Member Panel

fahad2k7

please help me i've scanned a 100 times with adware 2007 , spyware doctor, spybot, and the prework. please i request your help as soon a possible

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:53 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\lvhidsvc.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
D:\Program Files\Athan\Athan.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - D:\WINDOWS\mxduo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - D:\WINDOWS\mxduo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Athan] D:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [tgcmd] D:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] D:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "D:\Program Files\Support.com\providerComcast\desktopdoctor.ex e" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=00a6ad06-5e3e-4b6a-adda-0845a16d08bc
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Program Files\MP3 Player Utilities 3.77\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\Program Files\MP3 Player Utilities 3.77\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wmphost - {2B42EA55-CE30-4125-8EF6-437529B45ACF} - D:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {94AAD7A6-A9E4-49C3-966A-EC5C062DF024} - D:\WINDOWS\wmpdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - D:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8846 bytes

Pancake

Hi
Ok.I see the problem.You have a NewMediaCodecTrojan.

Please download Combofix from HERE
Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Member Panel

Sponsors and Ads

Noticeboard