Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 15:36
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > once again my pc giving probsss
Show topics
 
Forums
Forums
Once again my PC giving probsss
  Jump to:
 
Posted Message
shivak
Newbie
_ 		17. February 2008 @ 07:33 _ Link to this message    Send private message to this user   
HI
Thanks for coming with solution for our problems
once again my pc is giving probssss
so many softwares are asking me that your PC is having viruses and asking me to download their software to delete the viruses having in my PC
I am attaching my hizckthis log file
plz find the problem and give me the solution
Thanks and regards..

shiva

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:53 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SXG Advisor - {10243A31-4B07-4FB5-B37B-E6E59DC525E9} - C:\WINDOWS\dmdqdrxgrf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: emotrlq - {6748B70C-6D33-4D5A-870F-4D43B0EFDE48} - C:\WINDOWS\emotrlq.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146
O21 - SSODL: admggxp - {7236D004-863D-442A-A114-A98E5E16DBB0} - C:\WINDOWS\admggxp.dll
O21 - SSODL: bdmnopx - {B37445E5-572B-4B13-97E3-C9110B80B5DF} - C:\WINDOWS\bdmnopx.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 3934 bytes
[ + quote]
shiva
Advertisement
_ 		__
QuikDraw
Senior Member
_ 		18. February 2008 @ 04:01 _ Link to this message    Send private message to this user   
Reboot into safe mode. Open Hijackthis. Do, a scan only. Place a tick against each of the following entries. Click, Fix Checked. Close HJK. Reboot Normal.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

O2 - BHO: SXG Advisor - {10243A31-4B07-4FB5-B37B-E6E59DC525E9} - C:\WINDOWS\dmdqdrxgrf.dll

O3 - Toolbar: emotrlq - {6748B70C-6D33-4D5A-870F-4D43B0EFDE48} - C:\WINDOWS\emotrlq.dll

O21 - SSODL: admggxp - {7236D004-863D-442A-A114-A98E5E16DBB0} - C:\WINDOWS\admggxp.dll

O21 - SSODL: bdmnopx - {B37445E5-572B-4B13-97E3-C9110B80B5DF} - C:\WINDOWS\bdmnopx.dll

Please, go into msconfig and select normal startup. Reboot and post a new HJK log.
[ + quote]

This message has been edited since posting. Last time this message was edited on 18. February 2008 @ 04:05
shivak
Newbie
_ 		18. February 2008 @ 09:37 _ Link to this message    Send private message to this user   
Thank u very much for your great suggestion
I did same thing that u have given
It was cured somewhat
I have downloaded some software like Syscleaner, Ultimate Cleaner and XP antivirus
with blindly and I removed them form ADD/REMOVE, still they existing in program file of C drive. How can I remove them, I am unable to remove them when I have tried through delete option.

My new hijack this log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:11 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 4390 bytes

thanks and regards
shiva
[ + quote]
shiva
QuikDraw
Senior Member
_ 		18. February 2008 @ 19:23 _ Link to this message    Send private message to this user   
Try any of these steps to remove Syscleaner, Ultimate Cleaner or XP antivirus.

Go to Start-> Run-> type: taskmgr
Under the Processes tab find the following tasks or processes:
Name of program you want to stop running
Highlight and click "End Process".
Exit Task Manager.

Click on Start-> Run-> type: services.msc
Press "OK".
Click the "Extended tab".
Scroll down the list and find the service your want to stop.
When you find the service, double-click on it.
In the Properties Window-> General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Disabled".
Now click "Apply", then "OK" and close any open windows.

Click on Start-> Settings-> Control Panel-> Add/Remove Programs-> highlight and remove all references to program your trying to remove.

Finally, delete the following folders if they still exist:
C:\Program Files\program name.
[ + quote]

This message has been edited since posting. Last time this message was edited on 19. February 2008 @ 18:22
shivak
Newbie
_ 		19. February 2008 @ 07:06 _ Link to this message    Send private message to this user   
Hi
I am unable to do this
my task manager was desable
and I have not found the softwares which i want delete in the second step that u have given.
There are no Softwares like these in add/remove program
plz try to give solution once again
Thanks and regards
shiva

[ + quote]
shiva
Advertisement
_ 		__
 
_
QuikDraw
Senior Member
_ 		19. February 2008 @ 18:21 _ Link to this message    Send private message to this user   
Go to C:\Program Files\ find and delete XP ANTIVIRUS, Syscleaner, and Ultimate Cleaner.

Sorry, I'm having a little trouble understanding your english.

Let me know what times your here, so we can get this fixed!
[ + quote]

This message has been edited since posting. Last time this message was edited on 19. February 2008 @ 19:26
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > once again my pc giving probsss
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork