Full Version: Help On Spyware And Malware Protection Removal
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Hey guys i was visiting some sites in a search of some crack for a programe and i got some spyware and malware virus it makes everything disappear from my desktop in some seconds after switching on my pc it had disabled task manager by itself. if i try alt+crtl+del says task manager has been disabled by the admin and i also see an big red cross sign where it says the time and shows some softwares installed in pc at status bar is it called or something which is loated at below in every computer. i can see these two icons on my desktop right now Spyware&Malware Protection and Privacy Protector if you can please give me a hand here on how to remove all these viruses it will be highly appreciated thank you once again.
QUOTE(Lionking @ Apr 17 2008, 08:37 PM) 
Hey guys i was visiting some sites in a search of some crack for a programe and i got some spyware and malware virus it makes everything disappear from my desktop in some seconds after switching on my pc it had disabled task manager by itself. if i try alt+crtl+del says task manager has been disabled by the admin and i also see an big red cross sign where it says the time and shows some softwares installed in pc at status bar is it called or something which is loated at below in every computer. i can see these two icons on my desktop right now Spyware&Malware Protection and Privacy Protector if you can please give me a hand here on how to remove all these viruses it will be highly appreciated thank you once again.
Error Cleaner is also on my desktop
and when i open my internet explorer e explorer of microsoft it takes me to this site http://ucleaner.com/main.php?wmid=6010&...Q==&lndid=2
asking me to download ultimate cleaner 2007
please help me thank you:)
We need to see a HijackThis log so we can identify the infection, Lionking. Please read this tutorial on using HiackThis. Note that Hijackthis.exe should be renamed before running it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:41 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6909006C-AD15-4C89-8776-5D3C7490C24B} - C:\WINDOWS\system32\awtturrq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\WINDOWS\lgmxvpatamk.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXOgeCv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: qtvglped - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [bc332889] rundll32.exe "C:\WINDOWS\system32\omaxofdv.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byXOgeCv - C:\WINDOWS\SYSTEM32\byXOgeCv.dll
O21 - SSODL: RomMon - {c49641d3-c2ad-4812-b307-0b9684c08e0f} - C:\WINDOWS\Resources\RomMon.dll
O21 - SSODL: zip - {57c668a6-f52d-4ff5-a859-274b6e7f7051} - C:\WINDOWS\Installer\{57c668a6-f52d-4ff5-a859-274b6e7f7051}\zip.dll
O21 - SSODL: pmsoarbf - {207E691A-E502-410E-88A3-174A9F338B3E} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {83E187EC-4E14-4986-9069-DDC927B4871C} - C:\WINDOWS\omlbpkaw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 8082 bytes
Result i got from hijackthis this is the log file and i did read the tutorial and did everything as it said there thanks again for replying
Scan saved at 3:55:41 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6909006C-AD15-4C89-8776-5D3C7490C24B} - C:\WINDOWS\system32\awtturrq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\WINDOWS\lgmxvpatamk.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXOgeCv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: qtvglped - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [bc332889] rundll32.exe "C:\WINDOWS\system32\omaxofdv.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byXOgeCv - C:\WINDOWS\SYSTEM32\byXOgeCv.dll
O21 - SSODL: RomMon - {c49641d3-c2ad-4812-b307-0b9684c08e0f} - C:\WINDOWS\Resources\RomMon.dll
O21 - SSODL: zip - {57c668a6-f52d-4ff5-a859-274b6e7f7051} - C:\WINDOWS\Installer\{57c668a6-f52d-4ff5-a859-274b6e7f7051}\zip.dll
O21 - SSODL: pmsoarbf - {207E691A-E502-410E-88A3-174A9F338B3E} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {83E187EC-4E14-4986-9069-DDC927B4871C} - C:\WINDOWS\omlbpkaw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 8082 bytes
Result i got from hijackthis this is the log file and i did read the tutorial and did everything as it said there thanks again for replying
Hi Lionking,
Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").
Download and install AVG Anti-Spyware from http://free.grisoft.com/doc/20/lng/us/tpl/v5 - (Please do not confuse it with AVG Antivirus, which is another thing. Scroll down the page and click the "download the free version" orange button). don't run it for scanning yet, just update it:
Double-click the icon on Desktop to launch AVGAS
You will need to update AVGAS to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
When you have finished updating, EXIT AVGAS.
Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts. Type 1 (Enter) to start the fix.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick or type anything while combofix is running. That may cause it to stall.
Run it only once !!!
Disconnect from the internet.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: (no name) - {6909006C-AD15-4C89-8776-5D3C7490C24B} - C:\WINDOWS\system32\awtturrq.dll
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\WINDOWS\lgmxvpatamk.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXOgeCv.dll
O3 - Toolbar: qtvglped - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [bc332889] rundll32.exe "C:\WINDOWS\system32\omaxofdv.dll",b
O20 - Winlogon Notify: byXOgeCv - C:\WINDOWS\SYSTEM32\byXOgeCv.dll
O21 - SSODL: RomMon - {c49641d3-c2ad-4812-b307-0b9684c08e0f} - C:\WINDOWS\Resources\RomMon.dll
O21 - SSODL: zip - {57c668a6-f52d-4ff5-a859-274b6e7f7051} - C:\WINDOWS\Installer\{57c668a6-f52d-4ff5-a859-274b6e7f7051}\zip.dll
O21 - SSODL: pmsoarbf - {207E691A-E502-410E-88A3-174A9F338B3E} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {83E187EC-4E14-4986-9069-DDC927B4871C} - C:\WINDOWS\omlbpkaw.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them if still there:
C:\WINDOWS\system32\awtturrq.dll
C:\WINDOWS\system32\byXOgeCv.dll
C:\WINDOWS\system32\omaxofdv.dll
C:\WINDOWS\lgmxvpatamk.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\Resources\RomMon.dll
C:\WINDOWS\Installer\{57c668a6-f52d-4ff5-a859-274b6e7f7051}\ (whole folder)
C:\WINDOWS\privacy_danger\ (folder)
Exit Explorer, do NOT reboot yet !
Run AVG Anti-Spyware.
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine, then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
Make sure you know where to find this file again.
Note: If you are unable to run avgas in safe mode, restart in normal mode and perform a full system scan from there.
Restart in Normal Mode.
Post back:
1 - The c:\combofix\report.txt log;
2 - The avgas report;
3 - A fresh HJT log.
Chris
Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").
Download and install AVG Anti-Spyware from http://free.grisoft.com/doc/20/lng/us/tpl/v5 - (Please do not confuse it with AVG Antivirus, which is another thing. Scroll down the page and click the "download the free version" orange button). don't run it for scanning yet, just update it:
Double-click the icon on Desktop to launch AVGAS
You will need to update AVGAS to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
When you have finished updating, EXIT AVGAS.
Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts. Type 1 (Enter) to start the fix.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick or type anything while combofix is running. That may cause it to stall.
Run it only once !!!
Disconnect from the internet.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: (no name) - {6909006C-AD15-4C89-8776-5D3C7490C24B} - C:\WINDOWS\system32\awtturrq.dll
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\WINDOWS\lgmxvpatamk.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXOgeCv.dll
O3 - Toolbar: qtvglped - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [bc332889] rundll32.exe "C:\WINDOWS\system32\omaxofdv.dll",b
O20 - Winlogon Notify: byXOgeCv - C:\WINDOWS\SYSTEM32\byXOgeCv.dll
O21 - SSODL: RomMon - {c49641d3-c2ad-4812-b307-0b9684c08e0f} - C:\WINDOWS\Resources\RomMon.dll
O21 - SSODL: zip - {57c668a6-f52d-4ff5-a859-274b6e7f7051} - C:\WINDOWS\Installer\{57c668a6-f52d-4ff5-a859-274b6e7f7051}\zip.dll
O21 - SSODL: pmsoarbf - {207E691A-E502-410E-88A3-174A9F338B3E} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {83E187EC-4E14-4986-9069-DDC927B4871C} - C:\WINDOWS\omlbpkaw.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them if still there:
C:\WINDOWS\system32\awtturrq.dll
C:\WINDOWS\system32\byXOgeCv.dll
C:\WINDOWS\system32\omaxofdv.dll
C:\WINDOWS\lgmxvpatamk.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\Resources\RomMon.dll
C:\WINDOWS\Installer\{57c668a6-f52d-4ff5-a859-274b6e7f7051}\ (whole folder)
C:\WINDOWS\privacy_danger\ (folder)
Exit Explorer, do NOT reboot yet !
