1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help me my system is badly infected by virus

Discussion in 'Virus & Other Malware Removal' started by franklin7sheetal, Apr 7, 2008.

Thread Status:
Not open for further replies.
  1. franklin7sheetal

    franklin7sheetal Thread Starter

    Joined:
    Sep 16, 2006
    Messages:
    27
    Sir , Please help me to remove this virus , i am getting popup for dowloading antispyware , My desktop screen also gets change because of this virus.
    I did Full system scan by AntiSpyware but not helping me.
    This Virus had removed my some of the .dll files , so when ever i am rebooting my system its diving me message some of the .dll file missing .
    "Error loading E:\window\system32\sapmdoup.dll" specified module not found.

    " LoadLibrary(E:\document and setting \all user\application data\mhetehox.dll")failed -the specified module could not found.
    Attached is Hijackthis File for your Reference.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:00:13 AM, on 4/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\S24EvMon.exe
    E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\WINDOWS\system32\ZCfgSvc.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\system32\wmsdkns.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    E:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\Apoint2K\Apoint.exe
    E:\WINDOWS\AGRSMMSG.exe
    E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\WINDOWS\system32\Rundll32.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\PROGRA~1\COMMON~1\APPATC~1\explorer.exe
    E:\WINDOWS\system32\ybgxmfgv.exe
    E:\Program Files\Apoint2K\Apntex.exe
    E:\Program Files\Mercury Interactive\mercury loadrunner\launch_service\bin\magentproc.exe
    E:\Program Files\Bat\X_Bat.exe
    E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    E:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    E:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    E:\WINDOWS\system32\inetsrv\inetinfo.exe
    E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    E:\Program Files\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    E:\WINDOWS\system32\RegSrvc.exe
    E:\WINDOWS\System32\snmp.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    E:\WINDOWS\system32\mqsvc.exe
    E:\WINDOWS\system32\mqtgsvc.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\internet explorer\iexplore.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
    F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\wmsdkns.exe,
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {37119EB3-0C03-7DAA-0417-2900BAC78EC5} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - E:\Program Files\Bat\Bat.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E4121B2-9FA5-4002-B343-A20C7BD52E8E} - E:\WINDOWS\system32\vtUmNDUM.dll (file missing)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {A8EEB996-62AA-4E48-995D-EADDCAC47476} - E:\WINDOWS\system32\hgGaBrOh.dll
    O2 - BHO: (no name) - {b1f03258-1dd1-11b2-844a-d95ac99666f6} - E:\WINDOWS\upwdijst.dll (file missing)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PRONoMgr.exe] E:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [CeEPOWER] E:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] E:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Apoint] E:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [iPhoneConverterSuite_upgrade] "E:\Program Files\E-Zsoft\iPhoneConverterSuite\iPhoneConverterSuite.exe" /upgrade
    O4 - HKLM\..\Run: [mhetehox] regsvr32 /u "E:\Documents and Settings\All Users\Application Data\mhetehox.dll"
    O4 - HKLM\..\Run: [c4f6b975] rundll32.exe "E:\WINDOWS\system32\sapmdoup.dll",b
    O4 - HKLM\..\Run: [BM53f094a9] Rundll32.exe "E:\WINDOWS\system32\bxjkwbum.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Oaoa] "E:\PROGRA~1\COMMON~1\APPATC~1\explorer.exe" -vt yazb
    O4 - HKCU\..\Run: [QdrModule15] "E:\Program Files\QdrModule\QdrModule15.exe"
    O4 - HKCU\..\Run: [Microsoft Windows Installer] E:\DOCUME~1\frank\LOCALS~1\Temp\ie.exe
    O4 - HKCU\..\Run: [Tsbp] "E:\Program Files\s?stem32\?hkntfs.exe"
    O4 - HKCU\..\Run: [qyfbcwst] E:\WINDOWS\system32\ybgxmfgv.exe
    O4 - Startup: Bat - Auto Update.lnk = E:\Program Files\Bat\Bat.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LoadRunner Agent Process.lnk = E:\Program Files\Mercury Interactive\mercury loadrunner\launch_service\bin\magentproc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
    O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190776515640
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
    O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: hgGaBrOh - E:\WINDOWS\SYSTEM32\hgGaBrOh.dll
    O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Sebring - E:\WINDOWS\system32\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - E:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - E:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: RegSrvc - Intel Corporation - E:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - E:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. franklin7sheetal

    franklin7sheetal Thread Starter

    Joined:
    Sep 16, 2006
    Messages:
    27
    Please Someone Reply to my Message , I need help ?

    day by day my system is getting worst...........
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/701154

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice