Enter to continue with the fix. <br/> <br/> <br/> <br/>The fix will run then Hijack This will open, if it does not open automatically please open it manually. <br/> <br/> <br/> <br/>In HiJackThis, please place a check next to the following items and click FIX CHECKED: <br/> <br/> <br/> <br/>O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebyv.dll <br/>O20 - Winlogon Notify: gebyv - C:\WINDOWS\SYSTEM32\gebyv.dll <br/> <br/> <br/>After you have fixed these items, close HijackThis. <br/> <br/> <br/> <br/>Press enter to exit the program then manually reboot your computer. <br/> <br/> <br/> <br/>The fix will tell you to shutdown using the Power button. Hold in your power button until the computer shuts down. Wait about 15 seconds and then restart the computer into regular windows. <br/> <br/>Chkdsk will run. This is normal. It will take a few minutes and is checking your file system because of the Bad Shutdown we caused. <br/> <br/> <br/> <br/>Once your machine reboots please continue with the instructions below. <br/> <br/> <br/> <br/>Perform an ActiveSCan: <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>Save the report to the desktop. <br/> <br/> <br/> <br/>Run HijackThis and post a fresh log and the vundofix.txt file from the vundofix folder, as well as the ActiveScan.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 1:28 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.