what is the problem?

View previous topic View next topic Go down

what is the problem?

Post by legend on 18th July 2009, 5:08 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:50 AM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\azim\My Documents\Downloads\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

[You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no

file)
R3 - URLSearchHook: AVG Security Toolbar BHO -

{A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} -

C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -

C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common

Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program

Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero

BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program

Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

[You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CAAC2C-F488-4CD4-BBB1-781813982E83}:

NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner -

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program

Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9780 bytes

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by Origin on 18th July 2009, 9:13 pm

Hello can you untick wordwrap in notepad, go to notepad, click on format, then click on wordwrap, now post a new HijackThis log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

cannot open task manager

Post by legend on 19th July 2009, 6:25 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:21 AM, on 7/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\azim\My Documents\Downloads\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

[You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no

file)
R3 - URLSearchHook: AVG Security Toolbar BHO -

{A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} -

C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -

C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common

Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program

Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero

BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program

Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

[You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CAAC2C-F488-4CD4-BBB1-781813982E83}:

NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner -

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program

Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10179 bytes

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by Origin on 19th July 2009, 7:36 pm

Hello legend,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
    O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
    O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
    O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegedit=1



  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by legend on 21st July 2009, 5:05 pm

thank you!!!!!!!!!!!!

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by Origin on 22nd July 2009, 4:09 pm

Please post the ComboFix log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by legend on 22nd July 2009, 5:58 pm

can't the posted message is too big

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by Origin on 24th July 2009, 6:13 pm

Please split the log into two posts or more if required.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

log

Post by legend on 25th July 2009, 1:24 pm

ComboFix 09-07-20.05 - azim 07/22/2009 0:47.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1540 [GMT 8:00]
Running from: c:\documents and settings\azim\My Documents\Downloads\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Seekapp
c:\program files\Seekapp
c:\windows\autorun.inf
c:\windows\Installer\18f2ed2.msi
c:\windows\Installer\507f3d.msp
c:\windows\kb913800.exe
c:\windows\system32\bad1.exe
c:\windows\system32\bad2.exe
c:\windows\system32\bad3.exe
c:\windows\system32\msmsgs.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-17 21:04 . 2009-07-17 21:04 -------- d-----w- c:\documents and settings\ere\Local Settings\Application Data\Ahead
2009-07-17 21:04 . 2009-07-17 21:04 -------- d-----w- c:\documents and settings\ere\Application Data\Nero
2009-07-17 21:04 . 2009-07-17 21:04 -------- d-----w- c:\documents and settings\ere\Local Settings\Application Data\Scansoft
2009-07-17 20:43 . 2009-07-17 20:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-17 17:17 . 2009-06-14 08:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-14 18:02 . 2009-07-14 18:02 -------- d-----w- c:\windows\system32\NtmsData
2009-07-11 05:31 . 2009-07-11 05:31 -------- d-----w- c:\documents and settings\azim\Local Settings\Application Data\AVG Security Toolbar
2009-07-11 05:30 . 2009-07-17 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-11 05:30 . 2009-07-11 05:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-10 15:37 . 2009-07-10 15:37 -------- d-----w- c:\documents and settings\azim\Local Settings\Application Data\Ahead
2009-07-10 15:16 . 2009-07-10 15:16 -------- d-----w- c:\documents and settings\azim\Application Data\Nero
2009-07-10 15:14 . 2009-07-10 15:15 -------- d-----w- c:\program files\Common Files\Nero
2009-07-10 15:14 . 2009-07-10 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-10 15:14 . 2009-07-10 15:14 -------- d-----w- c:\program files\Nero
2009-07-10 08:57 . 2009-07-10 08:57 2149376 ----a-w- c:\windows\system32\kernel1.exe
2009-07-09 17:09 . 2009-07-09 17:09 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-09 16:58 . 2009-07-09 16:58 -------- d-----w- c:\program files\TGTSoft
2009-07-08 11:08 . 2009-07-08 11:08 -------- d-----w- c:\documents and settings\azim\Local Settings\Application Data\My Games
2009-07-08 07:14 . 2009-07-08 07:15 -------- d-----w- c:\windows\nview
2009-07-08 07:13 . 2006-11-17 09:29 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-08 07:12 . 2006-11-17 11:21 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-07 18:18 . 2009-07-07 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-07 17:57 . 2009-07-07 17:57 -------- d-----w- C:\NVIDIA
2009-07-07 16:39 . 2006-11-17 09:29 4541824 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-07 16:39 . 2006-11-17 09:29 3994688 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-07 16:02 . 2009-07-07 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-07-07 15:55 . 2009-07-07 15:55 -------- d-----w- c:\program files\Innovative Solutions
2009-07-06 14:11 . 2009-07-06 14:11 -------- d-----w- c:\program files\Matroska Pack
2009-07-06 08:24 . 2009-07-06 08:24 -------- d--h--r- c:\documents and settings\azim\Application Data\SecuROM
2009-07-05 15:53 . 2009-07-05 15:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-05 15:50 . 2009-07-05 15:49 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-05 15:49 . 2009-07-05 15:49 22328 ----a-w- c:\documents and settings\azim\Application Data\PnkBstrK.sys
2009-07-05 15:48 . 2009-07-05 15:48 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-05 15:48 . 2009-07-05 15:48 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-05 15:48 . 2009-07-05 15:48 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-05 12:40 . 2004-08-03 16:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-05 12:40 . 2001-08-17 14:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-03 14:52 . 2009-07-06 07:41 -------- d-----w- c:\documents and settings\azim\Application Data\Software Informer
2009-07-03 14:52 . 2009-07-03 14:52 -------- d-----w- c:\program files\Software Informer
2009-07-03 14:52 . 2009-07-21 16:49 -------- d-----w- c:\documents and settings\azim\Application Data\Free Download Manager
2009-07-03 14:52 . 2009-07-03 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-07-03 14:52 . 2009-07-03 14:53 -------- d-----w- c:\program files\Free Download Manager
2009-07-02 16:43 . 2009-07-02 16:43 278016 ----a-w- c:\windows\WAR3.SCR
2009-07-02 16:43 . 2009-07-02 16:43 -------- d-----w- c:\windows\SOFTDISK
2009-07-02 16:03 . 2009-07-02 16:03 -------- d-----w- c:\windows\Icons
2009-07-02 16:03 . 2009-07-02 16:03 -------- d-----w- c:\program files\FileSubmit
2009-07-02 15:43 . 2008-04-26 08:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-07-02 15:43 . 2009-07-02 15:43 -------- d-----w- c:\program files\Stardock
2009-07-01 15:52 . 2009-07-01 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-01 15:52 . 2009-07-10 12:39 -------- d-----w- c:\documents and settings\azim\Application Data\SUPERAntiSpyware.com
2009-07-01 15:52 . 2009-07-10 12:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-27 21:32 . 2009-07-20 14:12 -------- d-----w- C:\Downloads
2009-06-27 19:56 . 2009-07-02 14:24 -------- d-----w- c:\program files\FlashGet
2009-06-25 16:45 . 2009-06-25 16:46 -------- d-----w- c:\program files\CCleaner
2009-06-24 18:54 . 2009-07-01 14:25 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-24 18:54 . 2006-07-28 17:22 51712 ----a-w- c:\windows\system32\coodest.dll
2009-06-24 18:03 . 2009-06-24 18:04 -------- d-----w- c:\documents and settings\azim\Application Data\DivX
2009-06-24 18:01 . 2009-05-01 21:03 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-06-24 18:01 . 2009-05-01 21:03 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-06-23 15:29 . 2009-06-23 15:29 -------- d-sh--w- c:\windows\ftpcache

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

log 2

Post by legend on 25th July 2009, 1:25 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 16:32 . 2009-05-27 07:37 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-07-21 16:22 . 2009-05-31 11:12 -------- d-----w- c:\documents and settings\azim\Application Data\DNA
2009-07-21 16:12 . 2009-05-31 11:12 -------- d-----w- c:\program files\DNA
2009-07-18 16:58 . 2009-05-31 11:53 -------- d-----w- c:\program files\Java
2009-07-18 16:53 . 2009-05-31 19:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 21:06 . 2009-07-17 21:06 -------- d-----w- c:\documents and settings\Guest\Application Data\Nero
2009-07-16 14:11 . 2009-06-13 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-07-11 05:30 . 2009-05-26 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-11 05:30 . 2009-05-26 18:10 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 05:30 . 2009-05-26 18:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-07 17:04 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP826e.tmp
2009-07-07 17:03 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP7dda.tmp
2009-07-07 17:02 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP7a8f.tmp
2009-07-07 16:59 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP7f13.tmp
2009-07-07 16:56 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP79e3.tmp
2009-07-07 16:54 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP7f71.tmp
2009-07-07 16:52 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP81f1.tmp
2009-07-07 16:47 . 2009-05-26 23:24 98304 ----a-w- c:\windows\DUMP7b3a.tmp
2009-07-05 15:30 . 2009-06-18 06:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 21:33 . 2009-05-26 18:10 -------- d-----w- c:\documents and settings\azim\Application Data\AVGTOOLBAR
2009-06-27 19:47 . 2009-05-27 07:41 -------- d-----w- c:\program files\Yahoo!
2009-06-25 16:52 . 2009-05-26 17:08 -------- d-----w- c:\program files\Winamp
2009-06-24 18:55 . 2009-05-28 07:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-20 17:53 . 2009-06-20 17:53 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-20 17:53 . 2009-06-20 17:53 -------- d-----w- c:\documents and settings\azim\Application Data\DAEMON Tools
2009-06-18 08:03 . 2009-06-18 08:03 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-06-18 06:50 . 2009-06-18 06:48 -------- d-----w- c:\program files\doom 3
2009-06-18 06:48 . 2009-06-18 06:48 -------- d-----w- c:\program files\Activision
2009-06-18 06:47 . 2009-06-13 17:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-16 06:13 . 2009-05-26 17:56 72832 ----a-w- c:\documents and settings\azim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 17:18 . 2009-06-13 17:07 -------- d-----w- c:\program files\Canon
2009-06-13 17:17 . 2009-06-13 17:17 -------- d-----w- c:\documents and settings\azim\Application Data\ScanSoft
2009-06-13 17:17 . 2009-06-13 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-13 17:17 . 2009-06-13 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-13 17:17 . 2009-06-13 17:17 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-13 17:17 . 2009-06-13 17:17 -------- d-----w- c:\program files\ScanSoft
2009-06-13 17:08 . 2009-06-13 17:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-06-13 17:07 . 2009-06-13 17:07 -------- d--h--w- c:\program files\CanonBJ
2009-06-09 20:26 . 2009-06-09 20:26 -------- d-----w- c:\program files\7-Zip
2009-06-09 20:22 . 2009-06-09 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-02 13:26 . 2009-05-31 11:55 -------- d-----w- c:\documents and settings\azim\Application Data\FrostWire
2009-06-02 08:30 . 2009-05-31 11:45 -------- d-----w- c:\program files\FrostWire
2009-05-31 12:19 . 2009-05-31 12:19 0 ----a-w- c:\documents and settings\azim\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-05-31 11:53 . 2009-05-31 11:53 -------- d-----w- c:\program files\Common Files\Java
2009-05-29 17:53 . 2009-05-29 17:19 -------- d-----w- c:\documents and settings\azim\Application Data\Audacity
2009-05-29 17:13 . 2009-05-29 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-05-29 17:12 . 2009-05-26 16:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 16:06 . 2009-05-29 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-28 13:09 . 2009-05-28 13:09 -------- d-----w- c:\program files\Common Files\Protexis
2009-05-28 13:09 . 2009-05-28 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-05-28 13:08 . 2009-05-28 13:08 -------- d-----w- c:\program files\Common Files\Corel
2009-05-28 12:26 . 2009-05-28 12:26 -------- d-----w- c:\program files\Adobe Media Player
2009-05-28 12:24 . 2009-05-28 12:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-28 12:21 . 2009-05-28 12:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-28 08:40 . 2009-05-28 08:40 -------- d-----w- c:\program files\Real Alternative
2009-05-28 07:03 . 2009-05-28 07:03 -------- d-----w- c:\documents and settings\azim\Application Data\Media Player Classic
2009-05-27 09:55 . 2009-05-27 09:55 -------- d-----w- c:\program files\MyRealGames.com
2009-05-27 08:23 . 2009-05-27 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-27 08:23 . 2009-05-27 08:23 -------- d-----w- c:\program files\QuickTime Alternative
2009-05-27 07:44 . 2009-05-27 07:44 0 ----a-w- c:\windows\nsreg.dat
2009-05-27 07:43 . 2009-05-27 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-26 18:10 . 2009-05-26 18:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 18:10 . 2009-05-26 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-26 17:58 . 2009-05-26 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-26 17:48 . 2009-05-26 17:48 -------- d-----w- c:\program files\AVG
2009-05-26 17:08 . 2009-05-26 17:08 -------- d-----w- c:\documents and settings\azim\Application Data\Winamp
2009-05-26 16:05 . 2009-05-26 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\program files\MSBuild
2009-05-26 15:45 . 2009-05-26 15:45 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 15:41 . 2009-05-26 15:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-26 15:41 . 2009-05-26 15:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-21 13:31 . 2009-05-27 07:41 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 08:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-21 4351216]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2006-10-15 1694208]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-11 1948440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

