hi i think i've been infected with something bad i can no longer open taskmanger, and regeditor,also when i open any internet broswer nothing opens the page is blank and acts like im not conected to the net anymore,also everytime i start the pc malware doctor comes on and runs and i cant find a way to uninstall it or stop it, i've run highjackthis and here is the log please help me if you can
also please im sorry im very new here and if this isnt posted in the corect place forgive me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:28 PM, on 28/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\Hijack(GP)This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rhodeisland.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - (no
file)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290}
- lklf32.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [autochk] rundll32.exe
C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and
Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc]
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe
C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and
Settings\LocalService\Application Data\691447002.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default
user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\pmyukk3z0m.exe (User
'Default user')
O4 - HKUS\.DEFAULT\..\Run: [uidenhiufgsduiazghs]
C:\WINDOWS\TEMP\pmyukk3z0m.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager]
C:\WINDOWS\TEMP\2744224948.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SYS32DLL] SYS32DLL (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00FE213F.exe]
C:\WINDOWS\TEMP\_A00FE213F.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe
C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User
'Default user')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,
DisableRegedit=1
O8 - Extra context menu item: &Lookup Word - C:\Program
Files\QDictionary\dict.html
O8 - Extra context menu item: T&hesaurus - C:\Program
Files\QDictionary\thes.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: vzTCPConfig -
http://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -
http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements
Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl
Object) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark
SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,
O23 - Service: ASKUpgrade - Unknown owner - C:\Program
Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner -
C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown
owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -
C:\WINDOWS\runservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner -
C:\WINDOWS\
--
End of file - 8072 bytes
also please im sorry im very new here and if this isnt posted in the corect place forgive me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:28 PM, on 28/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\Hijack(GP)This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rhodeisland.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - (no
file)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290}
- lklf32.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [autochk] rundll32.exe
C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and
Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc]
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe
C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and
Settings\LocalService\Application Data\691447002.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default
user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\pmyukk3z0m.exe (User
'Default user')
O4 - HKUS\.DEFAULT\..\Run: [uidenhiufgsduiazghs]
C:\WINDOWS\TEMP\pmyukk3z0m.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager]
C:\WINDOWS\TEMP\2744224948.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SYS32DLL] SYS32DLL (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00FE213F.exe]
C:\WINDOWS\TEMP\_A00FE213F.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe
C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User
'Default user')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,
DisableRegedit=1
O8 - Extra context menu item: &Lookup Word - C:\Program
Files\QDictionary\dict.html
O8 - Extra context menu item: T&hesaurus - C:\Program
Files\QDictionary\thes.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: vzTCPConfig -
http://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -
http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements
Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl
Object) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark
SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,
O23 - Service: ASKUpgrade - Unknown owner - C:\Program
Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner -
C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown
owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -
C:\WINDOWS\runservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner -
C:\WINDOWS\
--
End of file - 8072 bytes