Hi there, I have just joined Gladiator because my PC has somehow been infected with the 'Generic4' and 'PEPatch' Trojan viruses. It keeps shutting down while playing downloaded games either online or offline without any notification.
I am currently running AVG Virus Scanning software and Ad-Aware 2007.
I have run HijackThis and this is my logfile.

Please let me know what to do to fix this problem....thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:30 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigbutton.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bigbutton.com.au/members/cd/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bigbutton.com.au/members/cd/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigbutton.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bigbutton.com.au/members/cd/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bigbutton.com.au/members/cd/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigbutton.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Big Button - Adelaide's Easier Internet
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atmdiag] C:\WINDOWS\system32\atmconf.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wincrt.exe] C:\WINDOWS\wincrt.exe s
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\dskcss.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\dskcss.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28C8823F-81CD-450B-9A32-1ED4AA05DAB4}: NameServer = 203.57.68.5 203.57.68.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{28C8823F-81CD-450B-9A32-1ED4AA05DAB4}: NameServer = 203.57.68.5 203.57.68.7
O20 - AppInit_DLLs: jpgstat.dll confxxn.dll confjpg.dll confjfg.dll jfgstat.dll e1.dll con321.dll
O20 - Winlogon Notify: jfgmgr - jfgmgr32.dll (file missing)
O20 - Winlogon Notify: msjtwinr - C:\WINDOWS\system32\msjtwinr.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 7966 bytes

First:
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Press the 'Scan' button and when done check the following items in HijackThis:
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [atmdiag] C:\WINDOWS\system32\atmconf.exe
O4 - HKLM\..\Run: [wincrt.exe] C:\WINDOWS\wincrt.exe s
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\dskcss.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\dskcss.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O20 - AppInit_DLLs: jpgstat.dll confxxn.dll confjpg.dll confjfg.dll jfgstat.dll e1.dll con321.dll
O20 - Winlogon Notify: jfgmgr - jfgmgr32.dll (file missing)
O20 - Winlogon Notify: msjtwinr - C:\WINDOWS\system32\msjtwinr.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)

Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\Program Files\AskSBar\ <--delete entire folder,
C:\WINDOWS\system32\atmconf.exe
C:\WINDOWS\wincrt.exe s
C:\WINDOWS\dskcss.exe -s
C:\WINDOWS\dskcss.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O20 - AppInit_DLLs: jpgstat.dll confxxn.dll confjpg.dll confjfg.dll jfgstat.dll e1.dll con321.dll
O20 - Winlogon Notify: jfgmgr - jfgmgr32.dll (file missing)
O20 - Winlogon Notify: msjtwinr - C:\WINDOWS\system32\msjtwinr.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)


*How to Boot into Safe mode:
http://www.computerhope.com/issues/chsafe.htm

**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode


Second:
Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

When making replies, please do not create a new topic as your reply. Instead just add the reply to the existing topic

Hi Lophatphuud,

Thanks for the advice.
I followed the steps you mentioned in your post and downloaded Combofix 2 my desktop and ran it.

Here is the logfile generated.

Can you please let me know what step 2 take next?

Timbo

ComboFix 07-12-02.6 - Lisa 2007-12-06 19:40:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT 10.5:30]
Running from: C:\Documents and Settings\Lisa\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lisa\Application Data\FunWebProducts
C:\Documents and Settings\Lisa\Application Data\FunWebProducts\Data\Lisa\avatar.dat
C:\Documents and Settings\Lisa\Application Data\FunWebProducts\Data\Lisa\register.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\017963D1.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\WINDOWS\system32\drivers\sfsync02.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTLDR.SYS
-------\LEGACY_QQD.SYS
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 19:05 . 2007-12-06 19:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-06 18:44 . 2007-12-06 19:34 91,648 --a------ C:\cp1041.nls
2007-12-03 19:56 . 2007-12-03 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 17:53 . 2007-12-04 20:50 <DIR> d-------- C:\Program Files\FrostWire
2007-11-27 17:53 . 2007-12-04 19:02 <DIR> d-------- C:\Documents and Settings\Lisa\Application Data\FrostWire
2007-11-19 13:23 . 2007-11-19 13:23 <DIR> d-------- C:\Documents and Settings\Lisa\Application Data\TVU Networks
2007-11-11 19:52 . 2007-11-11 19:52 434 --a------ C:\WINDOWS\Operation.ini
2007-11-09 19:56 . 2007-11-09 19:56 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 06:45 --------- d-----w C:\Documents and Settings\Lisa\Application Data\AVG7
2007-12-03 09:26 --------- d-----w C:\Program Files\Lavasoft
2007-12-03 09:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 05:13 --------- d-----w C:\Program Files\eGames
2007-11-20 07:46 --------- d-----w C:\Program Files\Yahoo! Games
2007-11-20 06:22 --------- d-----w C:\Program Files\LimeWire
2007-11-20 04:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 09:22 --------- d-----w C:\Program Files\Hasbro Interactive
2007-10-15 07:35 63,488 ----a-w C:\WINDOWS\xobglu16.dll
2007-10-15 07:35 23,552 ----a-w C:\WINDOWS\xobglu32.dll
2007-07-19 11:40 33,480 ----a-w C:\Documents and Settings\Lisa\Application Data\GDIPFONTCACHEV1.DAT
2007-01-18 00:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-03 07:36 175 ----a-w C:\Documents and Settings\Lisa\BEETLE.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:26]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 13:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 23:03 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:24 C:\WINDOWS\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [2004-06-29 19:12 C:\WINDOWS\sm56hlpr.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-18 17:44]
"atmdiag"="C:\WINDOWS\system32\atmconf.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-26 16:38]
"wincrt.exe"="C:\WINDOWS\wincrt.exe" []
"SoundMnEx32"="C:\WINDOWS\dskcss.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-27 09:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 03:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 18:26]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 09:49]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-02 14:51:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfgmgr]
jfgmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msjtwinr]
C:\WINDOWS\system32\msjtwinr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jpgstat.dll confxxn.dll confjpg.dll confjfg.dll jfgstat.dll e1.dll con321.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43ed60-40c7-11dc-a0d3-00110902e21f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 19:44:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 19:44:49 - machine was rebooted
.
--- E O F ---