HI Thanks for coming with solution for our problems once again my pc is giving probssss so many softwares are asking me that your PC is having viruses and asking me to download their software to delete the viruses having in my PC I am attaching my hizckthis log file plz find the problem and give me the solution Thanks and regards.. shiva Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:02:53 PM, on 2/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SXG Advisor - {10243A31-4B07-4FB5-B37B-E6E59DC525E9} - C:\WINDOWS\dmdqdrxgrf.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: emotrlq - {6748B70C-6D33-4D5A-870F-4D43B0EFDE48} - C:\WINDOWS\emotrlq.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146 O21 - SSODL: admggxp - {7236D004-863D-442A-A114-A98E5E16DBB0} - C:\WINDOWS\admggxp.dll O21 - SSODL: bdmnopx - {B37445E5-572B-4B13-97E3-C9110B80B5DF} - C:\WINDOWS\bdmnopx.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 3934 bytes
Reboot into safe mode. Open Hijackthis. Do, a scan only. Place a tick against each of the following entries. Click, Fix Checked. Close HJK. Reboot Normal. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: SXG Advisor - {10243A31-4B07-4FB5-B37B-E6E59DC525E9} - C:\WINDOWS\dmdqdrxgrf.dll O3 - Toolbar: emotrlq - {6748B70C-6D33-4D5A-870F-4D43B0EFDE48} - C:\WINDOWS\emotrlq.dll O21 - SSODL: admggxp - {7236D004-863D-442A-A114-A98E5E16DBB0} - C:\WINDOWS\admggxp.dll O21 - SSODL: bdmnopx - {B37445E5-572B-4B13-97E3-C9110B80B5DF} - C:\WINDOWS\bdmnopx.dll Please, go into msconfig and select normal startup. Reboot and post a new HJK log.
Thank u very much for your great suggestion I did same thing that u have given It was cured somewhat I have downloaded some software like Syscleaner, Ultimate Cleaner and XP antivirus with blindly and I removed them form ADD/REMOVE, still they existing in program file of C drive. How can I remove them, I am unable to remove them when I have tried through delete option. My new hijack this log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:11 PM, on 2/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\XP Antivirus\xpa.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{35234671-3368-4BDA-9147-087297B8E3AE}: NameServer = 218.248.240.46 218.248.255.146 O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 4390 bytes thanks and regards shiva
Try any of these steps to remove Syscleaner, Ultimate Cleaner or XP antivirus. Go to Start-> Run-> type: taskmgr Under the Processes tab find the following tasks or processes: Name of program you want to stop running Highlight and click "End Process". Exit Task Manager. Click on Start-> Run-> type: services.msc Press "OK". Click the "Extended tab". Scroll down the list and find the service your want to stop. When you find the service, double-click on it. In the Properties Window-> General Tab that opens, click the "Stop" button. From the drop-down menu next to "Startup Type", click on "Disabled". Now click "Apply", then "OK" and close any open windows. Click on Start-> Settings-> Control Panel-> Add/Remove Programs-> highlight and remove all references to program your trying to remove. Finally, delete the following folders if they still exist: C:\Program Files\program name.
Hi I am unable to do this my task manager was desable and I have not found the softwares which i want delete in the second step that u have given. There are no Softwares like these in add/remove program plz try to give solution once again Thanks and regards shiva
Go to C:\Program Files\ find and delete XP ANTIVIRUS, Syscleaner, and Ultimate Cleaner. Sorry, I'm having a little trouble understanding your english. Let me know what times your here, so we can get this fixed!