Run AVG Anti-Spyware.
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine, then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
Make sure you know where to find this file again.
Note: If you are unable to run avgas in safe mode, restart in normal mode and perform a full system scan from there.
Restart in Normal Mode.
Post back:
1 - The c:\combofix\report.txt log;
2 - The avgas report;
3 - A fresh HJT log.
Chris
Thanks alot guys i did everything that i was told to do and my pc looks much much better now thanks once again to you and your best work for the world and community.i will be adding all the logs that has been asked to add here after doing all the steps mentioned in above replied by one of the best modifier or operator. i am adding avg fresh report log after scaning which was done at the last and combofix log and hijackthis's fresh log.
Fresh log of hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:31 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pmsoarbf - {45B6B7B1-9E9B-472C-AE41-BD90F71645E9} - C:\WINDOWS\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {FFD07147-E227-47FC-ABD8-EF7B3A1E8090} - C:\WINDOWS\omlbpkaw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7976 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:31 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pmsoarbf - {45B6B7B1-9E9B-472C-AE41-BD90F71645E9} - C:\WINDOWS\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {FFD07147-E227-47FC-ABD8-EF7B3A1E8090} - C:\WINDOWS\omlbpkaw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7976 bytes
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:59:40 PM 4/18/2008
+ Scan result:
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018112.DLL -> Backdoor.Ircflood.s : Cleaned with backup (quarantined).
D:\BsB\BsB.rar/BsB\MYEDITion\SCRIPT8.INI -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB.rar/BsB\MYEDITion\noneedyet.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB.rar/BsB\MYEDITion\noneedyet1.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB\MYEDITion\SCRIPT8.INI -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB\MYEDITion\noneedyet.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB\MYEDITion\noneedyet1.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\softwares1\BsB\BsB\MYEDITion\SCRIPT8.INI -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\softwares1\BsB\BsB\MYEDITion\noneedyet.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\softwares1\BsB\BsB\MYEDITion\noneedyet1.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018104.exe -> Backdoor.VB.aya : Cleaned with backup (quarantined).
D:\proxy scanning stuff nice\ProxyScannerPro.zip/ProxyScannerPro.exe -> Backdoor.VB.aya : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\antiviirus.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp0.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp1.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp2.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp3.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023102.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023103.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023104.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023105.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023106.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\Exe_Joiner.exe -> Dropper.Joiner.ai : Cleaned with backup (quarantined).
D:\Forum_Proxy_Leecher_v1.07.712.rar/Forum Proxy Leecher v1.07.712\Keygen_DTX.Tm\Keygen by DTX.Tm.exe -> Dropper.VB.vo : Cleaned with backup (quarantined).
D:\Forum_Proxy_Leecher_v1.07.712\Forum Proxy Leecher v1.07.712\Keygen_DTX.Tm\Keygen by DTX.Tm.exe -> Dropper.VB.vo : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\Decoder.dll -> Logger.Agent.ak : Cleaned with backup (quarantined).
E:\all shop hacks\Shophack1.rar/Shophack1\Shophack1.exe -> Logger.Ayolog.kq : Cleaned with backup (quarantined).
E:\all shop hacks\Shophack1\Shophack1\Shophack1.exe -> Logger.Ayolog.kq : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Sonic-Spy\Sonic-Spy.exe -> Logger.VB.pl : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\server.exe -> Logger.Yspy.a : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\yspy.exe -> Not-A-Virus.Constructor.Win32.YSPY.a : Ignored.
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018109.exe -> Not-A-Virus.Flooder.Win32.PacketStorm : Ignored.
D:\proxy scanning stuff nice\SocksScanner.zip/SocksScanner/SocksScanner/Socks-Scanner/SP2-TCP-Patch.zip/SP2-TCP-Patch/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\proxy scanning stuff nice\SocksScanner.zip/SocksScanner/SocksScanner/Socks-Scanner/SP2-TCP-Patch/SP2-TCP-Patch/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\proxy scanning stuff nice\SocksScanner\SocksScanner\SocksScanner\Socks-Scanner\SP2-TCP-Patch.zip/SP2-TCP-Patch/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\proxy scanning stuff nice\SocksScanner\SocksScanner\SocksScanner\Socks-Scanner\SP2-TCP-Patch\SP2-TCP-Patch\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\winxp patch for tcpip conection limits\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\winxp patch for tcpip conection limits\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018108.exe -> Not-A-Virus.HackTool.Win32.MSNaccCrack.20 : Ignored.
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018110.exe -> Not-A-Virus.HackTool.Win32.VB.hg : Ignored.
E:\c ka desktop\phpNuke-hack-tool.rar/phpNuke-hack-tool\phpNuke-hack-tool.exe -> Not-A-Virus.HackTool.Win32.VB.hg : Ignored.
D:\SaM^ScRipT\SaM^ScRipT\Wartools\Portscan.exe -> Not-A-Virus.NetTool.Win32.Scan.12 : Ignored.
C:\Documents and Settings\Kashif\Desktop\mIRC_631_yenikoyum.blogspot.com.rar/YAMA_Patch\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Kashif\Desktop\mIRC_631_yenikoyum.blogspot.com\YAMA_Patch\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
D:\BsB\BsB\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
D:\TheMachine\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
E:\Dishnewbies\Dishnewbies\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
E:\mirc\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
D:\proxy scanning stuff nice\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\d-e51fo1\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT.rar/Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\DVT\Patch.exe -> Trojan.Crack.h : Cleaned with backup (quarantined).
D:\proxy scanning stuff nice\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\d-e51fo1\d-000fo\DVT\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT.rar/Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\DVT\Patch.exe -> Trojan.Crack.h : Cleaned with backup (quarantined).
E:\HowHigh_2.0_XP.zip/H©wHÏgh_2.0_XP/Addons/Nukenabber/Report.exe -> Trojan.Nuker.nukenabber.a : Cleaned with backup (quarantined).
E:\HowHigh_2.0_XP\H¬wH-gh_2.0_XP\Addons\Nukenabber\Report.exe -> Trojan.Nuker.nukenabber.a : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Magic-PS 1.5 SE Update\MPS-15-SE.exe -> Trojan.Sagic.15.c : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018111.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Hosein-ps-v16\bestpic.jpg.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Hosein-ps-v16\bestpic.jpg.rar/bestpic.jpg.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\power-spy_v12.zip/hosein-ps_v12.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack\PASS-hak\Hosein-ps-v16\bestpic.jpg.rar/bestpic.jpg.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\EaZy-PS.zip/EaZy-PS.exe -> Trojan.VB.jv : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Hosein-ps-v16\Hosein-ps-v16.exe -> Trojan.VB.jv : Cleaned with backup (quarantined).
::Report end
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:59:40 PM 4/18/2008
+ Scan result:
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018112.DLL -> Backdoor.Ircflood.s : Cleaned with backup (quarantined).
D:\BsB\BsB.rar/BsB\MYEDITion\SCRIPT8.INI -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB.rar/BsB\MYEDITion\noneedyet.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB.rar/BsB\MYEDITion\noneedyet1.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB\MYEDITion\SCRIPT8.INI -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB\MYEDITion\noneedyet.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\BsB\BsB\MYEDITion\noneedyet1.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\softwares1\BsB\BsB\MYEDITion\SCRIPT8.INI -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\softwares1\BsB\BsB\MYEDITion\noneedyet.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\softwares1\BsB\BsB\MYEDITion\noneedyet1.ini -> Backdoor.Uckone : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018104.exe -> Backdoor.VB.aya : Cleaned with backup (quarantined).
D:\proxy scanning stuff nice\ProxyScannerPro.zip/ProxyScannerPro.exe -> Backdoor.VB.aya : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\antiviirus.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp0.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp1.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp2.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\tmp3.exe.vir -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023102.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023103.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023104.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023105.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP59\A0023106.exe -> Downloader.Small.ivo : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\Exe_Joiner.exe -> Dropper.Joiner.ai : Cleaned with backup (quarantined).
D:\Forum_Proxy_Leecher_v1.07.712.rar/Forum Proxy Leecher v1.07.712\Keygen_DTX.Tm\Keygen by DTX.Tm.exe -> Dropper.VB.vo : Cleaned with backup (quarantined).
D:\Forum_Proxy_Leecher_v1.07.712\Forum Proxy Leecher v1.07.712\Keygen_DTX.Tm\Keygen by DTX.Tm.exe -> Dropper.VB.vo : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\Decoder.dll -> Logger.Agent.ak : Cleaned with backup (quarantined).
E:\all shop hacks\Shophack1.rar/Shophack1\Shophack1.exe -> Logger.Ayolog.kq : Cleaned with backup (quarantined).
E:\all shop hacks\Shophack1\Shophack1\Shophack1.exe -> Logger.Ayolog.kq : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Sonic-Spy\Sonic-Spy.exe -> Logger.VB.pl : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\server.exe -> Logger.Yspy.a : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Yahoo Spy Final\yspy.exe -> Not-A-Virus.Constructor.Win32.YSPY.a : Ignored.
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018109.exe -> Not-A-Virus.Flooder.Win32.PacketStorm : Ignored.
D:\proxy scanning stuff nice\SocksScanner.zip/SocksScanner/SocksScanner/Socks-Scanner/SP2-TCP-Patch.zip/SP2-TCP-Patch/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\proxy scanning stuff nice\SocksScanner.zip/SocksScanner/SocksScanner/Socks-Scanner/SP2-TCP-Patch/SP2-TCP-Patch/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\proxy scanning stuff nice\SocksScanner\SocksScanner\SocksScanner\Socks-Scanner\SP2-TCP-Patch.zip/SP2-TCP-Patch/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\proxy scanning stuff nice\SocksScanner\SocksScanner\SocksScanner\Socks-Scanner\SP2-TCP-Patch\SP2-TCP-Patch\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\winxp patch for tcpip conection limits\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\winxp patch for tcpip conection limits\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018108.exe -> Not-A-Virus.HackTool.Win32.MSNaccCrack.20 : Ignored.
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018110.exe -> Not-A-Virus.HackTool.Win32.VB.hg : Ignored.
E:\c ka desktop\phpNuke-hack-tool.rar/phpNuke-hack-tool\phpNuke-hack-tool.exe -> Not-A-Virus.HackTool.Win32.VB.hg : Ignored.
D:\SaM^ScRipT\SaM^ScRipT\Wartools\Portscan.exe -> Not-A-Virus.NetTool.Win32.Scan.12 : Ignored.
C:\Documents and Settings\Kashif\Desktop\mIRC_631_yenikoyum.blogspot.com.rar/YAMA_Patch\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Kashif\Desktop\mIRC_631_yenikoyum.blogspot.com\YAMA_Patch\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
D:\BsB\BsB\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
D:\TheMachine\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
E:\Dishnewbies\Dishnewbies\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
E:\mirc\mirc6.31-patch-Fawkess.exe -> Trojan.Agent : Cleaned with backup (quarantined).
D:\proxy scanning stuff nice\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\d-e51fo1\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT.rar/Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\DVT\Patch.exe -> Trojan.Crack.h : Cleaned with backup (quarantined).
D:\proxy scanning stuff nice\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\d-e51fo1\d-000fo\DVT\Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT.rar/Forum.Proxy.Leecher.v1.07.712.Incl.KeyMaker.And.Patch-DVT\DVT\Patch.exe -> Trojan.Crack.h : Cleaned with backup (quarantined).
E:\HowHigh_2.0_XP.zip/H©wHÏgh_2.0_XP/Addons/Nukenabber/Report.exe -> Trojan.Nuker.nukenabber.a : Cleaned with backup (quarantined).
E:\HowHigh_2.0_XP\H¬wH-gh_2.0_XP\Addons\Nukenabber\Report.exe -> Trojan.Nuker.nukenabber.a : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Magic-PS 1.5 SE Update\MPS-15-SE.exe -> Trojan.Sagic.15.c : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{D2B4A6BB-CD57-4E3E-B484-7351D147FA89}\RP42\A0018111.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Hosein-ps-v16\bestpic.jpg.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Hosein-ps-v16\bestpic.jpg.rar/bestpic.jpg.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\power-spy_v12.zip/hosein-ps_v12.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack\PASS-hak\Hosein-ps-v16\bestpic.jpg.rar/bestpic.jpg.exe -> Trojan.VB.jt : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\EaZy-PS.zip/EaZy-PS.exe -> Trojan.VB.jv : Cleaned with backup (quarantined).
E:\hak\BB_s_PASS-hak yahoo passhack.rar/PASS-hak\Hosein-ps-v16\Hosein-ps-v16.exe -> Trojan.VB.jv : Cleaned with backup (quarantined).
::Report end
for some reason i cant add combofix's log it says access forbidden maybe its because of fonts and stuff that are included in that log so let me know how i can refrain it from all those unallowed signs in that log thanks
I need that c:\combofix\report.txt
Try attaching it as a file instead of pasting it to see if it works.
Fix those using HJT:
O21 - SSODL: pmsoarbf - {45B6B7B1-9E9B-472C-AE41-BD90F71645E9} - C:\WINDOWS\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {FFD07147-E227-47FC-ABD8-EF7B3A1E8090} - C:\WINDOWS\omlbpkaw.dll (file missing)
Click on Fix Checked when finished and exit HijackThis.
Post the combofix log (do not run combofix again or it will overwrite the original log) along with a fresh HJT log.
Chris
Try attaching it as a file instead of pasting it to see if it works.
Fix those using HJT:
O21 - SSODL: pmsoarbf - {45B6B7B1-9E9B-472C-AE41-BD90F71645E9} - C:\WINDOWS\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {FFD07147-E227-47FC-ABD8-EF7B3A1E8090} - C:\WINDOWS\omlbpkaw.dll (file missing)
Click on Fix Checked when finished and exit HijackThis.
Post the combofix log (do not run combofix again or it will overwrite the original log) along with a fresh HJT log.
Chris
Hey guys i tried alot to copy and paste the combofix log but i couldnt so instead i just attatched a copy of combofix becuase it did not let me paste the the combofix log here becuase everytime i tried it took to a place saying access forbidden and stuff so please try downloading and reveiw the file thanks alot again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:53 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\softwares\spyware\Spyware_Doctor_5.1.0.273-www.cw-network.info\Spyware Doctor 5.1.0.273 + serial\sdsetup.exe
C:\DOCUME~1\Kashif\LOCALS~1\Temp\is-AQC8J.tmp\is-7107J.tmp
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9288 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:53 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\softwares\spyware\Spyware_Doctor_5.1.0.273-www.cw-network.info\Spyware Doctor 5.1.0.273 + serial\sdsetup.exe
C:\DOCUME~1\Kashif\LOCALS~1\Temp\is-AQC8J.tmp\is-7107J.tmp
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9288 bytes
The log looks clean, apart of this:
C:\DOCUME~1\Kashif\LOCALS~1\Temp\is-AQC8J.tmp\is-7107J.tmp
Please go to c:\Documents and settings\kashif\Local settings\Temp\ and delete any folder/file in there.
Let me know how is your system running.
Chris
C:\DOCUME~1\Kashif\LOCALS~1\Temp\is-AQC8J.tmp\is-7107J.tmp
Please go to c:\Documents and settings\kashif\Local settings\Temp\ and delete any folder/file in there.
Let me know how is your system running.
Chris
hey thanks alot pc is running good now i have downloaded pc tools spyware doctor version 5.1.0.273 is that any good also please let me know of all the spyware tools and a good internet security software or an nice antivirus thanks alot to you all for all the help you did 
best of luck in life
best of luck in life
You are welcome. Glad we could help.
You can pick a free antivirus from one of those links:
AVG - http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free
AVAST - http://www.avast.com/eng/avast_4_home.html
AntiVir - http://www.free-av.com/
Note that you have some Norton stuff running...
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
This may cause conflicts with other A/V. You must have only one running, so, uninstall any other before installing a new one.
Uninstall AVG antispyware, as you have SpywareDoctor already installed.
I would also suggest you to install those freebies to be more protected:
ZoneAlarm free Firewall from http://www.zonelabs.com/store/content/comp...reeDownload.jsp (scroll down the page and get ZoneAlarm Firewall free basic protection, not the security suite trial)
Spybot S&D resident shield, from http://www.safer-networking.org/en/mirrors/index.html
SpywareBlaster: http://www.javacoolsoftware.com/sbdownload.html (update the definition files on install and once a week after install)
SpywareGuard: http://www.javacoolsoftware.com/sgdownload.html
RegProt (warns every time a registry key is changed and allow to deny if suspicious): http://www.diamondcs.com.au/index.php?page=regprot
Crazy Browser from http://www.crazybrowser.com/ instead of IE (although it needs the IE engine to run, it has built-in popup blocker and content filter). You may also consider FireFox.
With safe surfing and mailing habits (never let the mail preview pane enabled, as new baddies now comes embedded in the text or hidden scripts - delete any suspicious mail without viewing them), this will keep most baddies away.
Chris.
Glad we could help.You can pick a free antivirus from one of those links:
AVG - http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free
AVAST - http://www.avast.com/eng/avast_4_home.html
AntiVir - http://www.free-av.com/
Note that you have some Norton stuff running...
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
This may cause conflicts with other A/V. You must have only one running, so, uninstall any other before installing a new one.
Uninstall AVG antispyware, as you have SpywareDoctor already installed.
I would also suggest you to install those freebies to be more protected:
ZoneAlarm free Firewall from http://www.zonelabs.com/store/content/comp...reeDownload.jsp (scroll down the page and get ZoneAlarm Firewall free basic protection, not the security suite trial)
Spybot S&D resident shield, from http://www.safer-networking.org/en/mirrors/index.html
SpywareBlaster: http://www.javacoolsoftware.com/sbdownload.html (update the definition files on install and once a week after install)
SpywareGuard: http://www.javacoolsoftware.com/sgdownload.html
RegProt (warns every time a registry key is changed and allow to deny if suspicious): http://www.diamondcs.com.au/index.php?page=regprot
Crazy Browser from http://www.crazybrowser.com/ instead of IE (although it needs the IE engine to run, it has built-in popup blocker and content filter). You may also consider FireFox.
With safe surfing and mailing habits (never let the mail preview pane enabled, as new baddies now comes embedded in the text or hidden scripts - delete any suspicious mail without viewing them), this will keep most baddies away.
Chris.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.