[zeidan]

anything wrong with this log file by hijackthis?

Logfile of HijackThis v1.99.1
Scan saved at 2:01:40 PM, on 6/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AvantGo Connect\wmalfile.exe
C:\windows\system32\spool\printers\FireDaemon.exe
C:\windows\system32\spool\printers\FireDaemon.exe
C:\WINDOWS\system32\spool\PRINTERS\dll32.exe
c:\windows\system32\spool\printers\events.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Documents and Settings\DAVE\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kjije.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,vfomoej.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {3BB23CFE-6725-4CDC-9CCF-A19914E3FAAA} (EACAdminDownload.eacDownload) - https://ea9.eautocla...eacdownload.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093360564583
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - https://imaging.emit.../../saxfile.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {ED03E47C-D12B-4798-B016-E6EAA05FD1FA} (MitFIOCX.FIData) - https://imaging.emit....com/FIData.CAB
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: FireDaemon Service: lock (lock) - Unknown owner - c:\winnt\shellnew\bin\drivers\input\data\FireDaemon.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: FireDaemon Service: srvmon (srvmon) - Unknown owner - c:\winnt\shellnew\bin\drivers\input\data\FireDaemon.EXE
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

Edited by zeidan, 11 June 2006 - 03:07 PM.

[Advertisements]

Hi zeidan and Welcome to GeekstoGo!

Could post an uninstall list for me please,

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• Click on the Save list... button and specify where you would like to save this file.
• When you press Save button a notepad will open with the contents of that file.
• Simply copy and paste the contents of that notepad into this topic please.

[Wizard]

Hi zeidan and Welcome to GeekstoGo!

Could post an uninstall list for me please,

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• Click on the Save list... button and specify where you would like to save this file.
• When you press Save button a notepad will open with the contents of that file.
• Simply copy and paste the contents of that notepad into this topic please.

[zeidan]

did as you requested and below is what i have.

Ad-Aware SE Personal
Adobe Acrobat 6.0.1 Professional
Adobe PageMaker 7.0
ATI Display Driver
ATI Multimedia Center
AVI DivX to DVD SVCD VCD Converter 1.3.0
Bejeweled 2 Deluxe 1.0
Concord WinFax Plugin v3.0
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.15
DivX
DivX Player
DVD Shrink 3.2
Easy Video to Audio Converter 1.2.4
eJuster Transfer
eJuster Transfer (C:\Program Files\EAC\)
eJuster Transfer (C:\Program Files\EAC\) #3
eJuster Transfer (C:\Program Files\EAC\) #4
eJuster Transfer (C:\Program Files\EAC\) #5
eJuster Transfer (C:\Program Files\EAC\) #6
ewido anti-malware
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Earth
HijackThis 1.99.1
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
IsoBuster 1.4
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2
Kazaa Lite K++ v2.4.2
LimeWire PRO 4.10.9
LiveReg (Symantec Corporation)
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Flash Player 8
MAPP Matrix Maintenance Client
Microsoft .NET Framework 1.1
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
Microsoft XML Parser SDK
mIRC
Mozilla Firefox (1.5)
MSN Add-in for Windows Messenger
MSN Messenger 6.2
Navman SmartST Desktop Version 3 for iCN500 Series
Nero 7 Ultra Edition
NovaBACKUP
Outlook Express Q823353
PowerDVD
RAW FILE CONVERTER LE
RealPlayer
Serials 2000
Shockwave
SmartSound Quicktracks Plugin
Spy Sweeper
Spybot - Search & Destroy 1.3
Streambox Ripper
Sunbelt CounterSpy
Super Text Twist
Symantec WinFax PRO
Tricks
U.S. Robotics V.92 PCI Faxmodem
Ulead CD & DVD PictureShow 3 SE
Ulead Data-Add 2.0
Ulead DVD MovieFactory 4 Suite Deluxe
Ulead DVD Player 2.0
Ulead Photo Explorer 8.5 SE
Ulead VideoStudio 9.0 SE DVD
USB Driver Vers. 3.2
Video to Audio Converter 1.00
VideoLAN VLC media player 0.8.2
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311542 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q319949 for more information]
Windows XP Hotfix (SP1) [See Q320552 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinRAR archiver
XoftSpy

[Wizard]

Lets try this scanner

Download GMER from Here

Right Click the Zip and Select "Extract All"

Double Click gmer.exe to launch the program.

Click on the Rootkit Tab and then click Scan.

It takes a while to run,once complete,copy the results to notepad and save them somewhere safe.

Post those results in the next reply.