Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please HELP me remove Winantivirus 2006/2007 spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please HELP me remove Winantivirus 2006/2007 spyware

Unread postby akkiz » September 1st, 2007, 9:51 am

Hello,
I need your expert guidance to help me remove Winantivirus pRo 2006/2007 spyware from my Windows XP system.
This spyWare is troubling me every now and there with its pop up ads etc. Though I have Mcafee antivirus and Spyware doctor installed still I am acing trouble with this spyware.

I think the issue is with 2 dll files namely fccyayy.dll and pmkjg.dll which have installed as BHO objects in my explorer.

PLEASE HELP ME!!! THANKS A TON!!!

Here is the logfile



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:58:24 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\welcome xp\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07FE92EF-E58D-43FC-BF55-A37C104BEE74} - C:\WINDOWS\system32\fccyayy.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6DE58535-EB97-43DD-AC10-0C4A33DEBFB0} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{909D695E-619D-4E59-A537-AA34730237E5}: NameServer = 172.16.1.1
O20 - Winlogon Notify: fccyayy - C:\WINDOWS\SYSTEM32\fccyayy.dll
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://172.16.1.3/images/gears.gif

--
End of file - 7662 bytes
akkiz
Active Member
 
Posts: 3
Joined: September 1st, 2007, 9:48 am
Advertisement
Register to Remove

Unread postby __RiP_ChAiN_ » September 1st, 2007, 7:44 pm

Hello akkiz,

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

Thanks for your help!! Here is the VundoFix & New Hijack

Unread postby akkiz » September 1st, 2007, 11:57 pm

VundoFix V6.5.7

Checking Java version...

Scan started at 9:01:34 AM 9/2/2007

Listing files found while scanning....

C:\windows\system32\acyuslhl.dll
C:\windows\system32\avuwdqoj.dll
C:\windows\system32\bbvjwvlx.ini
C:\windows\system32\btqwsspo.dll
C:\windows\system32\cndblpjf.ini
C:\windows\system32\dcggfeuq.ini
C:\windows\system32\eohmktip.ini
C:\windows\system32\FHCEHHAU.DLL
C:\windows\system32\fjplbdnc.dll
C:\windows\system32\fljjdvaj.ini
C:\WINDOWS\system32\fwccsgrm.dll
C:\windows\system32\gdnocjxy.ini
C:\windows\system32\homnkquw.dll
C:\windows\system32\iutbnmom.dll
C:\windows\system32\javdjjlf.dll
C:\windows\system32\jcyevsfu.ini
C:\windows\system32\joqdwuva.ini
C:\windows\system32\lhlsuyca.ini
C:\windows\system32\lmcghdbx.ini
C:\windows\system32\lxsilsum.dll
C:\windows\system32\momnbtui.ini
C:\windows\system32\mpeycwcy.dll
C:\windows\system32\muslisxl.ini
C:\windows\system32\opsswqtb.ini
C:\windows\system32\pitkmhoe.dll
C:\WINDOWS\system32\pmkjg.dll
C:\windows\system32\qeoverkr.dll
C:\windows\system32\quefggcd.dll
C:\windows\system32\rgsbknwt.dll
C:\windows\system32\rkrevoeq.ini
C:\windows\system32\rysgvlfv.ini
C:\windows\system32\tbpvgshu.dll
C:\windows\system32\twnkbsgr.ini
C:\windows\system32\UAHHECHF.ini
C:\windows\system32\ufsveycj.dll
C:\windows\system32\uhsgvpbt.ini
C:\windows\system32\vflvgsyr.dll
C:\windows\system32\vrmybogy.ini
C:\windows\system32\wfxrtbqy.dll
C:\windows\system32\wuqknmoh.ini
C:\windows\system32\xbdhgcml.dll
C:\windows\system32\xlvwjvbb.dll
C:\windows\system32\ycwcyepm.ini
C:\windows\system32\ygobymrv.dll
C:\windows\system32\yqbtrxfw.ini
C:\windows\system32\yxjcondg.dll

Beginning removal...

Attempting to delete C:\windows\system32\acyuslhl.dll
C:\windows\system32\acyuslhl.dll Has been deleted!

Attempting to delete C:\windows\system32\avuwdqoj.dll
C:\windows\system32\avuwdqoj.dll Has been deleted!

Attempting to delete C:\windows\system32\bbvjwvlx.ini
C:\windows\system32\bbvjwvlx.ini Has been deleted!

Attempting to delete C:\windows\system32\btqwsspo.dll
C:\windows\system32\btqwsspo.dll Has been deleted!

Attempting to delete C:\windows\system32\cndblpjf.ini
C:\windows\system32\cndblpjf.ini Has been deleted!

Attempting to delete C:\windows\system32\dcggfeuq.ini
C:\windows\system32\dcggfeuq.ini Has been deleted!

Attempting to delete C:\windows\system32\eohmktip.ini
C:\windows\system32\eohmktip.ini Has been deleted!

Attempting to delete C:\windows\system32\FHCEHHAU.DLL
C:\windows\system32\FHCEHHAU.DLL Has been deleted!

Attempting to delete C:\windows\system32\fjplbdnc.dll
C:\windows\system32\fjplbdnc.dll Has been deleted!

Attempting to delete C:\windows\system32\fljjdvaj.ini
C:\windows\system32\fljjdvaj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwccsgrm.dll
C:\WINDOWS\system32\fwccsgrm.dll Has been deleted!

Attempting to delete C:\windows\system32\gdnocjxy.ini
C:\windows\system32\gdnocjxy.ini Has been deleted!

Attempting to delete C:\windows\system32\homnkquw.dll
C:\windows\system32\homnkquw.dll Has been deleted!

Attempting to delete C:\windows\system32\iutbnmom.dll
C:\windows\system32\iutbnmom.dll Has been deleted!

Attempting to delete C:\windows\system32\javdjjlf.dll
C:\windows\system32\javdjjlf.dll Has been deleted!

Attempting to delete C:\windows\system32\jcyevsfu.ini
C:\windows\system32\jcyevsfu.ini Has been deleted!

Attempting to delete C:\windows\system32\joqdwuva.ini
C:\windows\system32\joqdwuva.ini Has been deleted!

Attempting to delete C:\windows\system32\lhlsuyca.ini
C:\windows\system32\lhlsuyca.ini Has been deleted!

Attempting to delete C:\windows\system32\lmcghdbx.ini
C:\windows\system32\lmcghdbx.ini Has been deleted!

Attempting to delete C:\windows\system32\lxsilsum.dll
C:\windows\system32\lxsilsum.dll Has been deleted!

Attempting to delete C:\windows\system32\momnbtui.ini
C:\windows\system32\momnbtui.ini Has been deleted!

Attempting to delete C:\windows\system32\mpeycwcy.dll
C:\windows\system32\mpeycwcy.dll Has been deleted!

Attempting to delete C:\windows\system32\muslisxl.ini
C:\windows\system32\muslisxl.ini Has been deleted!

Attempting to delete C:\windows\system32\opsswqtb.ini
C:\windows\system32\opsswqtb.ini Has been deleted!

Attempting to delete C:\windows\system32\pitkmhoe.dll
C:\windows\system32\pitkmhoe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

Attempting to delete C:\windows\system32\qeoverkr.dll
C:\windows\system32\qeoverkr.dll Has been deleted!

Attempting to delete C:\windows\system32\quefggcd.dll
C:\windows\system32\quefggcd.dll Has been deleted!

Attempting to delete C:\windows\system32\rgsbknwt.dll
C:\windows\system32\rgsbknwt.dll Has been deleted!

Attempting to delete C:\windows\system32\rkrevoeq.ini
C:\windows\system32\rkrevoeq.ini Has been deleted!

Attempting to delete C:\windows\system32\rysgvlfv.ini
C:\windows\system32\rysgvlfv.ini Has been deleted!

Attempting to delete C:\windows\system32\tbpvgshu.dll
C:\windows\system32\tbpvgshu.dll Has been deleted!

Attempting to delete C:\windows\system32\twnkbsgr.ini
C:\windows\system32\twnkbsgr.ini Has been deleted!

Attempting to delete C:\windows\system32\UAHHECHF.ini
C:\windows\system32\UAHHECHF.ini Has been deleted!

Attempting to delete C:\windows\system32\ufsveycj.dll
C:\windows\system32\ufsveycj.dll Has been deleted!

Attempting to delete C:\windows\system32\uhsgvpbt.ini
C:\windows\system32\uhsgvpbt.ini Has been deleted!

Attempting to delete C:\windows\system32\vflvgsyr.dll
C:\windows\system32\vflvgsyr.dll Has been deleted!

Attempting to delete C:\windows\system32\vrmybogy.ini
C:\windows\system32\vrmybogy.ini Has been deleted!

Attempting to delete C:\windows\system32\wfxrtbqy.dll
C:\windows\system32\wfxrtbqy.dll Has been deleted!

Attempting to delete C:\windows\system32\wuqknmoh.ini
C:\windows\system32\wuqknmoh.ini Has been deleted!

Attempting to delete C:\windows\system32\xbdhgcml.dll
C:\windows\system32\xbdhgcml.dll Has been deleted!

Attempting to delete C:\windows\system32\xlvwjvbb.dll
C:\windows\system32\xlvwjvbb.dll Has been deleted!

Attempting to delete C:\windows\system32\ycwcyepm.ini
C:\windows\system32\ycwcyepm.ini Has been deleted!

Attempting to delete C:\windows\system32\ygobymrv.dll
C:\windows\system32\ygobymrv.dll Has been deleted!

Attempting to delete C:\windows\system32\yqbtrxfw.ini
C:\windows\system32\yqbtrxfw.ini Has been deleted!

Attempting to delete C:\windows\system32\yxjcondg.dll
C:\windows\system32\yxjcondg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 9:10:54 AM 9/2/2007

Listing files found while scanning....

C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak2
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\gjkmp.tmp
C:\WINDOWS\system32\pmkjg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.bak2
C:\WINDOWS\system32\gjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\gjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.tmp
C:\WINDOWS\system32\gjkmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

Performing Repairs to the registry.
Done!



---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:26:21 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\welcome xp\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07FE92EF-E58D-43FC-BF55-A37C104BEE74} - C:\WINDOWS\system32\fccyayy.dll
O2 - BHO: (no name) - {21B1389D-A7C7-40D3-B344-3AC8A01AD247} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{909D695E-619D-4E59-A537-AA34730237E5}: NameServer = 172.16.1.1
O20 - Winlogon Notify: fccyayy - C:\WINDOWS\SYSTEM32\fccyayy.dll
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://172.16.1.3/images/gears.gif

--
End of file - 7728 bytes
akkiz
Active Member
 
Posts: 3
Joined: September 1st, 2007, 9:48 am

Would appreciate your help in solving this issue!!!

Unread postby akkiz » September 2nd, 2007, 11:28 pm

Please HELP ME!!!!
akkiz
Active Member
 
Posts: 3
Joined: September 1st, 2007, 9:48 am

Unread postby __RiP_ChAiN_ » September 3rd, 2007, 7:58 pm

Hello akkiz,

Please download Combofix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Or http://www.techsupportforum.com/sectool ... mboFix.exe ** Take note that the links are case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

Unread postby askey127 » September 14th, 2007, 7:14 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 333 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware