PDA

View Full Version : [Support] Virus Problem? Hijackthis Fix? Pasok lang po.



Pages : 1 [2] 3 4 5

oplingko
4th Mar 2012, 16:09
@ oplingko :hello:

Ok yung avenger and HJT logs mo. Successful sa pagdelete ng infected items and your system is running fine now according with your HJT logs. Congrats po. Ano na po pakiramdan mo sa system nyo po? :D Always maintain to use CCleaner mo para maging malinis at bibilis ang performance ng system mo. About your combofix logs. E attach mo nlng po dito wag mo nlng e post. Ok? I assume your system now is in good condition.. observe mo nlng po. :D

haha! okay pa po sa alright TS! sobrang happy ko nga eh :yipee::yipee::yipee:
salamat po talaga :salute::salute:
attached na po sir paki asses na lang :thanks:

nOosadz
4th Mar 2012, 16:20
haha! okay pa po sa alright TS! sobrang happy ko nga eh :yipee::yipee::yipee:
salamat po talaga :salute::salute:
attached na po sir paki asses na lang :thanks:

Ok po yung combofix logs mo. Anyway,, I consider your problem is done. Congrats and you perform well my procedures. Till next time. Your very welcome po :D

jayz90
4th Mar 2012, 16:27
sir d po invalid script pag execute ko yung 3 qouted na ipa copy paste mo..

d po sya sir..
tama bang ito ang icopy paste ko sir?
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\StartNow Toolbar\ToolbarHelper.exe

nOosadz
4th Mar 2012, 18:04
sir d po invalid script pag execute ko yung 3 qouted na ipa copy paste mo..

d po sya sir..
tama bang ito ang icopy paste ko sir?
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\StartNow Toolbar\ToolbarHelper.exe

Hindi po... Ito po ang exactly gawin nyo.


Files to delete:
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\StartNow Toolbar\ToolbarHelper.exe

dapat nakasali yang Files to delete: kasi yan po ang command para ma terminate mo yung mga infected items na yan.. Ok? After that click the Execute button below of it and then let your PC restart. Ok? Pagkatapos peform the next procedures just what I have on my post previously. :D

jayz90
4th Mar 2012, 19:03
hay nako ang tanga ko nman ndali ako sa command ang file to delete.. :lol:

sir., about sa HJT na delete ko na po yung mga na check na ipapa delete mo pero may na miss ka ata ito oh.

R3 - URLSearchHook: (no name) - {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (file missing)

kaya isinali kuna tlagang dispirado eh.. :D

pagkatapos nyan dun na po ako sa avangers ayun nagka
error xcript daw dun ako naluko sa command.,
kala ko d na pwedi kaya binalik ko yung off system restore?.,
at restart ko pc ko.,

at gaya narin nung sabi mo heheh denilete ko yung asktoolbar sa control pan>uninstall na kahit ngkaka error sa avanger..

nung nag rply ka dun ko nlaman kaya binalikan ko avenger ko
at ito na yung lumabas


[COLOR="Blue"][SIZE="6"]AVENGER[COLOR="Black"]

Logfile of The Avenger Version 2.0, (c) by Swandog46
You can see links before reply

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\Program Files\Ask.com\Updater\Updater.exe"
Deletion of file "C:\Program Files\Ask.com\Updater\Updater.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Program Files\Ask.com\GenericAskToolbar.dll"
Deletion of file "C:\Program Files\Ask.com\GenericAskToolbar.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" not found!
Deletion of file "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


AT ITO NAMAN PO SA MJT


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:54:21 PM, on 3/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Installer\MSIB281.tmp
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Connectify\ConnectifyService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Connectify\ConnectifyD.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
D:\IObit Security 360\is360srv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\2zbarsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent .exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
D:\IObit Security 360\is360tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\MiserWare\Granola Personal\granola.exe
C:\Program Files\Connectify\Connectify.exe
C:\Users\PJay\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Users\PJay\Desktop\browser optimizer\ALL Browsers Memory Zip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
D:\VPN AND plnt vs\HEX VPN GUI FILES\Hex VPN+\hexvpn+.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
D:\VPN AND plnt vs\HEX VPN GUI FILES\Hex VPN+\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\prxtbExp0.dll
R3 - URLSearchHook: (no name) - {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Search Assistant BHO - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Expat Shield - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\prxtbExp0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Toolbar BHO - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\PROGRA~1\RETROG~2\bar\1.bin\2zbar.dll (file missing)
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\prxtbExp0.dll
O3 - Toolbar: DealBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll
O3 - Toolbar: Retrogamer - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (file missing)
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent .exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [IObit Security 360] "D:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Retrogamer Search Scope Monitor] "C:\PROGRA~1\RETROG~2\bar\1.bin\2zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Retrogamer_2z Browser Plugin Loader] C:\PROGRA~1\RETROG~2\bar\1.bin\2zbrmon.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Granola] "C:\Program Files\MiserWare\Granola Personal\granola.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\PJay\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: XWindows Dock.lnk = C:\XDOCK\XWD.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8fddddac-6560-4cc2-9802-1b8d3fa2f420}: NameServer = 10.39.56.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D341713B-A696-4627-8740-F28EF9A532EA}: NameServer = 202.126.40.5 222.127.143.5
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Granola PM Manager - Unknown owner - C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
O23 - Service: Serbisyong Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serbisyong Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSIB281.tmp
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IS360service - IObit - D:\IObit Security 360\is360srv.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RetrogamerService (Retrogamer_2zService) - COMPANYVERS_NAME - C:\PROGRA~1\RETROG~2\bar\1.bin\2zbarsvc.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

--
End of file - 13960 bytes


pakisuri po,,., parang palpak ata ako.. hehehe
pero may lunas pa ba sir?

nOosadz
4th Mar 2012, 20:02
@ jayz90 :hello:

Perform ka ulit Hijackthis logs po. Ngka error avenger mo kasi na una mo na uninstall ang mga toolbars before using the Avenger, once na mag uninstall ka, it will remove including the installation and temporary files kaya nagka error avenger mo kasi hindi na nag exist yung mga files na yun.. nabura mo na after you uninstall it.. dapat hindi ka muna nag uninstall instead ginamit mo muna ang avenger. I told you on my previous reply that don't skip on any procedures. diba? Anyway, don't worry, I think we should start again from the beginning. I need to see the new logs of your HJT. Perform ka ulit scanning.

- Open mo Hijackthis.

- On main menu, click Do a system scan and save logfile.

- May mag appear na Hijackthis logs. post it here or attach :D

- Review natin ulit kung ano mga existing items na naga run sa system mo. :D

saintthunder
4th Mar 2012, 20:17
pacheck po... salamat

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:55 JEFF, on 3/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRAM FILES\EMACHINES\EMACHINES POWER MANAGEMENT\EPOWERTRAY.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
C:\PROGRAM FILES\STARDOCK\CURSORFX\CURSORFX.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
D:\Freenetz\DNS Jumper\DnsJumper.exe
C:\Users\Administrator\Desktop\TEACHING LOG\Private\Hotspot_Shield_2.18_powered_by_Portabl e_Openvpn_2.1_DEC_2,_2011-GLOBE\Hotspot Shield.exe
C:\Users\Administrator\Desktop\TEACHING LOG\Private\Hotspot_Shield_2.18_powered_by_Portabl e_Openvpn_2.1_DEC_2,_2011-GLOBE\app\bin\openvpn-gui.exe
C:\Users\Administrator\Desktop\TEACHING LOG\Private\Hotspot_Shield_2.18_powered_by_Portabl e_Openvpn_2.1_DEC_2,_2011-GLOBE\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Users\Administrator\Desktop\TEACHING LOG\Private\Hotspot_Shield_2.18_powered_by_Portabl e_Openvpn_2.1_DEC_2,_2011-GLOBE\data\config\FINGER.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = You can see links before reply
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (file missing)
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html
O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{383C8D42-DBAB-4C01-BA02-9E216E8F3279}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{468DDB23-BE67-418B-B4F7-BE873F49D1F9}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{677A96B4-A258-471C-B826-6CEE36ABEBD5}: NameServer = 202.126.40.5 222.127.143.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE4A495-7AE2-4059-A944-E2C2A076D146}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E538C66-81B6-4F36-8691-479CDA0FC043}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{B74173C7-2915-409E-B56C-A1B02AACB237}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A5D3FB-9CBE-43B0-8EA2-09EFDC1BDFF8}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{F360A49C-8BC8-44A6-9E08-339731C74461}: NameServer = 195.241.77.53,195.241.77.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{F360A49C-8BC8-44A6-9E08-339731C74461}: NameServer = 195.241.77.53,195.241.77.54
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSICA56.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE

--
End of file - 13984 bytes

jayz90
4th Mar 2012, 21:27
@ jayz90 :hello:

Perform ka ulit Hijackthis logs po. Ngka error avenger mo kasi na una mo na uninstall ang mga toolbars before using the Avenger, once na mag uninstall ka, it will remove including the installation and temporary files kaya nagka error avenger mo kasi hindi na nag exist yung mga files na yun.. nabura mo na after you uninstall it.. dapat hindi ka muna nag uninstall instead ginamit mo muna ang avenger. I told you on my previous reply that don't skip on any procedures. diba? Anyway, don't worry, I think we should start again from the beginning. I need to see the new logs of your HJT. Perform ka ulit scanning.

- Open mo Hijackthis.

- On main menu, click Do a system scan and save logfile.

- May mag appear na Hijackthis logs. post it here or attach :D

- Review natin ulit kung ano mga existing items na naga run sa system mo. :D


ok po psensya nah.,
nlito lang kasi ako nang command na yun eh.,

kong ok lang sayu sir :D cge po simulan natin sa umpisa


HJT ITO NA PO


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:26 PM, on 3/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Installer\MSIB281.tmp
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Connectify\ConnectifyService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Connectify\ConnectifyD.exe
C:\Windows\system32\conhost.exe
C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
D:\IObit Security 360\is360srv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\2zbarsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent .exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\IObit Security 360\is360tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MiserWare\Granola Personal\granola.exe
C:\Users\PJay\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
D:\VPN AND plnt vs\HEX VPN GUI FILES\Hex VPN+\hexvpn+.exe
D:\VPN AND plnt vs\HEX VPN GUI FILES\Hex VPN+\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Connectify\ConnectifyNetServices.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\prxtbExp0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Expat Shield - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\prxtbExp0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\prxtbExp0.dll
O3 - Toolbar: DealBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent .exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IObit Security 360] "D:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Retrogamer Search Scope Monitor] "C:\PROGRA~1\RETROG~2\bar\1.bin\2zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Retrogamer_2z Browser Plugin Loader] C:\PROGRA~1\RETROG~2\bar\1.bin\2zbrmon.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Granola] "C:\Program Files\MiserWare\Granola Personal\granola.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\PJay\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: XWindows Dock.lnk = C:\XDOCK\XWD.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{849789CA-2D7D-4840-8BD4-85648527080D}: NameServer = 192.168.117.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8fddddac-6560-4cc2-9802-1b8d3fa2f420}: NameServer = 10.39.64.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D341713B-A696-4627-8740-F28EF9A532EA}: NameServer = 8.8.8.8 8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Granola PM Manager - Unknown owner - C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
O23 - Service: Serbisyong Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serbisyong Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSIB281.tmp
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IS360service - IObit - D:\IObit Security 360\is360srv.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RetrogamerService (Retrogamer_2zService) - COMPANYVERS_NAME - C:\PROGRA~1\RETROG~2\bar\1.bin\2zbarsvc.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

--
End of file - 12665 bytes


WAIT Ko po rply nyo sir :salute:

nOosadz
4th Mar 2012, 22:14
@ saintthunder :hello:

Sana naman nabasa nyo po 1st page ng thread nito on what way to post an accurate situation within your problem. Sana naman ma indicate niyo sa akin problema ng system niyo before posting the Hijackthis logs. :D

@ jayz90 :hello:

Kaka review ko lang sa logs ng HJT mo and great news your system is running fine. Wala na yung mga infected items. Maybe nabura na yung mga infected file ng Ask toolbar during the uninstall. Anyway, ano na po ba pakiramdam nyo po sa system mo? I suggest also to use CCleaner (You can see links before reply), makakatulong din nyan para malinis mo ang mga unused and temp files na naka stuck sa system mo which is hindi nman kailangan ma store sa drives mo and it will enhance also the speed performance on your system. Much better if you use it daily. If you use it daily then bibilis lagi process ng system mo. :D Well, wala na akong ma provide na procedures, I assume that your system now is running fine. Until next time again. About your question on how to identify virus. Well, I can't help you with that it's because Hijackthis is for advanced users, must have skills to analyze well the running process of your system. And its hard also for me to teach online, it's too risky. But I can give you guides, a tutorial on other sites. take a look at this link:
You can see links before reply

:D

saintthunder
5th Mar 2012, 06:08
thanks po babasahin ko po yung tutorial...sir gamit ko kasi asc ok po ba yun?

nOosadz
5th Mar 2012, 16:44
thanks po babasahin ko po yung tutorial...sir gamit ko kasi asc ok po ba yun?

asc? :unsure: ano po yan? I have no idea po :D

lordzero45
5th Mar 2012, 17:07
sensya na po, ngayon lang naka-reply, nasunod ko naman po yung instructions niyo, tapos sinabayan ko na rin ng defraggler, at eto, kagagawa ko lang ng logs ng HJT. Napansin ko lang na bumaba ng 3% yung ram during start-up, and thanks to that. Pero para po makasigurado, paki-check po ng HJT logs ko ngayon kung na-solve ba talaga:

Eto po siya:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:27 PM, on 3/5/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.smartbro.net:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\ALVIN\AppData\Roaming\Complitly\Complitly .dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{2888C75E-5544-4E0D-A4E5-7316AB04B614}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{492BD3C4-C2CD-4476-81E3-2BB23FD86D9F}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C2413A0-3269-4031-BC50-D7590C540D27}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411B9C-AB1A-43F0-B938-27DF3121062C}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{2888C75E-5544-4E0D-A4E5-7316AB04B614}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{2888C75E-5544-4E0D-A4E5-7316AB04B614}: NameServer = 8.8.8.8,4.2.2.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs:
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files\BootRacer\BootRacerServ.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7700 bytes

omega888
5th Mar 2012, 17:35
master,patulong poh ang tagal kasi mag loading ng pc ko kapag windows starts...at gumagapang poh siya kapag nag surf ako sa mozilla firefox kahit naka dalawang browser lang...hindi poh kc ganito dati ung pc ko nung freshly installed ang OS..i already scan with my latest AV but no virus found poh...ito poh logs ko..


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:17:13 PM, on 3/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\Hotspot Shield.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\app\bin\openvpn-gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\app\bin\openvpn.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\data\config\FINGER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = You can see links before reply
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F077EB-3A19-4F7C-9DDC-0CF72C9BDE27}: NameServer = 10.3.64.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09F077EB-3A19-4F7C-9DDC-0CF72C9BDE27}: NameServer = 10.3.64.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{09F077EB-3A19-4F7C-9DDC-0CF72C9BDE27}: NameServer = 10.3.8.1
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dl l C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5668 bytes

nOosadz
5th Mar 2012, 21:58
sensya na po, ngayon lang naka-reply, nasunod ko naman po yung instructions niyo, tapos sinabayan ko na rin ng defraggler, at eto, kagagawa ko lang ng logs ng HJT. Napansin ko lang na bumaba ng 3% yung ram during start-up, and thanks to that. Pero para po makasigurado, paki-check po ng HJT logs ko ngayon kung na-solve ba talaga:

Kaka review ko lng sa HJT logs mo.. nagamit mo ba yung LSP fix program? Kasi, ayon sa Hijackthis may damage na lsp files sa speedbit video accelerator mo. Although, it's not harm to your system but maybe your speedbit video accelerator won't working anymore soon. Besides that, wala na po infected items sa system mo. Naminimize na rin ang running process sa startup mo that's why bumaba na cpu usage mo. If you want to repair that winsock lsp files within your speedbit video accelerator, may napost ako solution nun dun sa previous kong post. paki check na lang :D

lordzero45
5th Mar 2012, 22:04
Kaka review ko lng sa HJT logs mo.. nagamit mo ba yung LSP fix program? Kasi, ayon sa Hijackthis may damage na lsp files sa speedbit video accelerator mo. Although, it's not harm to your system but maybe your speedbit video accelerator won't working anymore soon. Besides that, wala na po infected items sa system mo. Naminimize na rin ang running process sa startup mo that's why bumaba na cpu usage mo. If you want to repair that winsock lsp files within your speedbit video accelerator, may napost ako solution nun dun sa previous kong post. paki check na lang :D



wahhhhhhhhh hindi pala successful yung pagtanggal ko, di bale po, uulitin ko na lang po, at least guaranteed na ok na yung system ko, at sabi mo nga po hindi naman maha-harm ang system ko ng speedbit, medyo nabunutan na ako ng tinik. SAlamat po, feedback po ulit ako pag nagawa ko na po.

nOosadz
5th Mar 2012, 22:13
@ omega888 :hello:

Thanks for indicating the problem. Ok naman running process ng mga programs kaya lang may positive may infected items konti lang na nakuha mo sa bearshare. Have you installed bearshare lately? Uninstall mo po muna. but before you uninstall follow mo muna procedures below. Ok? It's very easy just don't try to skip on step by step procedures. alright? :D

- Turn off mo muna system restore. Right click My Computer -> Properties -> System Restore -> Check Turn off system restore on all drives -> click Apply and Ok.

- Open Hijackthis, on main menu, click Do a system scan only

- When the list of items appear, paki check po this following items on your HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = You can see links before reply

O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dl l C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

- Click Fix Checked below.

- Exit and Close HJT.

- Download this Avenger (You can see links before reply) and save it to your desktop.

- Now, open Avenger

- Inside the program may makita kang emptybox under Input Script. Ok?

- Sa loob ng input script. type or copy this.

Files to delete:
C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dl l
C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

- After that. Click Execute button below.

- Let your PC restart.

- Now open your Internet Explorer.

- Click Tools -> Internet Options -> Advanced -> Click Reset below of it.

- It will prompt the Reset Internet Explorer Settings, now below of it, meron na naman Reset button. simply click on it and so on.

- Exit and Close Internet Explorer.

- Gumamit ka ng CCleaner (You can see links before reply), para malinis yung system mo, mabura niya yung unused and temp files na nasa system which unnecessary to store it on your drives. It will enhance also the speed performance of your system. You may use it daily para laging mabilis system mo.

- Now, I need to see your logs of Avenger, makikita mo ito sa C:\Avenger.txt, then attach mo dito on your next reply. Also I need to see fresh logs of your HJT. Perform ka ulit scan after this procedures and attach it here. Para mareview natin kung successfully nadelete yung mga infected items na yun.

- Goodluck :D

lordzero45
6th Mar 2012, 07:43
Inulit ko na po yung LSP fix, first thing in the morning, eto po yung HJT logs kung nagawa ko po ba ng maayos.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:15 AM, on 3/6/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.smartbro.net:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\ALVIN\AppData\Roaming\Complitly\Complitly .dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{2888C75E-5544-4E0D-A4E5-7316AB04B614}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{492BD3C4-C2CD-4476-81E3-2BB23FD86D9F}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C2413A0-3269-4031-BC50-D7590C540D27}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411B9C-AB1A-43F0-B938-27DF3121062C}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{2888C75E-5544-4E0D-A4E5-7316AB04B614}: NameServer = 8.8.8.8,4.2.2.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{2888C75E-5544-4E0D-A4E5-7316AB04B614}: NameServer = 8.8.8.8,4.2.2.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs:
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files\BootRacer\BootRacerServ.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7123 bytes

nOosadz
6th Mar 2012, 14:05
Inulit ko na po yung LSP fix, first thing in the morning, eto po yung HJT logs kung nagawa ko po ba ng maayos.

:hello: Ok na po system nyo .. Congrats and you perform well the procedures. Til next time again. Welcome :D

lordzero45
6th Mar 2012, 18:16
:yipee::yipee:

salamat po bossing, you're really a big help to me, keep it up sir! :thumbsup:

omega888
6th Mar 2012, 19:05
@nOosadz yes naginstall po ako dati ng bearshare app pero tinanggal ko agad using add/remove programs...

Sir,sinunod ko poh lahat ng advice niyo pero hindi ko poh maexecute ung file sa avenger..."error invalid script" raw i try to look the actual folder ng bearshare sa prgram files pero empty folder lang po ng "bearshare applications" nakita ko...so nag skip muna ako sa avenger method at nag proceed poh ako sa next instruction niyo and so on...

ito poh logs ko sa avenger..


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Mar 06 16:53:38 2012

16:53:38: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Mar 06 16:54:08 2012

16:54:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Mar 06 16:54:32 2012

16:54:32: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////

ito din bago kung logs sa hjt...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:56:25 PM, on 3/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\Hotspot Shield.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\app\bin\openvpn-gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\app\bin\openvpn.exe
C:\Documents and Settings\Dothack\My Documents\Downloads\Compressed\Hotspot_Shield_2.18 _powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE_2\data\config\FINGER.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = You can see links before reply
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F077EB-3A19-4F7C-9DDC-0CF72C9BDE27}: NameServer = 10.3.40.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09F077EB-3A19-4F7C-9DDC-0CF72C9BDE27}: NameServer = 10.3.40.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{09F077EB-3A19-4F7C-9DDC-0CF72C9BDE27}: NameServer = 10.3.64.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 4927 bytes

nOosadz
7th Mar 2012, 16:56
@nOosadz yes naginstall po ako dati ng bearshare app pero tinanggal ko agad using add/remove programs...

Sir,sinunod ko poh lahat ng advice niyo pero hindi ko poh maexecute ung file sa avenger..."error invalid script" raw i try to look the actual folder ng bearshare sa prgram files pero empty folder lang po ng "bearshare applications" nakita ko...so nag skip muna ako sa avenger method at nag proceed poh ako sa next instruction niyo and so on...

@omega888 :hello:

Hello again. I just recently reviewed your logs and it seems your system now is running fine, no more suspicious items nor bearshare applications and components on your system. Anyway, about your startup, some list of services are running on it so I thought that takes your windows startup a longer bit of loading. So to get rid of it. Let's minimize the services that running on your startup. Ok follow this procedure.

- Click Start -> Run -> type msconfig then press enter.

- Click Startup tab

- Click Disable All button below.

- Now, check this following on your startup item that may think necessary to load on your startup.

UnlockerAssistant - if you need this on your windows startup. check it, if not then leave uncheck.

LClock - perhaps you need this on your startup loading, part of your themes I thought.

VistaDrive, part of your vista themes, load it on your startup.

Ctfmon -> It always loading on your startup even you enable or disable it, still comeback on your startup, just check it also

- Ok that's only the following startup items that necessary to load on your startup. Disable all and then leave check on the following items above.

- Click Apply and OK below after checking.

- Let your PC restart.

- Perform also CCleaner (You can see links before reply) on your system. It will help you clean all unused and temp files which are not necessary to store on your drives, it will slow your drives instead of it, this program helps you also in enhancing the speed performance on your system. Much better if you use it daily so the system will always running fine.

- I've noticed also that you haven't installed anti-virus, it's easy for the virus to park on your system. Provide any Anti-Virus, i can suggest Nod32 Anti-Virus, so far it's pretty good. Just check on the PC apps section, make sure its updated.

- After this procedures, observe the running performance of your system. report feedbacks.

- Welcome :D

omega888
8th Mar 2012, 11:45
@nOosadz

ok na sir:thumbsup:bumalik na poh sigla ng pc ko..na disable ko na ung mga ibang app sa startup and ang dami pa lang temporary files naka dump sa pc ko kaya pla gumagagapang kapag nag surf ako..malaking tulong po yong ccleaner at pag disable ng ibang app sa start up..at may AV na po nka installed sa pc ko..MSE poh gamit ko...

maraming salamat ts:praise:

ang sarap tlga ng pakiramdam mag surf sa net kapag malinis pc mo:excited:

nOosadz
8th Mar 2012, 15:47
@nOosadz

ok na sir:thumbsup:bumalik na poh sigla ng pc ko..na disable ko na ung mga ibang app sa startup and ang dami pa lang temporary files naka dump sa pc ko kaya pla gumagagapang kapag nag surf ako..malaking tulong po yong ccleaner at pag disable ng ibang app sa start up..at may AV na po nka installed sa pc ko..MSE poh gamit ko...

maraming salamat ts:praise:

ang sarap tlga ng pakiramdam mag surf sa net kapag malinis pc mo:excited:

:lol: You're welcome po. :D Nice to hear your system is back to normal :D

oplingko
9th Mar 2012, 00:30
Hello TS! im back! hehe..pa check up lang ako pede?


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:36 AM, on 3/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SMART BRO\UIMain.exe
D:\Softwares\Hotspot_Shield_2.18_powered_by_Portab le_Openvpn_2.1_DEC_2,_2011-SMART\Hotspot Shield 2.18 powered by Portable Openvpn 2.1 DEC 12, 2011-SMART\Hotspot Shield.exe
D:\Softwares\Hotspot_Shield_2.18_powered_by_Portab le_Openvpn_2.1_DEC_2,_2011-SMART\Hotspot Shield 2.18 powered by Portable Openvpn 2.1 DEC 12, 2011-SMART\app\bin\openvpn-gui.exe
D:\Softwares\Hotspot_Shield_2.18_powered_by_Portab le_Openvpn_2.1_DEC_2,_2011-SMART\Hotspot Shield 2.18 powered by Portable Openvpn 2.1 DEC 12, 2011-SMART\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
D:\Softwares\Hotspot_Shield_2.18_powered_by_Portab le_Openvpn_2.1_DEC_2,_2011-SMART\Hotspot Shield 2.18 powered by Portable Openvpn 2.1 DEC 12, 2011-SMART\data\config\FINGER.exe
C:\Windows\system32\wuauclt.exe
D:\Softwares\u\U1104.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKCU\..\Run: [L09AXLRD_14645468] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-21-580646998-3911433974-2210234777-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-580646998-3911433974-2210234777-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{41A48ABE-8968-477D-8BC7-22FB9A6169D2}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDFFF49-8C82-4BB0-A235-D706427D9507}: NameServer = 10.3.8.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{41A48ABE-8968-477D-8BC7-22FB9A6169D2}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{41A48ABE-8968-477D-8BC7-22FB9A6169D2}: NameServer = 121.1.3.172 121.1.3.89
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Licensing Console - Acronis - (no file)
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 10844 bytes

:thanks:

nOosadz
9th Mar 2012, 00:36
Hello TS! im back! hehe..pa check up lang ako pede?

:thanks:

:hello: oplingko

Sure. Kaka review ko lang sa logs mo and it seems running fine naman. You feel strange with your system ba? :unsure:

- Welcome :D

oplingko
9th Mar 2012, 00:39
wala naman TS! naninibago lang ako kasi walang problema bukod sa parating brownout! lols,cge TS tulog na ko..
:thanks:

nOosadz
9th Mar 2012, 00:41
wala naman TS! naninibago lang ako kasi walang problema bukod sa parating brownout! lols,cge TS tulog na ko..
:thanks:

Parati pala brownout jan? Yan ang hindi ko masagot. MERALCO na ang bahala nyan. :lol: Anyway, your welcome po. Next time again :D

callingallgamekillers
9th Mar 2012, 19:42
paano po matanggal yung win32 - ramnit -e?

nOosadz
9th Mar 2012, 20:37
paano po matanggal yung win32 - ramnit -e?

Hindi ko po masagot ng tama yan tanong mo po sa lahat ng virus na na encounter ko, I can't recognize all of them. But of course, I can help you provide solutions for that. If you like, sundan mo po yung instructions na nasa 1st page ng thread na ito, and also paki indicate ng maayos po ang problem ng system nyo para naman malinaw sa akin ang lahat. Ok lang po ba yun? :D

nOosadz
12th Mar 2012, 16:21
:hello:

Up Up Up !!

:D

nOosadz
15th Mar 2012, 13:19
:hello:

up up up

:thumbsup:

nOosadz
16th Mar 2012, 13:37
:hello:

UP UP UP!

:thumbsup: :alright:

nOosadz
19th Mar 2012, 15:53
:hello: mga symbianizers.

Up Up Up lang po para sa mga naka encounter ng virus.

:thumbsup: :alright:

nOosadz
21st Mar 2012, 20:41
:hello: symbianizers.

UP UP UP!

:thumbsup: :alright:

miggyton
1st Apr 2012, 01:27
hi sir nagbabalik po ulit ako sa thread mo. :D
ask ko po kung my virus p.c ko. :thanks:
eto po LOG ko.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:22:44 AM, on 4/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\IObit\Game Booster 3\gbtray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
F:\u1015.exe
C:\Program Files\AllGamesHome Toolbar\TbHelper2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply*You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\AllGamesHome Toolbar\tbhelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fae389d5-e97e-4abd-8242-d9080c709167} - (no file)
O2 - BHO: TBSB01457 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O2 - BHO: Social Extras Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\SocialExtras\socialx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O9 - Extra 'Tools' menuitem: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{2640E7BD-E958-418C-B49D-86E3DA9CD9E1}: NameServer = 121.1.3.172 121.1.3.89
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9806 bytes

nOosadz
4th Apr 2012, 10:56
:hello: miggyton

POSITIVE! infected po ang pc nyo ng Ask Toolbar and AllGamesHome Toolbar at tiyaka parang hindi na functional ang AVG anti-virus according with my review on your logs. Ok, eto gawin mo step by step procedures.

- Right Click My Computer -> Properties -> System Restore -> check the box of Turn off System Restore on all drives -> click Apply then OK

- Open Hijackthis. click Do a System Scan only

- Now the list of items will appear, check this following items below on your HJT.

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\AllGamesHome Toolbar\tbhelper.dll

O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: (no name) - {fae389d5-e97e-4abd-8242-d9080c709167} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

- Now, click Fix Checked below on your HJT after you check the following items.

- Download Avenger (You can see links before reply), save to your desktop.

- Open Avenger.

- Inside the program there's an empty box under Input Script here.

- Now, type or copy this commands on the quote below inside the empty box(all words on quote)

Files to delete:
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\AllGamesHome Toolbar\tbhelper.dll

- After that, click Execute button below and let your PC restart.

- Uninstall your Ask Toolbar and AllGames Home Toolbar on Control Panel/Add Remove Programs.

- Perform CCleaner (You can see links before reply), it will remove all your temp and unusud files on your local drives, and enhance the speed performance of your system.

- Re-install mo ang AVG anti virus mo. With my opinion, your AVG is already not in function.

- Yun lang. After mo perform ang procedures above, post again a fresh HJT logs here for reviewal.

- Welcome :D

miggyton
4th Apr 2012, 14:17
:hello: miggyton

POSITIVE! infected po ang pc nyo ng Ask Toolbar and AllGamesHome Toolbar at tiyaka parang hindi na functional ang AVG anti-virus according with my review on your logs. Ok, eto gawin mo step by step procedures.

- Right Click My Computer -> Properties -> System Restore -> check the box of Turn off System Restore on all drives -> click Apply then OK

- Open Hijackthis. click Do a System Scan only

- Now the list of items will appear, check this following items below on your HJT.










- Now, click Fix Checked below on your HJT after you check the following items.

- Download Avenger (You can see links before reply), save to your desktop.

- Open Avenger.

- Inside the program there's an empty box under Input Script here.

- Now, type or copy this commands on the quote below inside the empty box(all words on quote)


- After that, click Execute button below and let your PC restart.

- Uninstall your Ask Toolbar and AllGames Home Toolbar on Control Panel/Add Remove Programs.

- Perform CCleaner (You can see links before reply), it will remove all your temp and unusud files on your local drives, and enhance the speed performance of your system.

- Re-install mo ang AVG anti virus mo. With my opinion, your AVG is already not in function.

- Yun lang. After mo perform ang procedures above, post again a fresh HJT logs here for reviewal.

- Welcome :D

ok sir gawin ko po muna yan. feedback ako maya. :thanks:


Edit: sir eto na yung LOGs ko.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:02:38 AM, on 4/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\IObit\Game Booster 3\gbtray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\program\Internet Download Manager\IDMan.exe
F:\program\Internet Download Manager\IEMonitor.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply*You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\program\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB01457 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O2 - BHO: Social Extras Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\SocialExtras\socialx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] F:\program\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "F:\program\WebcamMax\wcmmon.exe" -a
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - F:\program\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - F:\program\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O9 - Extra 'Tools' menuitem: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{2640E7BD-E958-418C-B49D-86E3DA9CD9E1}: NameServer = 202.126.40.5 222.127.143.5
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8259 bytes

kisntel
6th Apr 2012, 14:57
patulong din po ako. everytime open ko documents folder or photos kahit control panel may error "system call failed" daw po. ang ginawa ko end process ko explorer.exe it did the trick naman. feeling ko talaga virus to so i downloaded malwarebyte madami sya na detect na virus pero d ko alam pano tanggalin baka kase kng e delete ko lahat may effect sya sa pc ko. eto nga pala logs..




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:54:16 PM, on 6/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MyBrowserCash\MyBrowserCash.exe
C:\Program Files\CrossriderWebApps\Crossrider.exe
C:\Users\USER\Downloads\Vagex\Vagex\Vagex.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAs sist.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WTBAddon - {1630669F-9D0C-4F0B-8AA9-10DE8BEE1755} - C:\Program Files\MyBrowserCash\WTBPlugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemood s.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTl br.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatche r.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor .exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssr v.exe" /md I
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe
O4 - HKCU\..\Run: [Jrjgjp] C:\Users\USER\AppData\Roaming\Jrjgjp.exe
O4 - HKCU\..\Run: [ICQ] ~"C:\Users\USER\AppData\Roaming\Microsoft\Ainacbxt\a inacbxt.exe" /c ~"C:\Program Files\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ldfqfgl] "C:\Users\USER\AppData\Roaming\Microsoft\Ainacbxt\a inacbxt.exe"
O4 - HKCU\..\Run: [MyBrowserCash] C:\Program Files\MyBrowserCash\MyBrowserCash.exe
O4 - HKCU\..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\windows\system32\ChgService.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15595 bytes

nOosadz
11th Apr 2012, 16:00
:hello: nice to be back.

@miggyton

Ok na ba system mo? kaka review ko logs mo and seems your system was already fine. any changes bah? or there's something problem? :unsure:

@kisntel :hello:

POSITIVE po system nyo. dami infected items. At tsaka regularly mo ba ginagamit yang SweetIM messenger? OK ito gawin mo ha.. perform the procedures step by step and don't try to skip.

- Restart your system and boot it into safe mode w/ networking by press F8 during turn on of your PC.

- Then turn off your system restore on local drives. refer to this link for Windows 7:

You can see links before reply

- Open your Hijackthis program.

- Click Do a system scan only and it will appear the list of items.

- Now check this following items below on the box.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply


R3 - URLSearchHook: (no name) - - (no file)


O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html


C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll


O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe


O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

- Now click Fix Checked button below.

- Exit and Close Hijackthis.

- Download this Avenger (You can see links before reply) program and save it to your desktop.

- Open Avenger, below the program there's a empty box under Input script. right?

- What you gonna do is copy or type this details below at the empty box. (kasali ang files to delete:) it's a command.

Files to delete:
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe

- Now click Execute button below then let your PC restart.

- During your PC restarts, still boot it up on safe mode w/ networking

- Perform Combofix (You can see links before reply), download it and save it to your desktop.

- When you'll use this. Exit and close mo muna ang Malwarebytes and any Anti Virus program which is on running process to your system.

- To use this combofix program. just refer to this link.

You can see links before reply

- After that, restart your PC then boot now into Normal Mode.

- Now, go to run command, type on the box: msconfig then press enter.

- Click Startup tab, then click Disable all button below. Click Apply and restart your PC. (in normal mode na).

- Now, uninstall mo itong following programs sa control panel/add remove programs mo.

RelevantKnowledge

SweetIM

Guard-ICQ

- After that, perform ka CCleaner (You can see links before reply), para maalis ang temp and unused files na nasa drives mo at tiyaka it will enhance the speed performance on your system.

- Pgkatapos mo ma perform ang procedures step by step. attach mo dito ang logs ng Avenger at Combofix. nalocate ang logs na yan sa Drive C: usually C:\Avenger.txt and C:\Combofix.txt.. attach mo lang dito on your next reply.

- Need also to scan a fresh logs from your Hijackthis para ma review natin ulit ang running process ng system mo.

- Hope you perform well the procedures. Please keep me inform kung naguguluhan ka.

- Goodluck and Welcome :D

jtribaco
11th Apr 2012, 16:07
thanks sa TS for this :)

PS
BTW, check mo ito TS Link (You can see links before reply), related sa iyo ito. Close na nga lang yan

nOosadz
11th Apr 2012, 16:21
thanks sa TS for this :)

PS
BTW, check mo ito TS Link (You can see links before reply), related sa iyo ito. Close na nga lang yan

No comment on the link but thanks anyway for informing. Ganyan talaga yan. Everybody outside the symbianize community were really insecured sa mga members ng symbianize especially with the old ones, so that's why they need to make some useful "rakets" para maging successful sila but sorry for them because Sir Marquess is very attentive, they've been intercept, and I'm really thankful for that. :thumbsup: :alright:

kisntel
13th Apr 2012, 15:50
sana tama po lahat ng ginawa ko. after mag run ng combo fix sir pag open ko ng chrome or any browser may prob daw sa registry kaya ginawa ko end process ko explorer.exe and run ulit.. here's the logs
avenger


Logfile of The Avenger Version 2.0, (c) by Swandog46
You can see links before reply

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Program Files\RelevantKnowledge\rlvknlg.exe" deleted successfully.

Error: file "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" not found!
Deletion of file "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html" deleted successfully.
File "C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll" deleted successfully.
File "C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll" deleted successfully.
File "C:\Program Files\RelevantKnowledge\rlservice.exe" deleted successfully.
File "C:\Program Files\Guard-ICQ\GuardICQ.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

eto po new scan sa HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:31 PM, on 13/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\igfxext.exe
C:\Program Files\MyBrowserCash\MyBrowserCash.exe
C:\Program Files\CrossriderWebApps\Crossrider.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAs sist.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WTBAddon - {1630669F-9D0C-4F0B-8AA9-10DE8BEE1755} - C:\Program Files\MyBrowserCash\WTBPlugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatche r.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor .exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe
O4 - HKCU\..\Run: [MyBrowserCash] C:\Program Files\MyBrowserCash\MyBrowserCash.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\windows\system32\ChgService.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12328 bytes

kisntel
13th Apr 2012, 15:57
eto po combofix log will divide it nalang kase d kasya

ComboFix 12-04-12.03 - USER 13/04/2012 15:13:19.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.2995.2047 [GMT 8:00]
Running from: c:\users\USER\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\10.0.728.0\ClickPotatoLi teSACB.exe
c:\program files\ClickPotatoLite\bin\10.0.728.0\copyright.txt
c:\program files\ClickPotatoLite\bin\10.0.728.0\firefox\exten sions\install.rdf
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemood s.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.c rx
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.p ng
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsAp p.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEn g.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssr v.exe
c:\program files\facemoods.com\facemoods\1.4.17.6\faCEmoodstl br.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.e xe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\asmcf.dat
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\components\rlxh.dll
c:\program files\RelevantKnowledge\components\rlxi.dll
c:\program files\RelevantKnowledge\components\rlxj.dll
c:\program files\RelevantKnowledge\components\rlxk.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\ShoppingReport2
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA .dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA _kyf_update.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA About.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA au.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA EULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\USER\AppData\Local\TempDIR
c:\users\USER\AppData\Local\TempDIR\BetterInstalle r.exe
C:\zip.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 07:20 . 2012-04-13 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 07:05 . 2012-04-13 07:05 -------- d-----w- c:\program files\BabylonToolbar
2012-04-13 07:05 . 2012-04-13 07:05 -------- d-----w- c:\program files\FoxTabAVIConverter
2012-04-13 06:55 . 2012-04-13 06:55 574 ----a-w- C:\cleanup.bat
2012-04-12 17:01 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:01 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:01 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:01 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:01 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 17:01 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 15:37 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C869119C-384D-4AA1-BFB5-A5700E65760E}\mpengine.dll
2012-04-10 04:18 . 2012-04-10 04:18 -------- d-----w- c:\programdata\McAfee
2012-04-10 04:18 . 2012-04-10 05:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 06:52 . 2012-04-06 06:52 388096 ----a-r- c:\users\USER\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-06 06:52 . 2012-04-06 06:52 -------- d-----w- c:\program files\Trend Micro
2012-04-06 06:34 . 2012-04-06 06:34 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-04-06 06:34 . 2012-04-06 06:34 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 06:34 . 2012-04-06 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 06:34 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 04:07 . 2012-04-05 04:11 -------- d-----w- c:\program files\Easy-Hide-IP
2012-04-05 03:56 . 2012-02-28 06:23 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-04-05 03:53 . 2012-04-05 03:53 -------- d-----w- c:\users\USER\AppData\Roaming\IObit
2012-04-05 03:04 . 2012-04-05 03:04 -------- d-----w- c:\users\USER\AppData\Local\Vagex
2012-03-30 14:09 . 2012-03-30 14:10 -------- d-----w- c:\program files\CactusVPN
2012-03-30 11:04 . 2012-03-30 11:04 -------- d-----w- c:\program files\MyBrowserCash
2012-03-29 10:04 . 2012-03-29 10:04 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-29 10:04 . 2012-03-29 10:04 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-28 11:11 . 2012-03-30 10:34 1409 ----a-w- c:\windows\QTFont.for
2012-03-28 11:10 . 1999-11-10 03:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-03-28 11:10 . 2012-03-28 11:10 98304 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-28 11:10 . 2012-03-28 11:10 98304 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-28 11:10 . 2012-03-28 11:10 98304 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-28 11:10 . 2012-03-28 11:10 98304 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-28 11:10 . 2012-03-28 11:10 98304 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-28 11:10 . 2012-03-28 11:10 98304 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-03-28 11:10 . 2012-03-28 11:10 -------- d-----w- c:\windows\system32\QuickTime
2012-03-28 11:10 . 2012-03-28 11:11 -------- d-----w- c:\program files\QuickTime
2012-03-28 11:10 . 2012-03-28 11:11 -------- d-----w- c:\programdata\QuickTime
2012-03-28 11:09 . 2012-03-28 11:13 -------- d-----w- c:\program files\Longman iBT
2012-03-21 07:57 . 2012-03-21 07:57 -------- d-----w- c:\programdata\boost_interprocess
2012-03-21 02:39 . 2012-03-21 02:39 -------- d-----w- c:\users\USER\AppData\Local\Ilivid Player
2012-03-21 02:28 . 2012-03-21 02:28 -------- d-----w- c:\program files\Searchqu Toolbar
2012-03-14 15:50 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:50 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 15:50 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 15:50 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:50 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 15:50 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 15:38 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:38 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:38 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:38 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:38 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:38 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-04-10 05:03 . 2011-09-19 05:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2012-01-22 16:41 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 13:05 . 2012-02-10 13:06 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E9617E8-BF47-46A8-838C-E810DC52CFB7}\gapaengine.dll
2012-01-31 12:44 . 2011-06-17 13:29 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 11:25 . 2012-02-10 13:06 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-03-29 10:04 . 2012-02-24 01:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

kisntel
13th Apr 2012, 16:00
to all mods: sensya na po sa mahaba message need ko lang to show entire logs para ma ayos na po to laptop ko..
cont.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAs sist.dll" [2011-03-16 214840]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURL SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURL SearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755}]
2011-12-13 10:55 98816 ----a-w- c:\program files\MyBrowserCash\WTBPlugin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 05:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 05:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-21 399736]
"CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"MyBrowserCash"="c:\program files\MyBrowserCash\MyBrowserCash.exe" [2012-03-16 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-20 8546848]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-03-20 686624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TSleepSrv"="c:\program files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [2010-04-01 252728]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-04-06 1328480]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-03-31 611672]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-03-28 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 mkdbsbmj;mkdbsbmj;c:\windows\system32\drivers\mkdb sbmj.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-04-10 253600]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sy s [2010-01-20 105984]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 7168]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl. sys [2007-12-14 11360]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\ nipalfwedl.sys [2007-12-12 11904]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\driver s\nipalusbedl.sys [2007-12-12 11896]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-07-19 11384]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-01-10 11360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4640000]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1343400]
R4 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2007-07-10 15448]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2012-01-12 22632]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon .exe [2008-11-25 81920]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-29 185712]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-02-04 135168]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-01-10 11360]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 189808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-04-20 133744]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sy s [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftpla ylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftr edirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh .sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 685424]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-10 05:03]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 17:42]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 17:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=HP_ss&mntrId=d63ddf5100000000000000ffb656cecb
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\opahu59f.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=HP_ss&mntrId=d63ddf5100000000000000ffb656cecb
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=KW_ss&mntrId=d63ddf5100000000000000ffb656cecb&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - d63ddf5100000000000088ae1df700c4
FF - user.js: extensions.softonic_i.instlDay - 15357
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.518:31
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
FF - user.js: extensions.softonic_i.instlRef - MON00005
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d63ddf5100000000000000ffb656cecb
FF - user.js: extensions.BabylonToolbar_i.hardId - d63ddf5100000000000000ffb656cecb
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-Jrjgjp - c:\users\USER\AppData\Roaming\Jrjgjp.exe
HKCU-Run-ICQ - ~c:\users\USER\AppData\Roaming\Microsoft\Ainacbxt\ ainacbxt.exe
HKCU-Run-ldfqfgl - c:\users\USER\AppData\Roaming\Microsoft\Ainacbxt\a inacbxt.exe
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssr v.exe
HKLM-Run-Guard.Mail.ru.gui - c:\program files\Guard-ICQ\GuardICQ.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.e xe
AddRemove-Guard.Mail.ru - c:\program files\Guard-ICQ\GuardICQ.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4612)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\ThpSrv.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxext.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2012-04-13 15:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 07:28
.
Pre-Run: 453,634,031,616 bytes free
Post-Run: 453,717,921,792 bytes free
.
- - End Of File - - 8A35DCF8205F8C348B5A2218837A0873

nOosadz
13th Apr 2012, 22:40
:hello: hello again kisntel,

Glad you perform well the procedures pero may nakita pa akong mga infected items sa PC mo...and I noticed that you have lots of different toolbars, which I think it's unnecessary to store it on your browser. It will also crash your browsers eventually and also ang dami mong startup items, which will load your startup slowly at tiyaka dadami ang running process which will increase your CPU usage. Ok lets back again to our procedures pero hindi na masyado mataas. Lilinisin na natin ng todo ang system mo para tuloy mo na magagamit ng maayos ang laptop mo. Now follow the procedures well and don't try to skip. Ok?

- If you can access now your system in Normal Mode.. Boot to Normal Mode na lang.. but if you're not comfortable the performance on Normal Mode, you may switch and boot again to Safe Mode w/ Networking. by pressing f8 during your laptop turn on.

- Now, turn off system restore. may guides nako na ibigay sa previous post on how to turn it off in Windows 7, right?

- Open Hijackthis, click Do a System scan only

- It will appear the list of items, just check only the following items below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply


R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)

- Click Fix Checked below then close your HJT.

- After that, Punta ka sa Control Panel/Add Remove programs. mag Uninstall ka ng mga unnecessary toolbars,I reviewed the running toolbars on your system and here are the toolbar items below which I don't feel to store on your browsers, actually it will just crash your browsers. Just uninstall it on your computer.

Searchqu Toolbar

Babylon Toolbar

uTorrentBar Toolbar

MyBrowserCash(its not toolbar but unknown application try to uninstall also)

- Now after you uninstall the items, Open your Internet Explorer browser( if it will crash your system in Normal Mode, boot and switch into Safe Mode w/ networking and kung Ok naman sa Normal Mode then proceed)

- Sa Internet Explorer browser, Click Tools -> Internet Options -> Advanced -> Click Reset button below then follow the prompt and so on, then click Apply and OK and close the IE browser.

- Now I noticed that maraming startup items na balak tatakbo sa system process mo, The situation on this if marami ka startup items dadami ang running process then there will be a chance na iincrease ang CPU usage which will get slow performance to your system. Ok eto gawin mo.

- Click the Windows 7 logo button(nasa taskbar) kung sa Windows XP Start button yun -> Diba may run command na rectangle box na may nakalagay Search programs and files -> type mo dyan msconfig then press enter.

- It will appear the System Configuration Utility-> Now click the Startup tab -> You will see the list of startup items -> Sa ibaba may Disable All button, just simply click on it -> Then Click Apply and OK and let it restart your system.

- When your system resumes, Open your CCleaner On the left side of the program, may makikita kang Cleaner Tab and also Registry Tab.

* In Cleaner tab, click Run Cleaner and after it scans, click Analyze

* After that, click on Registry tab, click Scan for Issues, and after it scans the registry problem, click Fix Selected Issues, It will prompt if you want to back up the registrys, just click No then click Fix All Selected Issues then Close and Exit the CCleaner program.

- After that, Restart your lappy and observe changes especially sa performance ng browsers mo.

- Provide again a fresh logs of your Hijackthis then post it here for another review.

- Goodluck and Welcome. :D

kisntel
13th Apr 2012, 23:59
maraming salamat po sir sa tulong nyo and your time and sa super clear na instructions. mabilis na nga mag load ngayon. MBC toolbar gamit ko po yan for my online chuvaness hehe pero d ko na makita sa control panel ang babylon searchbar..

here's the fresh logs nga pala sana malinis na now.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:54 PM, on 13/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\CrossriderWebApps\Crossrider.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WTBAddon - {1630669F-9D0C-4F0B-8AA9-10DE8BEE1755} - C:\Program Files\MyBrowserCash\WTBPlugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O4 - HKCU\..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\windows\system32\ChgService.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7037 bytes

kung may mali pa sir patulong pa din ha? saved me from re formatting my laptop talaga. thank you again
nga pala, pwede ko na po ba ibalik system restore on?

miggyton
14th Apr 2012, 00:08
sir nag palit nalang po me ng antivirus. avast nalang po kesa sa AVG. ok na po ba? :thanks:

nOosadz
14th Apr 2012, 00:39
maraming salamat po sir sa tulong nyo and your time and sa super clear na instructions. mabilis na nga mag load ngayon. MBC toolbar gamit ko po yan for my online chuvaness hehe pero d ko na makita sa control panel ang babylon searchbar..

here's the fresh logs nga pala sana malinis na now.

kung may mali pa sir patulong pa din ha? saved me from re formatting my laptop talaga. thank you again
nga pala, pwede ko na po ba ibalik system restore on?

Your welcome po :thumbsup:

According to your logs. Your system now is running fine. Wala nakong makitang suspicious items, and i'm glad that you also follow and perform well the procedures I've given. Advices na lang mabibigay ko .. Always maintain to use CCleaner, malaking tulong yan sa system mo lalo na kung na experience mo na nman ulit sa system yung slow performance and avoid also to load a plenty startup items. Alam mo na kung pano e disable ang startup items. alright? And lastly, provide a best Anti-Virus program on your system, hindi natin malalaman kailan na nman mag intrude ang virus attack sa system natin kaya mas mabuti kung may depensa tayo. For now, ginagamit ko ay Eset Nod32 and so far my system is safe and running fine. :D Anyway, its up to you depends on what is already experience good in your system. Ok? So till next time again if there's another problem but much better kung hindi magkakaproblem.. :lol: Welcome kisntel :D :alright:

PS: pwede mo na turn on ang system restore :D


sir nag palit nalang po me ng antivirus. avast nalang po kesa sa AVG. ok na po ba? :thanks:

:hello: miggyton, its up to you as long as the Anti Virus program is updated and can delete a vulnerable viruses. I'm using ESET nod32 and so far my system is safe, always intercept some infected items. We have a various types especially on any kind of software models, let's just make sure na ok ang quality, performance and features na pipiliin at iinstall sa system natin. alright? :lol: :thumbsup: :alright:

- Welcome :D

kisntel
14th Apr 2012, 11:47
Thanks a lot. Cge try ko nga din yan antivirus nyo. sana may mahanap na free hehe. God Bless po..

nOosadz
14th Apr 2012, 13:22
Thanks a lot. Cge try ko nga din yan antivirus nyo. sana may mahanap na free hehe. God Bless po..

Meron yan dito sa symb kisntel.. search mo lang. dito nga ako nakahanap eh.. yung may crack na purefix, daily updated yun at tsaka no expiration... after mo ma install update ka and then full scan ka. ok? :thumbsup:

- Welcome :D

elmaniac08
14th Apr 2012, 22:56
sir help problem when starting windows it says Rpcqt.dll missing bigla n lang po lumabas yan nang na install ko ang ccleaner at nag clean ako and uninstall ko ang ccleaner help po please im using window 7 64 bit hp notebooks

nOosadz
15th Apr 2012, 00:18
sir help problem when starting windows it says Rpcqt.dll missing bigla n lang po lumabas yan nang na install ko ang ccleaner at nag clean ako and uninstall ko ang ccleaner help po please im using window 7 64 bit hp notebooks

:hello: hello elmaniac08

I'm glad to help you pero bago muna kita provide ng solutions..follow mo muna yung instructions na nasa 1st post ng thread na ito para maging specific ang pag analyze sa problem. tsaka dagdagan mo pa ng detalye kung bakit nag error ng ganyan ang system mo... please refer and perform 1st the instructions na nasa 1st post before we proceed. I need also to see the running process of your system so provide hijackthis logs. sundan mo lang yun nasa 1st page. ok lang ba sayo yun? Thanks and come back :D

elmaniac08
15th Apr 2012, 12:23
sige post ko po log ng hijack maraming salamat bro galing mo naman ask ko lang virus po ba ang Rundll32.exe

nOosadz
16th Apr 2012, 22:13
sige post ko po log ng hijack maraming salamat bro galing mo naman ask ko lang virus po ba ang Rundll32.exe

rundll32.exe ay isa sa mga system files ng windows, depende lang kasi ito kung ma corrupt o maging infected it means na attack ng virus ang file na yan.. but we cant still decide kung na encounter ba siya ng virus mas mabuti kung makikita ko ang running process ng system mo by providing hijackthis logs para ma review natin..

- Welcome :D

nOosadz
18th Apr 2012, 09:38
Good morning to all :hello:

UP UP UP!! :D :thumbsup:

nOosadz
19th Apr 2012, 15:56
UP UP UP!!!! :thumbsup:

nOosadz
21st Apr 2012, 14:55
UP!! UP!! UP!!! walang magawa.. :lol:

:thumbsup:

hanahalxexadulce
21st Apr 2012, 15:18
ts tnx po dito...

nOosadz
22nd Apr 2012, 15:06
ts tnx po dito...

No Problem po!! Please be reminded to all that before you post your problems.. refer 1st the instructions on the 1st page of this thread. I'll be monitoring your concerns and you'll be expecting my solutions unless If I'm busy. But I would do all my best to respond your concerns. :D

UP UP UP!!!!! :thumbsup: :alright:

- Welcome :D

inchard
22nd Apr 2012, 22:24
gud pm sir pa help nman po.. one year p lng pc ko windows 7 dual core, 2gb ram, 500gb hdd,, nung una wala problema pero nung dami ko n nainstall n apps dito ngcmula problema ko, most of the apps required rebooting the system to complete installation pero nirestart ko ng sstuck up ung rebooting, ung logo ng animation ng windows 7 nakatigil lng, tas pag nireset gnun p din, pag manual restart ayaw din ang gngwa ko direct s avr para patayin n lng, tas mga ilang minutes buksan ko ok lalabas black screen saying "Windows failed to start. A recent hardware or software change might be the cause tas my boot options,
safe mode
safe mode with networking etc,, " i always chose normal mode tas un ok na siya, annoying siya kc konting baguhin lng s system or apps lging gnun ang scenario



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:42 PM, on 4/22/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\pc12\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Tango\Tango.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\Winstep\Nexus-Ultimate.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 5\Asc.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply{searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply{searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ffa0793e-3980-4be4-8234-048fa665f700} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\pc12\AppData\Roaming\Complitly\Complitly. dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\pc12\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Tango] C:\Program Files\Tango\Tango.exe -r
O4 - HKCU\..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Nexus-Ultimate] C:\Program Files\Winstep\Nexus-Ultimate.exe autostart
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - You can see links before reply
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A5A23EB-7BEC-41B6-B3B9-D66ABA6B86EB}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD7086F-AD34-4857-A8ED-4950466991FF}: NameServer = 192.168.62.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5568BC95-30F1-4140-B9B3-73E61E031E45}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC156A6-166E-40BE-AE2D-4D032A15E037}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD22D6EF-4857-4AB0-9E18-05C7DEA2B079}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB64188-D1CC-4D2C-9979-0706B47B2411}: NameServer = 192.168.250.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (You can see links before reply) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serbisyo ng Update ng Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serbisyong Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Ralink\Common\RaMediaServer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12853 bytes

nOosadz
23rd Apr 2012, 12:32
:hello: inchard

I just recently reviewed your HJT logs.. actually, wala masyadong infected items sa system mo may nakita lang ako isa. The problem is may mga applications which getting conflicted on your system at hindi na nagfunction sa running process ng system mo. may mga items din which stuck on your system that are really unnecessary and it will cause slow performance with your system. Now, follow the procedures the below step by step. and don't try to skip on it. OK?

- Turn off system restore on your local drives, and I saw that you're using Windows 7 system, just refer to this site on how to do:
You can see links before reply

- Now, open again your Hijackthis program. On main menu, click Do a System Scan only

- It will appear the list of items. just check only this following items below.

R3 - URLSearchHook: (no name) - {ffa0793e-3980-4be4-8234-048fa665f700} - (no file)

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)

R3 - URLSearchHook: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - (no file)

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: (no name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - (no file)

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

R3 - URLSearchHook: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)

O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx

- Now click Fix Checked below. then Exit HJT.

- Download this Avenger (You can see links before reply) program, save it to your desktop.

- Open Avenger, you will see a empty box under Input Script here:

- What you'll do is type or copy this command inside the empty box: (include the "files to delete:")

Files to delete:
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

- Click Execute button below then let your PC reboot.

- Go to Add/Remove programs in Control Panel, and then uninstall this programs:

Norton Internet Security

SweetIM

Connectify(reinstall mo lang kung ginagamit mo ito)

- After that, perform CCleaner (You can see links before reply), it will enhance the speed performance of your system at tska dami mga unncessary files na naka stuck sa system mo.. mostly unused and temp files and this program will help you to clean that.

- Restart your system. Observe some changes.

- Provide again a fresh scan of Hijackths logs then post it here. And I need to see your Avenger logs, it's located at your drive C:\Avenger.txt for reviewal.

- Goodluck and Welcome :D

inchard
23rd Apr 2012, 18:45
:hello: inchard

I just recently reviewed your HJT logs.. actually, wala masyadong infected items sa system mo may nakita lang ako isa. The problem is may mga applications which getting conflicted on your system at hindi na nagfunction sa running process ng system mo. may mga items din which stuck on your system that are really unnecessary and it will cause slow performance with your system. Now, follow the procedures the below step by step. and don't try to skip on it. OK?

- Turn off system restore on your local drives, and I saw that you're using Windows 7 system, just refer to this site on how to do:
You can see links before reply

- Now, open again your Hijackthis program. On main menu, click Do a System Scan only

- It will appear the list of items. just check only this following items below.












- Now click Fix Checked below. then Exit HJT.

- Download this Avenger (You can see links before reply) program, save it to your desktop.

- Open Avenger, you will see a empty box under Input Script here:

- What you'll do is type or copy this command inside the empty box: (include the "files to delete:")


- Click Execute button below then let your PC reboot.

- Go to Add/Remove programs in Control Panel, and then uninstall this programs:


- After that, perform CCleaner (You can see links before reply), it will enhance the speed performance of your system at tska dami mga unncessary files na naka stuck sa system mo.. mostly unused and temp files and this program will help you to clean that.

- Restart your system. Observe some changes.

- Provide again a fresh scan of Hijackths logs then post it here. And I need to see your Avenger logs, it's located at your drive C:\Avenger.txt for reviewal.

- Goodluck and Welcome :D

ts salamat ha, pgktapos nito pwede ko n ulit enable ung system restore?
edit: ngawa ko n po lahat sir nung nireboot ko ung pc gawa require dun s avenger ngfailed pa rin, tas binuksan ko n lng ulit tas uninstall ung norton,connectify, ung sweetim di ko makita s programs s control panel, tas nirun ko cleaner tas reboot nag success nman tas ininstll ko ulit ung norton at connectify tas reboot nagfailed ulit sir pano kaya to ito po ung logs


Logfile of The Avenger Version 2.0, (c) by Swandog46
You can see links before reply

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html"
Deletion of file "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


ito naman ung hjt


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:34:49 PM, on 4/23/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\pc12\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Winstep\Nexus-Ultimate.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply{searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply{searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\pc12\AppData\Roaming\Complitly\Complitly. dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\pc12\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Tango] C:\Program Files\Tango\Tango.exe -r
O4 - HKCU\..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
O4 - HKCU\..\Run: [Nexus-Ultimate] C:\Program Files\Winstep\Nexus-Ultimate.exe autostart
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - You can see links before reply
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A5A23EB-7BEC-41B6-B3B9-D66ABA6B86EB}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD7086F-AD34-4857-A8ED-4950466991FF}: NameServer = 192.168.189.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5568BC95-30F1-4140-B9B3-73E61E031E45}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC156A6-166E-40BE-AE2D-4D032A15E037}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD22D6EF-4857-4AB0-9E18-05C7DEA2B079}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB64188-D1CC-4D2C-9979-0706B47B2411}: NameServer = 192.168.250.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (You can see links before reply) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serbisyo ng Update ng Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serbisyong Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Ralink\Common\RaMediaServer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11790 bytes

kyuubi14
23rd Apr 2012, 20:33
sir
Problem: -Task Manager and Regedit is disabled.
-I can't install Antivirus
-since i cant install antivirus, di ko matanggal autorun.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:46 AM, on 4/23/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\PC\Application Data\cssrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\PC\Start Menu\Programs\Startup\cssrs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R3 - URLSearchHook: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: uTorrentControl - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O3 - Toolbar: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\PC\My Documents\Downloads\Compressed\R3m0v3.R35tr1ct10n5 .T00l.v4.8.0.1\R3m0v3.R35tr1ct10n5.T00l.v4.8.0.1\R RT.exe auto
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\PC\Application Data\cssrs.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [Autorun.INF Buster] C:\Program Files\Autorun.Inf Buster\Autorun.Inf Buster.exe
O4 - HKLM\..\Run: [PService] C:\Documents and Settings\PC\Application Data\2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Gibqbw] C:\Documents and Settings\PC\Application Data\Gibqbw.exe
O4 - HKCU\..\Run: [PService] C:\Documents and Settings\PC\Application Data\2.exe
O4 - Startup: cssrs.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: USB Disk Security.lnk = C:\Program Files\USB Disk Security\USBGuard.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5289 bytes

nOosadz
24th Apr 2012, 17:12
ts salamat ha, pgktapos nito pwede ko n ulit enable ung system restore?
edit: ngawa ko n po lahat sir nung nireboot ko ung pc gawa require dun s avenger ngfailed pa rin, tas binuksan ko n lng ulit tas uninstall ung norton,connectify, ung sweetim di ko makita s programs s control panel, tas nirun ko cleaner tas reboot nag success nman tas ininstll ko ulit ung norton at connectify tas reboot nagfailed ulit sir pano kaya to ito po ung logs



ito naman ung hjt

:hello: inchard, i just recently reviewed your logs and your running process of your system was actually running fine. About windows failed to start, your system may have problem with your startup. I guess it corrupts your startup files or the boot.ini files and you need to fix by perform a Windows Startup Repair...check this link.
You can see links before reply

- Now if you have idea on how to reformat. Then it will be easily on you. but you don't proceed to reformat, instead just boot the Windows 7 DVD and when you reach the Windows 7 setup.. just choose Repair your Computer button and follow the appropriate instructions.

- And what if you still don't have idea on how to go in Windows 7 setup. Now its just easy man, just insert the Windows 7 DVD in your DVD-rom and follow this instructions on the link below.. Read, review, follow the instructions step by step.
You can see links before reply

- You just need a Windows 7 DVD to fix this problem. and follow the instructions above on how to reach the Windows 7 setup and perform Repair your Computer.

- Ok man? Hope you understood. Welcome :D

nOosadz
24th Apr 2012, 17:51
sir
Problem: -Task Manager and Regedit is disabled.
-I can't install Antivirus
-since i cant install antivirus, di ko matanggal autorun.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:46 AM, on 4/23/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\PC\Application Data\cssrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\PC\Start Menu\Programs\Startup\cssrs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R3 - URLSearchHook: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: uTorrentControl - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O3 - Toolbar: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\PC\My Documents\Downloads\Compressed\R3m0v3.R35tr1ct10n5 .T00l.v4.8.0.1\R3m0v3.R35tr1ct10n5.T00l.v4.8.0.1\R RT.exe auto
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\PC\Application Data\cssrs.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [Autorun.INF Buster] C:\Program Files\Autorun.Inf Buster\Autorun.Inf Buster.exe
O4 - HKLM\..\Run: [PService] C:\Documents and Settings\PC\Application Data\2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Gibqbw] C:\Documents and Settings\PC\Application Data\Gibqbw.exe
O4 - HKCU\..\Run: [PService] C:\Documents and Settings\PC\Application Data\2.exe
O4 - Startup: cssrs.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: USB Disk Security.lnk = C:\Program Files\USB Disk Security\USBGuard.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5289 bytes

:hello: hello kyuubi14,

I just saw your logs at grabe dami infected items. yeah according to your logs your regedit was disabled and so as your Task manager right? Ok we'll fix that after the removal instructions. and then you can't install anti-virus because your system was intercept by spywares and infected items. Now, to clean your system. Follow the instructions below step by step.. OK? and don't try to skip.

- Turn off 1st your system restore. just right click My Computer -> Properties -> System Restore -> Check the box of Turn off system restore on all drives -> Click Apply and OK.

- Open your Hijackthis, on main menu, Click Do a System Scan only

- Now It will appear the list of items. Then check this following items below on your Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply

O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\PC\Application Data\cssrs.exe

O4 - HKLM\..\Run: [PService] C:\Documents and Settings\PC\Application Data\2.exe

O4 - HKCU\..\Run: [PService] C:\Documents and Settings\PC\Application Data\2.exe

O4 - Startup: cssrs.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

- Now click Fix Checked below. then exit HJT.

- Download this Avenger (You can see links before reply) and save it to your desktop.

- Open Avenger, you'll be notice that there's an empty box under Input script here: .. right? Now, what you gonna do is to type or copy this on the emptybox including "files to delete", it's a command.

Files to delete:
C:\Documents and Settings\PC\Application Data\cssrs.exe
C:\Documents and Settings\PC\Application Data\2.exe

- Click Execute button below and let your PC restart.

- Now, open your Internet Explorer browser. Click on Tools -> Internet Options -> Advanced -> Now below of it you'll see a Reset button, just simply click on it, follow the instructions and so on. then close your Internet Explorer after it.

- Now click on Start button at your Taskbar, then go to run command. copy this and paste in the box of run command

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System" /t Reg_dword /v DisableRegistryTools /f /d 0

- then press Enter.

- After that.. with your task manager. type or copy this on run command.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d /0 /f

- then press Enter.

- Restart your PC.

- Perform CCleaner (You can see links before reply), it will help you clean your unused and temp files that difficult to locate and it will enhance also the speed performance of your system.

- Now the process is done, All i required from you on your next reply is to post here the Avenger logs, it was located on your drive C:\Avenger.txt and scan again fresh logs of your Hijackthis para review ulit natin running process ng system mo.

- Welcome and Goodluck :D

inchard
24th Apr 2012, 19:17
:hello: inchard, i just recently reviewed your logs and your running process of your system was actually running fine. About windows failed to start, your system may have problem with your startup. I guess it corrupts your startup files or the boot.ini files and you need to fix by perform a Windows Startup Repair...check this link.
You can see links before reply

- Now if you have idea on how to reformat. Then it will be easily on you. but you don't proceed to reformat, instead just boot the Windows 7 DVD and when you reach the Windows 7 setup.. just choose Repair your Computer button and follow the appropriate instructions.

- And what if you still don't have idea on how to go in Windows 7 setup. Now its just easy man, just insert the Windows 7 DVD in your DVD-rom and follow this instructions on the link below.. Read, review, follow the instructions step by step.
You can see links before reply

- You just need a Windows 7 DVD to fix this problem. and follow the instructions above on how to reach the Windows 7 setup and perform Repair your Computer.

- Ok man? Hope you understood. Welcome :D


thank's idol salamat s mga helpful advice mo:praise::salute::praise: actually gnun n nga naiisip ko ung repair, ang problema wala ko dvd nung windows 7 ultimate sp1, di ko nkuha nung binili ko ung pc.. pwede kaya ung windows 7 dito s symbianize? ts penge namn nung link na windows 7 ultimate? pwede b un ts kahit gamitin ko ibang dvd na di ginamit s pg install ng os ko?

nOosadz
24th Apr 2012, 19:59
thank's idol salamat s mga helpful advice mo:praise::salute::praise: actually gnun n nga naiisip ko ung repair, ang problema wala ko dvd nung windows 7 ultimate sp1, di ko nkuha nung binili ko ung pc.. pwede kaya ung windows 7 dito s symbianize? ts penge namn nung link na windows 7 ultimate? pwede b un ts kahit gamitin ko ibang dvd na di ginamit s pg install ng os ko?

:hello: inchard..

Man, eto oh..Windows 7 Ultimate SP1
You can see links before reply

Ok lang po yang kahit ibang dvd gamitin mo as long as same operating system...yung post Windows 7 ultimate SP1. compatible na yan sa system mo. After mo madownload.. burn nyo as DVD then proceed kna sa Repair.. ok man? :D

- Welcome :D

inchard
24th Apr 2012, 20:28
:hello: inchard..

Man, eto oh..Windows 7 Ultimate SP1
You can see links before reply

Ok lang po yang kahit ibang dvd gamitin mo as long as same operating system...yung post Windows 7 ultimate SP1. compatible na yan sa system mo. After mo madownload.. burn nyo as DVD then proceed kna sa Repair.. ok man? :D

- Welcome :D

salamat talga ts dami mo n tulong at abala sken.. tagasan k nga pla ts? pano pla ko mk2bawi..:salute::thumbsup::salute:
edit: ts need ko mg login para mdl ung windows ts my account kbng alam? para mdl ko na.. TIA

nOosadz
24th Apr 2012, 20:51
salamat talga ts dami mo n tulong at abala sken.. tagasan k nga pla ts? pano pla ko mk2bawi..:salute::thumbsup::salute:
edit: ts need ko mg login para mdl ung windows ts my account kbng alam? para mdl ko na.. TIA

inchard .. eto po oh.. direct download na yan hindi na kailangan ng account.

Windows 7 Ultimate with SP1 (32-Bit) 86x:
You can see links before reply

Windows 7 Ultimate with SP1 (64-Bit):
You can see links before reply

Hindi na po ako nangangailangan ng kapalit inchard..im willing to help anyone here @ symbianize :D .. nasa manila ako naka stay now.. Til next time again man.

- Welcome :D

inchard
24th Apr 2012, 20:57
inchard .. eto po oh.. direct download na yan hindi na kailangan ng account.

Windows 7 Ultimate with SP1 (32-Bit) 86x:
You can see links before reply

Windows 7 Ultimate with SP1 (64-Bit):
You can see links before reply

Hindi na po ako nangangailangan ng kapalit inchard..im willing to help anyone here @ symbianize :D .. nasa manila ako naka stay now.. Til next time again man.

- Welcome :D

sige thanks again bawi n lng ako s kapwa,, haha:excited::thumbsup::salute:

kyuubi14
26th Apr 2012, 08:23
:hello: hello kyuubi14,

I just saw your logs at grabe dami infected items. yeah according to your logs your regedit was disabled and so as your Task manager right? Ok we'll fix that after the removal instructions. and then you can't install anti-virus because your system was intercept by spywares and infected items. Now, to clean your system. Follow the instructions below step by step.. OK? and don't try to skip.

- Turn off 1st your system restore. just right click My Computer -> Properties -> System Restore -> Check the box of Turn off system restore on all drives -> Click Apply and OK.

- Open your Hijackthis, on main menu, Click Do a System Scan only

- Now It will appear the list of items. Then check this following items below on your Hijackthis.










- Now click Fix Checked below. then exit HJT.

- Download this Avenger (You can see links before reply) and save it to your desktop.

- Open Avenger, you'll be notice that there's an empty box under Input script here: .. right? Now, what you gonna do is to type or copy this on the emptybox including "files to delete", it's a command.


- Click Execute button below and let your PC restart.

- Now, open your Internet Explorer browser. Click on Tools -> Internet Options -> Advanced -> Now below of it you'll see a Reset button, just simply click on it, follow the instructions and so on. then close your Internet Explorer after it.

- Now click on Start button at your Taskbar, then go to run command. copy this and paste in the box of run command


- then press Enter.

- After that.. with your task manager. type or copy this on run command.


- then press Enter.

- Restart your PC.

- Perform CCleaner (You can see links before reply), it will help you clean your unused and temp files that difficult to locate and it will enhance also the speed performance of your system.

- Now the process is done, All i required from you on your next reply is to post here the Avenger logs, it was located on your drive C:\Avenger.txt and scan again fresh logs of your Hijackthis para review ulit natin running process ng system mo.

- Welcome and Goodluck :D

Sir eto po yung sa avenger:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 25 16:57:24 2012

16:57:23: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 25 16:58:08 2012

16:58:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 25 16:58:11 2012

16:58:11: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
You can see links before reply

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\PC\Application Data\cssrs.exe" deleted successfully.

Error: file "C:\Documents and Settings\PC\Application Data\2.exe" not found!
Deletion of file "C:\Documents and Settings\PC\Application Data\2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

-----------------------------------------------------------------
boss bakit yung sa CCleaner nag cloclose mag isa? di ko tuloy ma scan.
-----------------------------------------------------------------
new scan of Micro HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:26:28 PM, on 4/25/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Documents and Settings\PC\Application Data\cssrs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\PC\Start Menu\Programs\Startup\cssrs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\PC\LOCALS~1\Temp\qqswhv.exe
C:\DOCUME~1\PC\LOCALS~1\Temp\googleupdatesetup.exe
C:\DOCUME~1\PC\LOCALS~1\Temp\GUM19.tmp\GoogleUpdat e.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\PC\My Documents\Downloads\Compressed\kiss12.exe
C:\DOCUME~1\PC\LOCALS~1\Temp\nsd38.tmp\setup.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: uTorrentControl - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O3 - Toolbar: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\PC\My Documents\Downloads\Compressed\R3m0v3.R35tr1ct10n5 .T00l.v4.8.0.1\R3m0v3.R35tr1ct10n5.T00l.v4.8.0.1\R RT.exe auto
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\PC\Application Data\cssrs.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Gibqbw] C:\Documents and Settings\PC\Application Data\Gibqbw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: cssrs.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: USB Disk Security.lnk = C:\Program Files\USB Disk Security\USBGuard.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5936 bytes

kyuubi14
26th Apr 2012, 08:30
Sir I was able to install Kaspersky Anti-Virus, but I wasn't able to run it. The Task Manager is still disabled. The same goes for regedit. I hope you may find solutions to these problems! Kudos to you sir! :thumbsup:

nOosadz
26th Apr 2012, 12:46
:hello: ulit kyuubi14.. you were unable to delete the following items on your Hijackthis. Apparently, walang magbabago sa system mo kung hindi mo na delete ung items na yun. try mo check uli previous post ko.. ok eto ulitin ko na lang ha.... hope you follow well the step by step removal instructions po... ok?

- Turn off mo po system restore.. Yung My computer icon-> right click mo yun -> then select Properties -> Click System Restore -> Then check the box of "turn off system restore on all drives" -> click Apply and OK.

- Open mo ang Hijackthis. sa Main menu, click mo lang ang "Do a system scan only"

- May mag appear po mga list of items..particularly mga logs yun.. gawin mo check mo sa box nila itong mga following items na nasa quote below.. wag lahat mo e check ha eto lang yung nasa baba ang e check mo sa Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply

O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\PC\Application Data\cssrs.exe

O4 - Startup: cssrs.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

- After mo ma check yan sila lahat sa Hijackthis, below of it may makita kang "Fix Checked", then simply click on it and then close mo na Hijackthis.

- Now, open mo yung Avenger program. May makikita kang Empty Box diba? Under Input Script here: ... diba? Ang gawin mo type or copy this quote below dun sa empty box including "Files to delete:" command kasi yan. ok eto.

Files to delete:
C:\Documents and Settings\PC\Application Data\cssrs.exe

- After that. sa ibaba niya may makita kang "Execute" button, just simply click on it. and then it will prompt to restart your system.. then let it restart. Ok?

- Pagkatapos mag restart pag nasa normal desktop kana. Pumunta ka sa run command. just click Start button na nasa taskbar. yung parang may logo and then click Run/Run command. ang gawin mo copy mo lang itong quote nasa ibaba sa empty blanks ng run command.


reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System" /t Reg_dword /v DisableRegistryTools /f /d 0

- then press Enter button on your keyboard after mo ma copy sa run command, it will restore your Registry Editor.

- After that, balik kana naman sa run command ... eto na naman copy mo.

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d /0 /f

- then press Enter button on your keyboard ulit. It will restore your Task Manager.

- Now after that, restart mo na naman PC mo.

- Pag nasa normal desktop kana.. Open mo yung CCleaner.. maglinis ka sa system mo.. scan ka and then analyze. yun lang.

- Yan lang po ang removal instructions kyuubi14, sana mafollow mo mabuti yung instructions above para successfully matanggal yung infected items na nakastuck sa pc mo.

- After you perform the instructions. Paki attach ulit dito yung Avenger file na nasa drive C: and then provide ka ulit a fresh Hijackthis logs para mareview natin ulit kung na successfully nawala na yung mga virus. Ok kyuubi14? Hope you understand the instructions and keep me inform kung naguguluhan ka. alright?

- Goodluck and Welcome :D

Jhayson45
26th Apr 2012, 23:00
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:27 AM, on 4/26/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
C:\Documents and Settings\All Users\Application Data\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Free Stuff.url
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4035C4E7-5B82-4C2A-8D4C-6CACBA47712E}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Globe Tattoo Broadband. OUC (Globe Tattoo Broadband. RunOuc) - Unknown owner - C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

--
End of file - 5694 bytes



di ko po ma open yung local disk c at d at di po ako makapag install ng antivirus

kisntel
13th May 2012, 09:44
hi sir. eto na naman po ako. this time desktop naman to sir. ngayon lang kase na ayos to. kung sino-sino lang din gumagamit. just want to keep this pc clean and virus free.. here's the log po

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:38 AM, on 5/13/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE DP.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply*You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [HKLM] C:\Drivers\svchost.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON TX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE DP.EXE /FU "C:\DOCUME~1\user\LOCALS~1\Temp\E_S9B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [HKCU] C:\Drivers\svchost.exe
O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\system32\explorer\explorer.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Drivers\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Drivers\svchost.exe
O8 - Extra context menu item: &Search - You can see links before reply
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Royal Vegas Online Casino - {78A8A35B-0422-46C7-8D62-FC3402818ECB} - C:\Microgaming\Casino\RoyalVegas\casinogame.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 11615 bytes

quezacotle
18th May 2012, 17:53
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:50:18 PM, on 5/18/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Sun Broadband Wireless\Sun Broadband Wireless.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D929681F-3F89-4E5F-81A1-980AA941EBEA}: NameServer = 202.138.128.50 202.138.128.54
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4089 bytes






ts pcheck nman po tong skn.. nakadisable kc regedit tas task manager and d pa mkaunhide ng files...tnx

nOosadz
19th May 2012, 14:11
di ko po ma open yung local disk c at d at di po ako makapag install ng antivirus

@Jhayson45,

:hello: Pasyensya na po sa late reply. Kinda busy the few days past. Anyway, I've seen your logs and your system is running fine naman. Ok ito gawin mo ha.

- Open your Hijackthis.

- Click Do a system scan only

- There will appear a list of items. and just check only this item below.

O4 - Startup: Free Stuff.url

- Click Fix Checked below.

- Exit HJT.

- Now go to RUN command.

- type regsvr32 /i shell32.dll

- press Enter button or OK.

- You will see a message DllRegisterServer and DllInstall in shell32.dll succeeded

- It will restore your local drive C and D open option.

- Now, gumamit ka ng CCleaner (You can see links before reply), it will clean your system and enhance the speed performance of your system.

- After mo maperform ang CCleaner, restart mo system mo.

- Try to open local drive C and D and install an anti-virus.

- Goodluck and Welcome :D

nOosadz
19th May 2012, 14:45
hi sir. eto na naman po ako. this time desktop naman to sir. ngayon lang kase na ayos to. kung sino-sino lang din gumagamit. just want to keep this pc clean and virus free.. here's the log po

@kisntel

:hello: ulit sayo kisntel, sino ba pa iba gumagamit ng pc mo? You know what ang dami infected items ng system mo. AVG anti-virus gamit mo? was it updated always? Try to use ESET nod32. Anyway, back to your system. I've reviewed your logs at infected ka ng My Web Search items. at ang dami associate items nito. Ok follow my instructions step by step OK. gaya din ng dati. :D

- Turn off system restore on local drives(alam mo na bah?)

- Open Hijackthis, click Do a system scan only

- List of items will appear, just check only this following items below.

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [HKLM] C:\Drivers\svchost.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKCU\..\Run: [HKCU] C:\Drivers\svchost.exe

O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\system32\explorer\explorer.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Drivers\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Drivers\svchost.exe

O8 - Extra context menu item: &Search - You can see links before reply

- Click Fix Checked below.

- Exit HJT.

- Nandyan pa ba sayo yung Avenger program? Kung wala download mo itong Avenger (You can see links before reply). save it your desktop.

- Open Avenger, under input script here, may empty box space dyan. right? ang gawin mo. type or copy this details below including the "Files to Delete" command on the box. Ok?

Files to delete:
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Drivers\svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
C:\WINDOWS\system32\explorer\explorer.exe

- Click Execute button below and let your pc restart.

- Now, go to Control Panel -> Add Remove programs.

- Uninstall mo itong mga applications na ito:

- FunWebProducts(depends kung meron ito
- MyWebSearch
- My Way Speedbar(depends kung meron ito

- After that, Open mo Internet Explorer browser.

- Click Tools - Internet Options -> Advanced -> Click Reset Web Settings and so on. then click Apply and OK. exit IE.

- Now, gumamit ka CCleaner, linis mo system mo at tsaka registries na rin.. nasa Registry Tab. scan and fix issue lang. Ok?

- Yan lng kisntel, after perform procedures above. Attach mo dito ang fresh HJT logs and Avenger na rin for another reviewal on your next reply.

- Ma access mo pa ang Normal Mode sa desktop mo? kung ma access mo pa then go on, kung hindi na..sa safe mode mo na lang perform. Ok?

- I've noticed hindi nadetect ng AVG anti-virus mo ang mga infected items, try to use another like ESET Nod32.

- Goodluck and Welcome :D

nOosadz
19th May 2012, 15:11
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:50:18 PM, on 5/18/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Sun Broadband Wireless\Sun Broadband Wireless.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ROSE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D929681F-3F89-4E5F-81A1-980AA941EBEA}: NameServer = 202.138.128.50 202.138.128.54
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4089 bytes






ts pcheck nman po tong skn.. nakadisable kc regedit tas task manager and d pa mkaunhide ng files...tnx

@quezacotle,

:hello: po sa inyo. Try nyo po ito. Follow the instructions step by step Ok. wala nman syado infected items sa system mo.

- Turn off system restore on local drives. Click My Computer -> Properties -> System Restore -> check the box of Turn off system restore on local drives -> Click Apply and OK.

- Open Hijackthis, just click Do a system scan only

- List of items will appear, just check only the following item below.

O4 - Startup: PowerReg Scheduler.exe

- Click Fix Checked below, then close your hijackthis.

- Now, Open Notepad and copy this registry details inside.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 1

- Save it as unhide.reg, not unhide.txt right? then save it to your desktop.

- Then double click unhide.reg then apply it to your registys para ma unhide yung mga files mo.

- After that, go to start-> run command. Copy this registry details below and paste to run command.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

- then press Enter, para ma enable ang Task Manager mo nyan.

- After that, eto naman.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

- then press enter, para sa enable ng registry editor mo nyan.

- Restart your system.

- Gumamit ka CCleaner (You can see links before reply), it clean your unused and temp files, and enhance the speed performance of your system.

- After that, observe mo ang system mo kung OK na ba unhide ng files, task manager, and regedit. ok?

- Goodluck and Welcome :D

quezacotle
19th May 2012, 15:19
maraming salamat po ts.. try ko maya paguwi ko...

PSYjay
21st May 2012, 23:00
gud pm ts,
finally i got this thread ...
pa check f ano po problem s system ko,
mdalas po kc mg unresponsive ung browser ko
khit konti lng nmn ung inoopen kong mga tabs ...
den another thing is, mtgal dn po mgresponse ung
mga properties ko like my computer, documents, etc.. my
lumalabas p nga ng flashy flashlight eh .... :upset:
it will take too long cguro mga 3 minutes bgo mg response,
minsan p nga ng chachange p ng mga icons ung mga nsa
desktop ko ... i'll try to think n bka my heavy virus n tong pc ko ...
mse po kc av ko, d ko alm kung ndedetect b nya o ndi ung mga
viruses s pc ... ng run dn ako ng mga cleaners like
ccleaner etc. ng system restore n dn po ako
gnun p den ngyayare, my lumalabas p nga n "run dll as an app error" :upset:
ts help nmn s problem ko, :help:
a big tnx f m help nyo ko ... :clap::clap:

e2 log files nung sken ...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:51 PM, on 5/21/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = You can see links before reply
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user89\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6590 bytes

kisntel
23rd May 2012, 09:10
hi sir.. sensya na talaga sa abala. kung sino2x lang kase gumagamit ng desktop namin. yong una sa laptop ko yon lam ko madami din ako mga downloads na nakaka lag ng lappy hehe anyway here's the log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:13:28 AM, on 5/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE DP.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply*You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start You can see links before reply y00NEtSMi1GS1NV"&"inst=NzctNTQ4MjA5NjAwLVQxLUJBKzEtS1YzKzctWEwrMS1VQ 0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVB HKzIwMTEtRjhNMTFFKzEtRkwxMCsxLVRVRyszLUxJQys5LVNQM SsxLVNQMVMyKzEtU1VEKzE"&"prod=90"&"ver=10.0.1424
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON TX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE DP.EXE /FU "C:\DOCUME~1\user\LOCALS~1\Temp\E_S9B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

--
End of file - 7493 bytes


avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
You can see links before reply

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" not found!
Deletion of file "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL" not found!
Deletion of file "C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL" not found!
Deletion of file "C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Program Files\AskBarDis\bar\bin\askBar.dll" not found!
Deletion of file "C:\Program Files\AskBarDis\bar\bin\askBar.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Drivers\svchost.exe" not found!
Deletion of file "C:\Drivers\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" not found!
Deletion of file "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\explorer\explorer.exe" not found!
Deletion of file "C:\WINDOWS\system32\explorer\explorer.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


ayaw ma remove ng mywebsearch sa control panel may error na lumabas sir :(
tsaka try ko instal eset nod32 palagi may error sir. attach ko yong pic

Pete22
23rd May 2012, 09:29
Bro...mywebsearch is an adware...it is a malware...it is one of the most common malwares we encounter at work for our clients...one quick fix if the computer still has internet is to boot on safe mode with networking...just do the following:

1. Shutdown the PC for at least 10 seconds.
2. Turn on the PC and hit F8 multiple times
3. Choose Safe Mode with networking
4. Download the Malwarebytes see You can see links before reply
5. Run and update malwarebytes.
6. Run scan and clean malwares.
7. Reboot.
8. Run malwarebytes again - should be clean already.
9. I suggest you uninstall and reinstall your AVG...once AVG is compromised just like in your case it is next to useless unless you reinstall it back.

BTW...this is just a quick fix if you really want to have the comprehensive malware clean and PC tune up...message me...

Happy troubleshooting!

miggyton
23rd May 2012, 18:58
hi! sir pacheck po ulit ng p.c ko. :lol:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:55 PM, on 5/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
F:\program\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler. exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ctfmon.exe
F:\program\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\WinTools Software\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
d:\My Documents\vpn\HSS 2.25 Portable MARCH 11, 2012-SMART\Hotspot Shield.exe
d:\My Documents\vpn\HSS 2.25 Portable MARCH 11, 2012-SMART\app\bin\openvpn-gui.exe
d:\My Documents\vpn\HSS 2.25 Portable MARCH 11, 2012-SMART\app\bin\openvpn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O2 - BHO: Social Extras Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\SocialExtras\socialx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "F:\program\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools Software\RAM Saver Professional\ramsaverpro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1893697-6EE0-4E7E-91A4-76A633CEE41D}: NameServer = 121.1.3.172 121.1.3.89
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - F:\program\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9565 bytes

chocolate15
25th May 2012, 15:52
Hello, TS. Eto problem ng pc ko dito sa office:

Corrupted na kasi yung command prompt ko, yun ang sabi ng IT Person namin dito sa office. Kapag kasi i-run ko siya, kahit ano iinput kong command, walang nangyayari. Yung nasa taas niya, command.com instead of cmd.exe. :upset::upset:

I really don't know what the source of the problem is pero ang suspicion ko, virus infected ang pc ko. Right now kasi, walang antivirus ang pc ko. At first kasi, may antivirus na binabayaran ng company namin kaya lang lahat na lang ng kelangan kong websites, bina-block niya. Nung nagkaron ako ng chance to run as the admin of my pc, ini-uninstall ko yung antivirus na yun. Now, since user lang ako dito sa pc at wala akong admin rights, di ako makapag-install ng antivirus.:weep:

My another suspicion is yung "Hotspot shield" na hindi ko alam kung pano na-install sa pc ko dahil wala nga akong admin rights. Naalala ko lang kasi may dinadownload ako sa brothersoft website then kasama sa parang "package" nung dinownload ko yung automatic installation ng hotspot. Nung una ayaw gumana nung hotspot, pero up to now nagagamit ko pa siya.

Thanks in advance, TS. :clap::clap::yipee::yipee:

Eto yung logfile ng hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:28:43 PM, on 5/25/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\air\Application Data\Hotspot Shield\bin\openvpntray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\air\Application Data\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\air\Application Data\Hotspot Shield\bin\af_proxy_cmd.exe
C:\Documents and Settings\air\Application Data\Hotspot Shield\bin\fbw.exe
C:\Documents and Settings\air\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\air\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\air\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\air\My Documents\Downloads\Internet Download Manager v5.18 Build 3\Internet Download Manager.exe
C:\DOCUME~1\air\MYDOCU~1\DOWNLO~1\INTERN~1.18B\Stu bs\77CE59~1\IEMonitor.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\air\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\air\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = You can see links before reply
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\air\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [Speed MP3 Downloader] D:\SpeedMP3Downloader\SpeedMP3Downloader.exe
O4 - HKCU\..\Run: [openvpntray.exe] C:\Documents and Settings\air\Application Data\Hotspot Shield\bin\openvpntray.exe -nonadmin
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: welcomecomputer.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spc_domain
O17 - HKLM\Software\..\Telephony: DomainName = spc_domain
O17 - HKLM\System\CCS\Services\Tcpip\..\{77067E89-11F2-4F43-8494-2CECE3B46E29}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spc_domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spc_domain
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7761 bytes

nicollet
25th May 2012, 16:40
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:09 PM, on 5/25/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
D:\IDM\Internet Download Manager\IDMan.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
D:\IDM\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\IDM\Internet Download Manager\IDMIECC.dll
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll (file missing)
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SearchPredict\SearchPredict.dll
O2 - BHO: BrotherSoft Extreme - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro2.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\grabber.dll (file missing)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro2.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\IDM\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O8 - Extra context menu item: Download all links with IDM - D:\IDM\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\IDM\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96D78BC8-3416-455E-9B92-CA5FE7BCC83F}: NameServer = 110.93.65.11,110.93.66.11
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorService - Unknown owner - D:\New Folder (2)\New Folder\SpeedBit Video Accelerator\VideoAcceleratorService.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 10384 bytes


Sir ayan po yung sakin.

nOosadz
8th Jun 2012, 12:50
hi! sir pacheck po ulit ng p.c ko. :lol:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:55 PM, on 5/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
F:\program\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler. exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ctfmon.exe
F:\program\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\WinTools Software\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
d:\My Documents\vpn\HSS 2.25 Portable MARCH 11, 2012-SMART\Hotspot Shield.exe
d:\My Documents\vpn\HSS 2.25 Portable MARCH 11, 2012-SMART\app\bin\openvpn-gui.exe
d:\My Documents\vpn\HSS 2.25 Portable MARCH 11, 2012-SMART\app\bin\openvpn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O2 - BHO: Social Extras Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\SocialExtras\socialx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "F:\program\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools Software\RAM Saver Professional\ramsaverpro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - You can see links before reply
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1893697-6EE0-4E7E-91A4-76A633CEE41D}: NameServer = 121.1.3.172 121.1.3.89
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - F:\program\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9565 bytes

:hello: miggyton, I apologized for late reply, kasi na busy ako for past few days.. I reviewed your logs and it seems fine naman. Don't need to worry about. Until next time :D

nOosadz
8th Jun 2012, 12:57
gud pm ts,
finally i got this thread ...
pa check f ano po problem s system ko,
mdalas po kc mg unresponsive ung browser ko
khit konti lng nmn ung inoopen kong mga tabs ...
den another thing is, mtgal dn po mgresponse ung
mga properties ko like my computer, documents, etc.. my
lumalabas p nga ng flashy flashlight eh .... :upset:
it will take too long cguro mga 3 minutes bgo mg response,
minsan p nga ng chachange p ng mga icons ung mga nsa
desktop ko ... i'll try to think n bka my heavy virus n tong pc ko ...
mse po kc av ko, d ko alm kung ndedetect b nya o ndi ung mga
viruses s pc ... ng run dn ako ng mga cleaners like
ccleaner etc. ng system restore n dn po ako
gnun p den ngyayare, my lumalabas p nga n "run dll as an app error" :upset:
ts help nmn s problem ko, :help:
a big tnx f m help nyo ko ... :clap::clap:

e2 log files nung sken ...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:51 PM, on 5/21/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user89\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = You can see links before reply*You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = You can see links before reply*You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = You can see links before reply
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user89\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6590 bytes

:hello: PSYjay,

Pasyensya na sa late reply. Anyway, I reviewed your logs and it seems fine naman. Thanks also for indicating your problem but according with your logs. wala nman infected items na nakastuck sa system mo. Well, ito na lang recommend ko sa system. I advised you to perform a full scan in your system, I recommend to use ESET Nod32 Anti Virus, search mo lang dito. After you download it, install in your system, and perform full scan then balik ka dito for feedbacks and post again your Hijackthis logs, and I seen also you Startup items, but no one bad items which will intercept the performance of your system. :D

nOosadz
8th Jun 2012, 13:06
hi sir.. sensya na talaga sa abala. kung sino2x lang kase gumagamit ng desktop namin. yong una sa laptop ko yon lam ko madami din ako mga downloads na nakaka lag ng lappy hehe anyway here's the log



avenger


ayaw ma remove ng mywebsearch sa control panel may error na lumabas sir :(
tsaka try ko instal eset nod32 palagi may error sir. attach ko yong pic

:hello: ulit kisntel,

Pasyensya na sa late reply ha, I'm busy the past few days. Anyway, I'm done reviewing your logs and it seems fine na siya. Nawala na yung mga infected items. About the websearch program. Kindly uninstall it using your CCleaner. may section dun na pang uninstall ng program. And if you successfully removed it, maglinis ka ng registrys mo. But if not, it means hindi na yan existing sa system mo, so para ma completely remove mo yun. Punta ka nlng sa registrys ng websearch.

Type "regedit" sa run command then press enter.

Navigate this location: HKEY_LOCAL_MACHINE\SOFTWARE\

Hanapin mo ang Webseaarch and delete mo ang mga items especially na yung mga contents niya.

About sa ESET Nod32 mo, try to install by logging of Safe Mode.