c:\documents and settings\azim\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-11 05:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"g:\\Warhammer 40,000 Dawn of War II\\DOW2.exe"=
"c:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe"=
"g:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"g:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"g:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2009 2:10 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2009 2:10 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/27/2009 2:10 AM 298776]

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

log 3

Post by legend on 25th July 2009, 1:26 pm

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-fsm - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D9CAAC2C-F488-4CD4-BBB1-781813982E83} = 202.188.0.133 202.188.1.5
FF - ProfilePath - c:\documents and settings\azim\Application Data\Mozilla\Firefox\Profiles\luh4vd75.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-22 00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1580818891-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:23,eb,45,cd,f5,cd,72,5a,7e,36,54,74,cd,d7,b8,f5,05,8b,5a,c1,c5,
e1,8a,bb,b4,70,97,54,8d,8d,a4,d8,94,61,87,d1,a9,95,5a,eb,18,39,cd,a3,63,b1,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
Completion time: 2009-07-21 0:51
ComboFix-quarantined-files.txt 2009-07-21 16:51

Pre-Run: 65,931,812,864 bytes free
Post-Run: 66,039,169,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

318

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by Belahzur on 25th July 2009, 7:38 pm

Hello.

I see that you are running Frostwire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Frostwire
  • Mozilla Firefox 3.5 beta 4 << 3.5 is no longer in beta stages, so I would prefer you uninstall the beta and install 3.5.1

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\Program Files\FrostWire
    c:\windows\DUMP*.tmp
    c:\program files\DNA
    c:\documents and settings\azim\Application Data\DNA
    c:\program files\FrostWire
    c:\windows\system32\kernel1.exe

    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: what is the problem?

Post by legend on 26th July 2009, 6:11 am

========== FILES ==========
c:\Program Files\FrostWire moved successfully.
c:\windows\DUMP79e3.tmp moved successfully.
c:\windows\DUMP7a8f.tmp moved successfully.
c:\windows\DUMP7b3a.tmp moved successfully.
c:\windows\DUMP7dda.tmp moved successfully.
c:\windows\DUMP7f13.tmp moved successfully.
c:\windows\DUMP7f71.tmp moved successfully.
c:\windows\DUMP81f1.tmp moved successfully.
c:\windows\DUMP826e.tmp moved successfully.
c:\program files\DNA\plugins moved successfully.
c:\program files\DNA moved successfully.
c:\documents and settings\azim\Application Data\DNA moved successfully.
File/Folder c:\program files\FrostWire not found.
c:\windows\system32\kernel1.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\AntiVirusOverride deleted successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 07262009_140753

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: what is the problem?

Post by Belahzur on 26th July 2009, 5:30 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: what is the problem?

Post by legend on 28th July 2009, 5:29 pm

ok....thank you.......

legend
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-18
OS OS : windows 7 ultimate 32bit
Points Points : 27047
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum