Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Hijackthis log need help
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Hijackthis log need help  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Hijackthis log need help
[ << Previous Thread | Next Thread >> ]

nora
New Member


Date Joined Sep 2007
Total Posts : 15
  		   Posted 9-29-2007 9:54 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
i have virus,worm and .....
need help and here are the log file
if i post wrong log file please let me know
thank you
 
Logfile of HijackThis v1.99.1
Scan saved at 4:44:09, on 2007-09-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank.la?g
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\YIESRVC.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: H - {C63BADC7-0FA2-4358-807D-9777FC021E60} - isdd.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rzfgzljq] D;]XJOEPXT]Tztufn43]Svoemm43/fyf!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu
O4 - HKLM\..\Run: [Sysmppcv] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\SysTdSvr.dll",Start
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ravjzmon] C:\Program Files\NetMeeting\ravjzmon.exe
O4 - HKLM\..\Run: [ravztmon] C:\Program Files\NetMeeting\ravztmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avpzx] C:\Program Files\NetMeeting\avpzx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Replay Radio] C:\Program Files\Replay Radio\ReplayRadio.exe -quiet
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\svchost.exe
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add To QQ Expression - C:\Program Files\Sanook!QQ\QQ\AddEmotion.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Sanook!QQ\QQ\SendMMS.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: เพิ่มเข้าในอิโมติคอนที่กำหนดเอง - C:\Program Files\Sanook!QQ\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\YIESRVC.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\msrav.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msrav.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172201757328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187313527343
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: rarjbpi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: System Event Logger (lDOMANE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device -   - C:\WINDOWS\System32\lxczcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows XP Vista         - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini
--------- rootlog.txt-------
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
Sat 09/29/2007  1:06:27.12
Driver msqmx (visible) is present. Run COMBOFIX by sUBs.
Driver mssock (visible) is present. Run COMBOFIX by sUBs.
********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 01:06:28
Windows 5.1.2600 Service Pack 1
scanning hidden processes ...
? [548]
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MSDCG32     = LYLeador.exe?                             
scanning hidden files ...
hidden processes: 1
hidden services: 0
hidden files: 0
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14294
  		   Posted 9-29-2007 11:39 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
Hi nora smile
 
 
Please run combofix and post that log

Do NOT post your problem in someone elses thread.

Back to Top
 

nora
New Member


Date Joined Sep 2007
Total Posts : 15
  		   Posted 9-29-2007 1:40 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
hi, here is the combofix.txt
ComboFix 07-09-21.2 - "Arthur" 09/29/2007  4:12:22.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.1.874.1.1033.18.198 [GMT -4:00]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
C:\Program Files\Internet Explorer\PLUGINS\SysWin74.Jmp
.
(((((((((((((((((((((((((   Files Created from 2007-08-28 to 2007-09-29  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
09/28/2007 11:11 AM 87 --a------ C:\WINDOWS\Fonts.\chreaur.fon
09/28/2007 10:42 AM 5376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
09/28/2007 10:40 AM --------- d-------- C:\Program Files\The Cleaner Free
09/28/2007 10:09 AM --------- d-------- C:\Program Files\Common Files\update
09/28/2007 10:06 PM --------- d-------- C:\Program Files\CCleaner
09/26/2007 09:26 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
09/26/2007 08:20 AM --------- d-------- C:\Program Files\Common Files\Ahead
09/14/2007 08:36 PM --------- d-------- C:\Program Files\Crazy Browser
08/11/2007 10:09 PM --------- d-------- C:\Program Files\Apple Software Update
08/11/2007 10:09 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
08/07/2007 03:38 AM 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
08/07/2007 03:38 AM 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
08/07/2007 03:34 AM 9232 --a------ C:\DOCUME~1\ARTHUR\mqdmmdfl.sys
08/07/2007 03:34 AM 92064 --a------ C:\DOCUME~1\ARTHUR\mqdmmdm.sys
08/07/2007 03:34 AM 79328 --a------ C:\DOCUME~1\ARTHUR\mqdmserd.sys
08/07/2007 03:34 AM 66656 --a------ C:\DOCUME~1\ARTHUR\mqdmbus.sys
08/07/2007 03:34 AM 6208 --a------ C:\DOCUME~1\ARTHUR\mqdmcmnt.sys
08/07/2007 03:34 AM 5936 --a------ C:\DOCUME~1\ARTHUR\mqdmwhnt.sys
08/07/2007 03:34 AM 4048 --a------ C:\DOCUME~1\ARTHUR\mqdmcr.sys
08/07/2007 03:34 AM 25600 --a------ C:\DOCUME~1\ARTHUR\usbsermptxp.sys
08/07/2007 03:34 AM 22768 --a------ C:\DOCUME~1\ARTHUR\usbsermpt.sys
08/07/2007 03:34 AM --------- d-------- C:\Program Files\Common Files\Motorola Shared
08/07/2007 02:43 AM --------- d-------- C:\DOCUME~1\ARTHUR\APPLIC~1\InstallShield
08/07/2007 02:20 AM --------- d-------- C:\Program Files\Avanquest update
08/07/2007 02:19 AM --------- d-------- C:\Program Files\Motorola Phone Tools
08/07/2007 02:19 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
08/05/2007 07:45 PM --------- d-------- C:\DOCUME~1\ARTHUR\APPLIC~1\FaxCtr
08/05/2007 04:32 AM --------- d-------- C:\Program Files\Lexmark 1200 Series
08/05/2007 01:01 PM --------- d-------- C:\Program Files\Lexmark Fax Solutions
08/05/2007 01:01 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
08/05/2007 01:00 PM --------- d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2004-08-04 15:11:40 22,604 --sh--w C:\WINDOWS\system32\rarjbpi.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C63BADC7-0FA2-4358-807D-9777FC021E60}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/28/2002 09:38 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 09:39 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/28/2003 03:19 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/02/2003 04:11 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [12/02/2003 04:11 PM]
"Tweak UI"="TWEAKUI.CPL" [10/12/2000 12:38 AM C:\WINDOWS\system32\TWEAKUI.CPL]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/10/2006 06:52 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/15/2006 11:01 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Device Detector"="DevDetect.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/12/2003 06:50 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/12/2006 01:58 AM]
"rzfgzljq"="D;]XJOEPXT]Tztufn43]Svoemm43/fyf!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu" []
"Sysmppcv"="C:\WINDOWS\System32\Rundll32.exe" [08/31/2001 04:51 PM]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [02/08/2007 06:52 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/08/2007 06:56 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"ravjzmon"="C:\Program Files\NetMeeting\ravjzmon.exe" [09/28/2007 10:09 AM]
"ravztmon"="C:\Program Files\NetMeeting\ravztmon.exe" [09/28/2007 10:09 AM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 04:59 PM]
"avpzx"="C:\Program Files\NetMeeting\avpzx.exe" [09/29/2007 04:10 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/28/2002 08:41 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]
"Replay Radio"="C:\Program Files\Replay Radio\ReplayRadio.exe" []
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [04/23/2007 05:06 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"RealUpdate"="C:\Program Files\Common Files\update\svchost.exe" [09/28/2007 11:29 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1AB09B3F-A6D0-4B55-B87D-264934EBEAED}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys74.Sys [09/29/2007 01:24 AM 48226]
"{3E32FA58-3453-FA2D-BC49-F340348ACCE3}"= C:\WINDOWS\System32\rsmycpm.dll [08/04/2004 10:29 AM 21078]
"{2598FF45-DA60-F48A-BC43-10AC47853D52}"= C:\WINDOWS\System32\rarjbpi.dll [08/04/2004 11:11 AM 22604]
"{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys [09/28/2007 10:22 PM 47714]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=rarjbpi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus System"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
SmallCenter
*Newly Created Service* - AVGASCLN
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 04:16:16
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
C:\Program Files\Internet Explorer\IEXPLORE.EXE [492] 0xFF93A780

scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/29/2007  4:35:04
C:\ComboFix-quarantined-files.txt ... 09/29/2007 04:35 AM
.
 --- E O F ---
Back to Top
 

nora
New Member


Date Joined Sep 2007
Total Posts : 15
  		   Posted 9-29-2007 1:41 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
hi, here is the report combofix.txt
ComboFix 07-09-21.2 - "Arthur" 09/29/2007  4:12:22.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.1.874.1.1033.18.198 [GMT -4:00]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
C:\Program Files\Internet Explorer\PLUGINS\SysWin74.Jmp
.
(((((((((((((((((((((((((   Files Created from 2007-08-28 to 2007-09-29  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
09/28/2007 11:11 AM 87 --a------ C:\WINDOWS\Fonts.\chreaur.fon
09/28/2007 10:42 AM 5376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
09/28/2007 10:40 AM --------- d-------- C:\Program Files\The Cleaner Free
09/28/2007 10:09 AM --------- d-------- C:\Program Files\Common Files\update
09/28/2007 10:06 PM --------- d-------- C:\Program Files\CCleaner
09/26/2007 09:26 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
09/26/2007 08:20 AM --------- d-------- C:\Program Files\Common Files\Ahead
09/14/2007 08:36 PM --------- d-------- C:\Program Files\Crazy Browser
08/11/2007 10:09 PM --------- d-------- C:\Program Files\Apple Software Update
08/11/2007 10:09 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
08/07/2007 03:38 AM 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
08/07/2007 03:38 AM 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
08/07/2007 03:34 AM 9232 --a------ C:\DOCUME~1\ARTHUR\mqdmmdfl.sys
08/07/2007 03:34 AM 92064 --a------ C:\DOCUME~1\ARTHUR\mqdmmdm.sys
08/07/2007 03:34 AM 79328 --a------ C:\DOCUME~1\ARTHUR\mqdmserd.sys
08/07/2007 03:34 AM 66656 --a------ C:\DOCUME~1\ARTHUR\mqdmbus.sys
08/07/2007 03:34 AM 6208 --a------ C:\DOCUME~1\ARTHUR\mqdmcmnt.sys
08/07/2007 03:34 AM 5936 --a------ C:\DOCUME~1\ARTHUR\mqdmwhnt.sys
08/07/2007 03:34 AM 4048 --a------ C:\DOCUME~1\ARTHUR\mqdmcr.sys
08/07/2007 03:34 AM 25600 --a------ C:\DOCUME~1\ARTHUR\usbsermptxp.sys
08/07/2007 03:34 AM 22768 --a------ C:\DOCUME~1\ARTHUR\usbsermpt.sys
08/07/2007 03:34 AM --------- d-------- C:\Program Files\Common Files\Motorola Shared
08/07/2007 02:43 AM --------- d-------- C:\DOCUME~1\ARTHUR\APPLIC~1\InstallShield
08/07/2007 02:20 AM --------- d-------- C:\Program Files\Avanquest update
08/07/2007 02:19 AM --------- d-------- C:\Program Files\Motorola Phone Tools
08/07/2007 02:19 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
08/05/2007 07:45 PM --------- d-------- C:\DOCUME~1\ARTHUR\APPLIC~1\FaxCtr
08/05/2007 04:32 AM --------- d-------- C:\Program Files\Lexmark 1200 Series
08/05/2007 01:01 PM --------- d-------- C:\Program Files\Lexmark Fax Solutions
08/05/2007 01:01 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
08/05/2007 01:00 PM --------- d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2004-08-04 15:11:40 22,604 --sh--w C:\WINDOWS\system32\rarjbpi.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C63BADC7-0FA2-4358-807D-9777FC021E60}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/28/2002 09:38 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 09:39 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/28/2003 03:19 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/02/2003 04:11 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [12/02/2003 04:11 PM]
"Tweak UI"="TWEAKUI.CPL" [10/12/2000 12:38 AM C:\WINDOWS\system32\TWEAKUI.CPL]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/10/2006 06:52 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/15/2006 11:01 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Device Detector"="DevDetect.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/12/2003 06:50 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/12/2006 01:58 AM]
"rzfgzljq"="D;]XJOEPXT]Tztufn43]Svoemm43/fyf!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu" []
"Sysmppcv"="C:\WINDOWS\System32\Rundll32.exe" [08/31/2001 04:51 PM]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [02/08/2007 06:52 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/08/2007 06:56 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"ravjzmon"="C:\Program Files\NetMeeting\ravjzmon.exe" [09/28/2007 10:09 AM]
"ravztmon"="C:\Program Files\NetMeeting\ravztmon.exe" [09/28/2007 10:09 AM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 04:59 PM]
"avpzx"="C:\Program Files\NetMeeting\avpzx.exe" [09/29/2007 04:10 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/28/2002 08:41 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]
"Replay Radio"="C:\Program Files\Replay Radio\ReplayRadio.exe" []
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [04/23/2007 05:06 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"RealUpdate"="C:\Program Files\Common Files\update\svchost.exe" [09/28/2007 11:29 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1AB09B3F-A6D0-4B55-B87D-264934EBEAED}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys74.Sys [09/29/2007 01:24 AM 48226]
"{3E32FA58-3453-FA2D-BC49-F340348ACCE3}"= C:\WINDOWS\System32\rsmycpm.dll [08/04/2004 10:29 AM 21078]
"{2598FF45-DA60-F48A-BC43-10AC47853D52}"= C:\WINDOWS\System32\rarjbpi.dll [08/04/2004 11:11 AM 22604]
"{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys [09/28/2007 10:22 PM 47714]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=rarjbpi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus System"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
SmallCenter
*Newly Created Service* - AVGASCLN
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 04:16:16
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
C:\Program Files\Internet Explorer\IEXPLORE.EXE [492] 0xFF93A780

scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/29/2007  4:35:04
C:\ComboFix-quarantined-files.txt ... 09/29/2007 04:35 AM
.
 --- E O F ---
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14294
  		   Posted 9-29-2007 2:54 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
Please download Free  Version of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
 
Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
 
to your desktop.
 
 
 
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
Reboot to Safe mode
 
 
 
 
 
 
 
 
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green  arrow in lower right corner It will now scan your  drive(s), say yes to all
 
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
 
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
 
 
 
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log
 
 
 
 
 
 
 
 
 
 
 

Do NOT post your problem in someone elses thread.

Back to Top
 

nora
New Member


Date Joined Sep 2007
Total Posts : 15
  		   Posted 9-30-2007 10:15 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
Logfile of HijackThis v1.99.1
Scan saved at 17:06:38, on 2007-09-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Arthur\Start Menu\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\YIESRVC.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [rzfgzljq] D;]XJOEPXT]Tztufn43]Svoemm43/fyf!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu
O4 - HKLM\..\Run: [Sysmppcv] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\SysTdSvr.dll",Start
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ravjzmon] C:\Program Files\NetMeeting\ravjzmon.exe
O4 - HKLM\..\Run: [ravztmon] C:\Program Files\NetMeeting\ravztmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avpzx] C:\Program Files\NetMeeting\avpzx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\svchost.exe
O4 - HKCU\..\Run: [Replay Radio] C:\Program Files\Replay Radio\ReplayRadio.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add To QQ Expression - C:\Program Files\Sanook!QQ\QQ\AddEmotion.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Sanook!QQ\QQ\SendMMS.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: เพิ่มเข้าในอิโมติคอนที่กำหนดเอง - C:\Program Files\Sanook!QQ\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\YIESRVC.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Sanook!QQ\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: Sanook! QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Sanook!QQ\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172201757328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172201713296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: rarjbpi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: System Event Logger (lDOMANE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\System32\lxczcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini (file missing)

=======================================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/30/2007 at 04:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3316
Trace Rules Database Version: 1317

Scan type : Complete Scan
Total Scan Time : 00:51:11

Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 5872
Registry threats detected : 0
File items scanned : 47132
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Arthur\Cookies\arthur@doubleclick.txt
C:\Documents and Settings\Arthur\Cookies\arthur@statse.webtrendslive.txt
C:\Documents and Settings\Arthur\Cookies\arthur@msnservices.112.2o7.txt
C:\Documents and Settings\Arthur\Cookies\arthur@m1.webstats.motigo.txt
C:\Documents and Settings\Arthur\Cookies\arthur@tribalfusion.txt
C:\Documents and Settings\Arthur\Cookies\arthur@fastclick.txt
C:\Documents and Settings\Arthur\Cookies\arthur@ad.yieldmanager.txt
C:\Documents and Settings\Arthur\Cookies\arthur@fwmail.teenee.txt
C:\Documents and Settings\Arthur\Cookies\arthur@atdmt.txt
C:\Documents and Settings\Arthur\Cookies\arthur@indextools.txt
C:\Documents and Settings\Arthur\Cookies\arthur@teenee.txt
C:\Documents and Settings\Arthur\Cookies\arthur@eas.apm.emediate.txt
C:\Documents and Settings\Arthur\Cookies\arthur@cgi-bin.txt
C:\Documents and Settings\Arthur\Cookies\arthur@statcounter.txt
C:\Documents and Settings\Arthur\Cookies\arthur@mediaplex.txt
C:\Documents and Settings\Arthur\Cookies\arthur@advertising.txt

Trojan.Security Toolbar
C:\Documents and Settings\Arthur\Favorites\Antivirus Test Online.url

=========================================================================


iexplore32.dat;c:\program files\internet explorer;Trojan.PWS.Gamania.origin;Incurable.Will be moved after reboot.;
iexplore32.win;c:\program files\internet explorer;Trojan.Hooker.258;Will be cured after reboot.;
isdd.dll;c:\windows\system32;Trojan.PWS.Finanz;Deleted.;
rarjbpi.dll;c:\windows\system32;Trojan.PWS.Gamania.4509;Will be cured after reboot.;
rsmycpm.dll;c:\windows\system32;Trojan.PWS.Gamania.4531;Will be cured after reboot.;
winsys64.sys;c:\program files\internet explorer\plugins;Trojan.PWS.Qqpass.1412;Will be cured after reboot.;
winsys74.sys;c:\program files\internet explorer\plugins;Trojan.PWS.Qqpass.1420;Will be cured after reboot.;
tmpdrv03534.exe;C:\WINDOWS\system32;Trojan.DownLoader.30845;Deleted.;
rarjbpi.dll;C:\WINDOWS\system32;Trojan.PWS.Gamania.4509;Will be cured after reboot.;
rsmycpm.dll;C:\WINDOWS\system32;Trojan.PWS.Gamania.4531;Will be cured after reboot.;
tmpdrv03534.exe;C:\WINDOWS\system32\wbem;Trojan.DownLoader.30845;Deleted.;
ck3.jpg.exe;C:\Documents and Settings\Arthur\Local Settings\Temp;Probably BACKDOOR.Trojan;;
c8.jpg.exe;C:\Documents and Settings\Arthur\Local Settings\Temp;Trojan.MulDrop.9099;Deleted.;
sa.jpg.exe;C:\Documents and Settings\Arthur\Local Settings\Temp;Trojan.MulDrop.origin;Incurable.Moved.;
IEXPLORE32.jmp;C:\Program Files\Internet Explorer;Probably BACKDOOR.Trojan;;
IEXPLORE32.Dat;C:\Program Files\Internet Explorer;Trojan.PWS.Gamania.origin;Incurable.Will be moved after reboot.;
IEXPLORE32.New;C:\Program Files\Internet Explorer;Trojan.MulDrop.9099;Deleted.;
IEXPLORE32.win;C:\Program Files\Internet Explorer;Trojan.Hooker.258;Will be cured after reboot.;
IEXPLORE32.ime;C:\Program Files\Internet Explorer;Trojan.MulDrop.origin;Incurable.Moved.;
WinSys64.Sys;C:\Program Files\Internet Explorer\PLUGINS;Trojan.PWS.Qqpass.1412;Will be cured after reboot.;
WinSys74.Sys;C:\Program Files\Internet Explorer\PLUGINS;Trojan.PWS.Qqpass.1420;Will be cured after reboot.;
ravwdmon.dat;C:\Program Files\NetMeeting;Trojan.PWS.Wsgame.1373;Deleted.;
ravjzmon.dat;C:\Program Files\NetMeeting;Trojan.PWS.Gamania.4211;Deleted.;
ravztmon.dat;C:\Program Files\NetMeeting;Trojan.PWS.Gamania.4315;Deleted.;
A0127268.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP480;Adware.Cdn;;
A0127270.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP480;Adware.Cdn;;
A0128866.exe;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0128867.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0128868.exe;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0128869.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0128873.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0128877.sys;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn - read error;;
A0128878.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0128881.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn.origin;;
A0128882.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP499;Adware.Cdn;;
A0131239.SYS;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131240.sys;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn - read error;;
A0131242.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131244.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131246.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131248.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131250.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131257.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131258.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0131259.exe;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP506;Adware.Cdn;;
A0139751.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP531;Trojan.Goner.82;Deleted.;
A0139769.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP531;Trojan.Goner.82;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP531\snapshot;Trojan.Goner.82;Deleted.;
A0140157.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP532;Trojan.Goner.82;Deleted.;
A0140162.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP532;Trojan.Popwin;Deleted.;
MFEX-2.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP532\snapshot;Trojan.Goner.82;Deleted.;
A0141776.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534;Trojan.MulDrop.9106;Deleted.;
A0141818.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0142205.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534;Trojan.Goner.82;Deleted.;
A0142260.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534;Trojan.Goner.82;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534\snapshot;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
MFEX-3.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534\snapshot;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
MFEX-5.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534\snapshot;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
MFEX-7.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP534\snapshot;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0142810.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536;Trojan.PWS.Wsgame.1445;Deleted.;
A0142812.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536;Trojan.MulDrop.9106;Deleted.;
A0142844.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536;Trojan.PWS.Wsgame.1445;Deleted.;
A0142847.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536;Trojan.MulDrop.9106;Deleted.;
A0143845.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536;Trojan.PWS.Wsgame.1445;Deleted.;
A0143848.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536;Trojan.MulDrop.9106;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536\snapshot;Trojan.DownLoader.origin;Incurable.Moved.;
MFEX-3.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP536\snapshot;Trojan.PWS.Wsgame.1445;Deleted.;
A0144296.exe;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP537;Adware.Cdn;;
A0144302.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP537;Trojan.MulDrop.9106;Deleted.;
A0144314.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP537;Trojan.PWS.Wsgame.1445;Deleted.;
A0144318.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP537;Trojan.DownLoader.origin;Incurable.Moved.;
A0145413.ini;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP537;BackDoor.Pigeon.origin;Incurable.Moved.;
MFEX-4.DAT;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP537\snapshot;Trojan.MulDrop.9106;Deleted.;
A0145641.New;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP539;Trojan.MulDrop.9099;Deleted.;
A0145659.New;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP539;Trojan.MulDrop.9099;Deleted.;
A0146665.dll;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP539;Trojan.PWS.Finanz;Deleted.;
A0146666.exe;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP539;Trojan.DownLoader.30845;Deleted.;
A0146667.exe;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP539;Trojan.DownLoader.30845;Deleted.;
A0146668.New;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP539;Trojan.MulDrop.9099;Deleted.;
A0141268.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP533;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0141664.DLL;C:\System Volume Information\_restore{49C36C24-A883-42C9-90D4-A6500D8DE6C9}\RP533;Trojan.Goner.82;Deleted.;
icsetup.exe.vir;C:\qoobox\Quarantine\C\DOCUME~1\Arthur;Adware.Cdn;;
SHQMANGR.DLL.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9106;Deleted.;
LYMANGR.DLL.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.1445;Deleted.;
SysTdSvr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.origin;Incurable.Moved.;
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14294
  		   Posted 10-1-2007 5:56 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
File::
C:\WINDOWS\system32\rarjbpi.dll
C:\Program Files\NetMeeting\ravjzmon.exe
C:\Program Files\NetMeeting\ravztmon.exe
C:\Program Files\NetMeeting\avpzx.exe
C:\Program Files\Internet Explorer\PLUGINS\WinSys74.Sys
C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys
C:\Program Files\Common Files\update\svchost.exe
C:\WINDOWS\System32\SysTdSvr.dll
C:\WINDOWS\RavMonE.exe
 
Folder::
C:\qoobox
 
 
----------------------------------------------
 
Save this as CFScript.txt
 
http://www.fromsej.saknet.dk/billeder/cfscript.gif
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
 
 
Post new hijackthis log along with fresh combofix log
 

Do NOT post your problem in someone elses thread.

Back to Top
 

nora
New Member


Date Joined Sep 2007
Total Posts : 15
  		   Posted 10-1-2007 7:16 (GMT +1)    Quote: Hijackthis log need helpAlert an admin about: Hijackthis log need help
Logfile of HijackThis v1.99.1
Scan saved at 02:12, on 2007-10-01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Arthur\Start Menu\Programs\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\YIESRVC.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [rzfgzljq] D;]XJOEPXT]Tztufn43]Svoemm43/fyf!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu
O4 - HKLM\..\Run: [Sysmppcv] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\SysTdSvr.dll",Start
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ravjzmon] C:\Program Files\NetMeeting\ravjzmon.exe
O4 - HKLM\..\Run: [ravztmon] C:\Program Files\NetMeeting\ravztmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avpzx] C:\Program Files\NetMeeting\avpzx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\svchost.exe
O4 - HKCU\..\Run: [Replay Radio] C:\Program Files\Replay Radio\ReplayRadio.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add To QQ Expression - C:\Program Files\Sanook!QQ\QQ\AddEmotion.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Sanook!QQ\QQ\SendMMS.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: เพิ่มเข้าในอิโมติคอนที่กำหนดเอง - C:\Program Files\Sanook!QQ\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\YIESRVC.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\msrav.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172201757328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172201713296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: rarjbpi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: System Event Logger (lDOMANE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\System32\lxczcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini (file missing)

=======================================================================
ComboFix 07-09-21.2 - "Arthur" 10/01/2007 1:57:29.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.874.1.1033.18.141 [GMT -6:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\rarjbpi.dll
C:\Program Files\NetMeeting\ravjzmon.exe
C:\Program Files\NetMeeting\ravztmon.exe
C:\Program Files\NetMeeting\avpzx.exe
C:\Program Files\Internet Explorer\PLUGINS\WinSys74.Sys
C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys
C:\Program Files\Common Files\update\svchost.exe
C:\WINDOWS\System32\SysTdSvr.dll
C:\WINDOWS\RavMonE.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\qoobox
C:\qoobox\BackEnv\APPDATA.folder.dat
C:\qoobox\BackEnv\CACHE.folder.dat
C:\qoobox\BackEnv\DESKTOP.folder.dat
C:\qoobox\BackEnv\FAVORITES.folder.dat
C:\qoobox\BackEnv\LOCAL APPDATA.folder.dat
C:\qoobox\BackEnv\LOCAL SETTINGS.folder.dat
C:\qoobox\BackEnv\MY PICTURES.folder.dat
C:\qoobox\BackEnv\PERSONAL.folder.dat
C:\qoobox\BackEnv\profiles.folder.dat
C:\qoobox\BackEnv\PROGRAMS.folder.dat
C:\qoobox\BackEnv\setpath.bat
C:\qoobox\BackEnv\START MENU.folder.dat
C:\qoobox\BackEnv\STARTUP.folder.dat
C:\qoobox\BackEnv\TEMPLATES.folder.dat
C:\qoobox\snapshot_Sat 09-29-2007_ 12431.85.dat
C:\qoobox\snapshot_Sat 09-29-2007_ 41710.56.dat

.
((((((((((((((((((((((((( Files Created from 2007-09-01 to 2007-10-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
09/30/2007 10:47 PM --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
09/30/2007 10:46 AM --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
09/30/2007 03:52 PM --------- d-------- C:\Program Files\SUPERAntiSpyware
09/30/2007 03:52 PM --------- d-------- C:\DOCUME~1\ARTHUR\APPLIC~1\SUPERAntiSpyware.com
09/30/2007 03:52 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
09/28/2007 11:11 AM 87 --a------ C:\WINDOWS\Fonts.\chreaur.fon
09/28/2007 10:42 AM 5376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
09/28/2007 10:40 AM