- Goodluck :D

kisntel
21st Jun 2012, 12:10
thanks sir na delete ko na websearch via regedit wala na kase sa ccleaner.as for the ESET Nod32 no luck pa din po.. but will find a way. maraming salamat sa tulong :D god bless

nOosadz
22nd Jun 2012, 11:07
thanks sir na delete ko na websearch via regedit wala na kase sa ccleaner.as for the ESET Nod32 no luck pa din po.. but will find a way. maraming salamat sa tulong :D god bless

Nareview ko yung image example ng pag install mo sa ESET nod32 on your previous post. They're mentioning that you have some conflict issues with proxy servers? are you using proxy servers or VPN? try mo muna disable mga yan. Check mo sa Local Area Network Properties mo -> TCP/IP -> kung nakadirect connection ka, dapat directly connected ka muna, and then kung may mga VPN applications ka which is automated login,. disconnect mo muna, and then install ka ulit Nod32,. Anyway, your welcome kisntel :D

wishbone623
22nd Jun 2012, 12:26
good day sir, working naman po lahat ng apps pero sobrang bagal po ng pc ko. i tried to scan this many times with different updated AV pro wala naman po detection. baka po me problema system ko. im using winXP with updated microsoft security essentials.
eto po ung logs:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:04, on 22/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
D:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = You can see links before reply
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Pl ugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-20 Startup: winupdate.lnk = ? (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: winupdate.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: winupdate.lnk = ? (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7319 bytes

salamat po in advance! :salute: pa OT po, pls suggest an effective AV program for me thanx!

nOosadz
22nd Jun 2012, 12:53
good day sir, working naman po lahat ng apps pero sobrang bagal po ng pc ko. i tried to scan this many times with different updated AV pro wala naman po detection. baka po me problema system ko. im using winXP with updated microsoft security essentials.
eto po ung logs:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:04, on 22/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
D:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = You can see links before reply
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Pl ugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-20 Startup: winupdate.lnk = ? (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: winupdate.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: winupdate.lnk = ? (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7319 bytes

salamat po in advance! :salute: pa OT po, pls suggest an effective AV program for me thanx!

:hello: po,

I just recently reviewed your logs, wala naman mga infected items but may mga suspicious items which was stuck on your start-up list, and it probably impacts your windows startup that's why bumagal ang performance ng system mo kasi it is constantly running on your system process. Anyway, here's the item i've seen suspicious on your startup, winupdate.lnk (You can see links before reply), i just want to ask you if ma recognize mo ba ang item na yan? coz if not, let's remove this item on your startup, Actually ito yung namention ko na it will constantly run to your process kasi sa Startup pa lang ng system mo, ay automated na ito tatakbo sa system kasi naka set xa into your startup. To remove this, follow these steps:

- Right click My Computer -> Click Properties-> System -> check Turn off system restore on all drives -> Click Apply and OK.

- Open your Hijackthis.

- Click Do a system scan only

- The list of items will appear after scanning, just check only this following items below sa Hijackthis.

O4 - S-1-5-20 Startup: winupdate.lnk = ? (User 'NETWORK SERVICE')

O4 - S-1-5-18 Startup: winupdate.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: winupdate.lnk = ? (User 'Default user')

- After you check it, just click Fix Checked below.

- Exit and Close HJT.

- Download ka nito CCleaner (You can see links before reply), and then use this program to clean your system files, which are unused, temp, history, cookies and etc. and it also enhance the speed performance of your system.

- Restart mo system mo after you use that program then observe.

- And if you're looking for a reliable Anti-Virus program, I prefer with ESED NOD32, search and download ka dito hanapin mo yung may patch para di ka na kailangan maghanap ng License keys. Automatically updated na and long time expirations. Yan po ma recommend ko sayo na program. Ok?

- Goodluck and Welcome :D

wishbone623
23rd Jun 2012, 11:25
:hello: po,

I just recently reviewed your logs, wala naman mga infected items but may mga suspicious items which was stuck on your start-up list, and it probably impacts your windows startup that's why bumagal ang performance ng system mo kasi it is constantly running on your system process. Anyway, here's the item i've seen suspicious on your startup, winupdate.lnk (You can see links before reply), i just want to ask you if ma recognize mo ba ang item na yan? coz if not, let's remove this item on your startup, Actually ito yung namention ko na it will constantly run to your process kasi sa Startup pa lang ng system mo, ay automated na ito tatakbo sa system kasi naka set xa into your startup. To remove this, follow these steps:

- Right click My Computer -> Click Properties-> System -> check Turn off system restore on all drives -> Click Apply and OK.

- Open your Hijackthis.

- Click Do a system scan only

- The list of items will appear after scanning, just check only this following items below sa Hijackthis.




- After you check it, just click Fix Checked below.

- Exit and Close HJT.

- Download ka nito CCleaner (You can see links before reply), and then use this program to clean your system files, which are unused, temp, history, cookies and etc. and it also enhance the speed performance of your system.

- Restart mo system mo after you use that program then observe.

- And if you're looking for a reliable Anti-Virus program, I prefer with ESED NOD32, search and download ka dito hanapin mo yung may patch para di ka na kailangan maghanap ng License keys. Automatically updated na and long time expirations. Yan po ma recommend ko sayo na program. Ok?

- Goodluck and Welcome :D
thanks to you sir!!:salute:

xXxstygwyrxXx
24th Jun 2012, 15:59
Boss patulong ako kasi biglang bumagal tong Laptop ko di namn ganito dati eh!
and i think dinapuan ako ng key logger kasi pag di ako connected sa internet may nag po2p-up ng error msg ng log file ng suspected keylloger na hindi ma send kasi walang internet connection ito po log ng high jack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:30 PM, on 6/24/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Cory\AppData\Roaming\Xenocode\XenocodeVE. exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\Hotspot Shield.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\app\bin\openvpn-gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cory\AppData\Local\Temp\{BAA3C897-3D74-4676-842B-E96E9BB00DBD}\DateCheck.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\data\config\FINGER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti Mosquito] C:\Users\Cory\Downloads\Compressed\Anti Mosquito.exe
O4 - HKLM\..\Run: [Xenocode] C:\Users\Cory\AppData\Roaming\Xenocode\XenocodeVE. exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Megakey] C:\Users\Cory\AppData\Local\Megamedia\Megakey\Mega key.exe /Tray
O4 - HKCU\..\Run: [MegakeyUpdater] C:\Users\Cory\AppData\Local\Megamedia\Megakey\Mega keyUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Cory\AppData\Local\Facebook\Update\Facebo okUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [You can see links before reply] C:\Users\Cory\Desktop\Ultrasurf\Cproxy new\CPROXY.exe
O4 - HKCU\..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{93642F59-6BA1-4280-8169-0F8757E38D84}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B0B75D-9435-41AF-9F9F-5A0828CC8EDB}: NameServer = 10.16.24.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ByakkoSvc - Unknown owner - C:\Program Files\EliteKingdoms\Cabal Reloaded\Byakko.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7630 bytes
salamat sa makaka tulong

P.s wala pala akong Anti virus kasi akala ko yun ang nagpapabagal sa unit ko kaya in unistall ko, pero walang nangyari mabagal parin

nOosadz
25th Jun 2012, 09:46
Boss patulong ako kasi biglang bumagal tong Laptop ko di namn ganito dati eh!
and i think dinapuan ako ng key logger kasi pag di ako connected sa internet may nag po2p-up ng error msg ng log file ng suspected keylloger na hindi ma send kasi walang internet connection ito po log ng high jack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:30 PM, on 6/24/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Cory\AppData\Roaming\Xenocode\XenocodeVE. exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\Hotspot Shield.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\app\bin\openvpn-gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cory\AppData\Local\Temp\{BAA3C897-3D74-4676-842B-E96E9BB00DBD}\DateCheck.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Users\Cory\Desktop\Anti censorship tools\HSS_2.25_Portable_FEB_26,_2012-SMART\Hotspot Shield 2.25 powered by Portable Openvpn 2.1 FEB 26, 2012-SMART\data\config\FINGER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = You can see links before reply
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti Mosquito] C:\Users\Cory\Downloads\Compressed\Anti Mosquito.exe
O4 - HKLM\..\Run: [Xenocode] C:\Users\Cory\AppData\Roaming\Xenocode\XenocodeVE. exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Megakey] C:\Users\Cory\AppData\Local\Megamedia\Megakey\Mega key.exe /Tray
O4 - HKCU\..\Run: [MegakeyUpdater] C:\Users\Cory\AppData\Local\Megamedia\Megakey\Mega keyUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Cory\AppData\Local\Facebook\Update\Facebo okUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [You can see links before reply] C:\Users\Cory\Desktop\Ultrasurf\Cproxy new\CPROXY.exe
O4 - HKCU\..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{93642F59-6BA1-4280-8169-0F8757E38D84}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B0B75D-9435-41AF-9F9F-5A0828CC8EDB}: NameServer = 10.16.24.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ByakkoSvc - Unknown owner - C:\Program Files\EliteKingdoms\Cabal Reloaded\Byakko.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7630 bytes
salamat sa makaka tulong

P.s wala pala akong Anti virus kasi akala ko yun ang nagpapabagal sa unit ko kaya in unistall ko, pero walang nangyari mabagal parin

:hello:

I just reviewed your logs at pinasukan ka ng malicious site came from chatvibes.com,..Kindly check your Programs on Control Panel kung may na install kang chatvibes program, if not then it's great. We just need to remove that malicious site on your system. And last question para saan mo ba ginagamit ang Megamedia/Mediakey? Coz seemingly, it has a lot items loading on your startup and and i want to know if this program consumes a huge memory usage and what's the use of this on your system. Ahm OK, follow these step by step procedure. Don't skip.

- Turn off mo muna ang system restore, just refer on this link.
You can see links before reply

- After that, Open your Hijackthis program.

- On main menu, Click Do a System Scan only

- It will scan and appears the list of items, next with it. Just check this following items below on that part.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply

O4 - HKLM\..\Run: [Xenocode] C:\Users\Cory\AppData\Roaming\Xenocode\XenocodeVE. exe

O4 - HKCU\..\Run: [Megakey] C:\Users\Cory\AppData\Local\Megamedia\Megakey\Mega key.exe /Tray

O4 - HKCU\..\Run: [MegakeyUpdater] C:\Users\Cory\AppData\Local\Megamedia\Megakey\Mega keyUpdater.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Cory\AppData\Local\Facebook\Update\Faceb ookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [You can see links before reply] C:\Users\Cory\Desktop\Ultrasurf\Cproxy new\CPROXY.exe

- Now after you checked that following items, click Fix Checked button below.

- Exit and close Hijackthis.

- Now open your Internet Explorer browser

- Navigate Tools -> Internet Options -> Advanced tab -> then simply click Reset button, follow the prompts and so on.

- Then Click Apply and OK and close IE browser.

- Download this CCleaner (You can see links before reply), Perform this on your system, it will clean your system particular in wiping your unused, temp, history files, and it will enhance the speed performance of your system.

- After that, restart your system and observe.

- About anti-virus, I can suggest you to use ESET NOD32 w/ patch, just search and download here. update and do full scan.

- Ok, that's all, ahm on your next reply provide a new hijackthis logs. alright?

- Goodluck and Welcome :D

anchored
25th Jun 2012, 16:38
Ito po ang problem ng PC namin: blank user name ng "csrss.exe" at "winlogon.exe" sa windows task manager.. meron ding "inputps.exe" na process na wala ring user name...

nagkakaproblema rin minsan sa pagdelete (recycling....)at pagmove/copy ng files (matagal matapos ung green na progress bar)...

ito yung log ng hijack... tnx

----------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:40:13 PM, on 6/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe
C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Autodesk\AutoCAD 2011\acad.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr\lib\WSCommCntr2.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DPWH\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = You can see links before reply
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAs sist.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BuffaloTools] C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe
O4 - HKLM\..\Run: [Backup Utility TaskTray Tool] "C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Backup Utility Service (BFBackupUtilityService) - BUFFALO INC. - C:\Program Files\BUFFALO\Backup_Utility\BUService.exe
O23 - Service: Backup Utility VSS Service (BFBackupUtilityVSSService) - BUFFALO INC. - C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe
O23 - Service: bufssvr - BUFFALO INC. - C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files\Ralink\Common\RaMediaServer.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10171 bytes

nOosadz
26th Jun 2012, 16:21
:hello: anchored,

Well according to your logs, your system was fine, and I haven't saw any malicious items. Maybe there was only conflict with your operating system and applications that you've installed. Anyway, I can't identify where's the source of your system problem but we could try another method before we performed the Hijackthis solutions. Ok here's you what gonna do. Ok? Follow it step by step.

- Download this program Process Explorer (You can see links before reply)

- Just save on your desktop.

- No need to install this program, just run and open it. It just like a Task Manager program, but not similar all with each features.

- Now, after you open the Process Explorer program, it will launch just like Task Manager that will be seen all the running process of your system.

- What you will do, is to expand this Process Explorer program to see all the running process and create a print screen on it, ( I assumed you already how to printscreen, if not just click Print Scrn key on your keyboard, Open a MS Paint then press CTRL+V which is Paste, save and then attach it here on your next reply.)

- We need to identify the the problem of your system if what other processes running on your system by looking on that Process Explorer. Ok?

- Initially, just perform 1st this CCleaner (You can see links before reply) program on your system, to clean and enhance the speed performance of your system.

- On your next reply, I'm expecting the image view of your Process Explorer. :D

benjie266
7th Jul 2012, 10:34
Eto po sakin


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:32 AM, on 7/7/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\BENJII~1\LOCALS~1\Temp\winrnqngp.exe
C:\Documents and Settings\benjiieee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\BENJII~1\LOCALS~1\Temp\yncnyp.exe
C:\Documents and Settings\benjiieee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\BENJII~1\LOCALS~1\Temp\winwdchri.exe
C:\DOCUME~1\BENJII~1\LOCALS~1\Temp\w3af1d.exe
C:\Documents and Settings\benjiieee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\benjiieee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\benjiieee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = You can see links before reply
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\benjiieee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Faronics Data Igloo Service (DataIglooService) - Faronics Corporation - C:\Program Files\Faronics\Data Igloo Standard\DIService.exe
O23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3691 bytes

Napster28
7th Jul 2012, 10:57
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:08 AM, on 7/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = You can see links before reply
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = You can see links before reply
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTo0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\Marlon\APPLIC~1\MEDIAF~1\EXTENS~1\GENC RA~1.DLL
O2 - BHO: uTorrentControl - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTo0.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
O3 - Toolbar: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTo0.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Globe Tattoo Broadband. OUC (Globe Tattoo Broadband. RunOuc) - Unknown owner - C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 5827 bytes


boss ayaw luamabas nung mga hidden files kahit i show ko at pati yung mga Hide Protecting System Files..

paki fix po please..