[Lupus2401]

Logfile of HijackThis v1.99.1
Scan saved at 9:25:44 μμ, on 13/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lupus\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {428119EE-D547-C81F-F8E7-10F8E05E11F8} - blank (file missing)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Lupus\LOCALS~1\Temp\~DP2.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\.. \Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\.. \Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\.. \Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...lbl?serie=6000
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120309568109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162019415015
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\.. \{6FBA9EDB-8788-4750-AA90-3F75B08743D0}: NameServer = 194.219.227.2,193.92.150.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Any opinions about whats wrong and how to fix it?
I have scanned many times with many programs in normal and safe mode but the problem still remains. This is, as you already guessed, the HijackThis report.
Some told me about the Panda software, that it may be causing problems.
It all started after i downloaded an msn messenger installation program. When trying to start the installation program the computer restarted and after that the problems started.
Note that the bitdefender and the panda software have been unistalled from my sytem and i dont know why they are shown at the report.

P.S. The "some" programs and windows are: Spy-bot for example, or when I try to enter some sites the internet explorer closes even Firefox.

[TheSavage]

After running your log through help to go detective it reported these 3 files as suspect
Help2Go - Help2Go Detective

This is BETA Software. Use at your own risk.



Malicious

These entries have been positively identified as malicious programs. In the HijackThis program, place a check mark next to the following entries.

O2 - BHO: (no name) - {428119EE-D547-C81F-F8E7-10F8E05E11F8} - blank (file missing)
(Description: File of this BHO is missing -- probably a remnant of adware or spyware. OK to remove this entry.)

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Lupus\LOCALS~1\Temp\~DP2.dll (file missing)
(Description: File of this BHO is missing -- probably a remnant of adware or spyware. OK to remove this entry.)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
(Description: A hidden or missing adware entry.)

[Curlyben]

When was the last time you did some serious maintenance on this system ?
Are ALL the patches fully up to date ?
Have you tried a system restore to before you installed this MSN program ?
Was the MSN program the official messenger or some third party add on?

That should give you a few things to think about.

[Lupus2401]

TheSavage: I deleted those intries with HijackThis bad nothing changed still when try to open some certain sites the Firefox closes. Thx thought for the help

Curlyben: I am diong maintenance in my system. When you say patches which ones do you mean? I have system restore disabled... I just don't like it. The msn was supposed to be the original program but posted by someone. In the end the only thing that happened when I tried to run it was a restart...

[TheSavage]

Curly mean windows updates I think.
I bet you would like system restore right now.
You have a few other things on that highjack this log that look suspect [ie 02 bho no name]
But I am not good enough with those logs to say delete them. Go to geekstogo. MAKE sure you read,and follow all the direction in the first sticky.
They will not help you if you do not help yourself.
Then post a fresh log.
Geeks to Go! -> Malware Removal - HiJackThis Logs Go Here
Please let me know if they tell you to remove those 3 no name items. -- Savage

[Lupus2401]

TheSavage: Thx man. I'll post my report to them and I'll let you know about those 3 items. The only problem is that my Firefox shuts down when I try to open some of those sites so its going to be kind of hard for me to dl the requied programs.