Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Recurring trojans and malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Recurring trojans and malware

Unread postby reevo_uk » February 7th, 2009, 5:46 am

Hi, i had some problems with some trojans and worms on my computer which i thought had been fixed after running various anti virus software but i don't seem to have got rid of the root cause as my browser is starting to play up again. I ran malwarebytes anti malware and seem to get rid of some things. I have just run hi-jack this and this is the log that i received, can anyone help on which should be removed?

Thanks.

1 0.0% O16 {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
2 0.0% O16 {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://atlas.atlassolutions.com/bin/msxml4.cab
3 0.0% O16 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5658315119
4 0.0% O16 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://spssevents.webex.com/client/T26 ... eatgpc.cab
5 0.0% O16 {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} (FileMgr Class) - https://atlas.atlassolutions.com/bin/AtlasCtrl.cab
6 0.0% O16 {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/069218381672dc3a14 ... xIE601.cab
7 0.0% O16 {08C818C3-2F1E-11D0-9223-00A0244D2920} (ChartFX IE Client Object) - http://www.jicrit.co.uk/download/cfxax.cab
8 0.0% O18 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
9 0.0% O2 (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
10 0.0% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
11 0.0% O2 JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
12 0.0% O2 Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
13 0.0% O2 Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
14 0.0% O2 WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
15 0.0% O20 C:\WINDOWS\system32\zuleluje.dll,c:\windows\system32\yazeriza.dll
16 0.0% O23 NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
17 0.0% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18 0.0% O23 avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
19 0.0% O23 avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
20 0.0% O23 iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
21 0.0% O23 avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
22 0.0% O23 avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
23 0.0% O23 Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
24 0.0% O23 Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
25 0.0% O23 ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
26 0.0% O23 Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
27 0.0% O23 WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
28 0.0% O23 KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
29 0.0% O23 DaisySvc - Unknown owner - C:\DDS\Daisy\DaisySvc.exe
30 0.0% O23 Client32 - NetSupport Ltd - C:\Program Files\NetSupport Manager\client32.exe
31 0.0% O23 Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
32 0.0% O23 Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
33 0.0% O23 Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
34 0.0% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
35 0.0% O4 [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
36 0.0% O4 [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
37 0.0% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
38 0.0% O4 [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
39 0.0% O4 [nwiz] nwiz.exe /install
40 0.0% O4 Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
41 0.0% O4 [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
42 0.0% O4 [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
43 0.0% O4 [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
44 0.0% O4 [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
45 0.0% O4 Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
46 0.0% O4 [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
47 0.0% O4 [igfxpers] C:\WINDOWS\system32\igfxpers.exe
48 0.0% O4 [DVDSentry] C:\WINDOWS\System32\DSentry.exe
49 0.0% O4 [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
50 0.0% O4 [kdx] C:\Program Files\Kontiki\KHost.exe -all
51 0.0% O4 [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
52 0.0% O4 [VX6000] C:\WINDOWS\vVX6000.exe
53 0.0% O4 [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
54 0.0% O4 [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
55 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
56 0.0% O4 [Advanced System Protector] "C:\Program Files\Systweak\Advanced System Protector\ASP.exe" /autorun
57 0.0% O4 [tepajupuva] Rundll32.exe "C:\WINDOWS\system32\weyogulo.dll",s (User 'NETWORK SERVICE')
58 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
59 0.0% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
60 0.0% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
61 0.0% O9 (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
62 0.0% O9 @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
63 0.0% P01 C:\WINDOWS\Explorer.EXE
64 0.0% P01 C:\WINDOWS\system32\svchost.exe
65 0.0% P01 C:\WINDOWS\system32\lsass.exe
66 0.0% P01 C:\WINDOWS\system32\winlogon.exe
67 0.0% P01 C:\WINDOWS\system32\services.exe
68 0.0% P01 C:\WINDOWS\System32\smss.exe
69 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
70 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
71 0.0% P01 C:\WINDOWS\system32\nvsvc32.exe
72 0.0% P01 C:\WINDOWS\system32\rundll32.exe
73 0.0% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
74 0.0% P01 C:\Program Files\iPod\bin\iPodService.exe
75 0.0% P01 C:\Program Files\iTunes\iTunesHelper.exe
76 0.0% P01 C:\Program Files\Mozilla Firefox\firefox.exe
77 0.0% P01 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
78 0.0% P01 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
79 0.0% P01 C:\Program Files\Alwil Software\Avast4\ashServ.exe
80 0.0% P01 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
81 0.0% P01 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
82 0.0% P01 C:\Program Files\Canon\CAL\CALMAIN.exe
83 0.0% P01 C:\Program Files\Opera\Opera.exe
84 0.0% P01 C:\Program Files\Bonjour\mDNSResponder.exe
85 0.0% P01 C:\WINDOWS\System32\DSentry.exe
86 0.0% P01 C:\Program Files\Dell\OpenManage\Client\Iap.exe
87 0.0% P01 c:\Program Files\Microsoft LifeCam\MSCamS32.exe
88 0.0% P01 C:\Program Files\Intel\ASF Agent\ASFAgent.exe
89 0.0% P01 C:\Program Files\Kontiki\KService.exe
90 0.0% P01 C:\Program Files\Kontiki\KHost.exe
91 0.0% P01 C:\WINDOWS\vVX6000.exe
92 0.0% P01 C:\Program Files\WZCBDL Service\WZCBDLS.exe
93 0.0% P01 C:\Program Files\D-Link\Air Utility\AirCFG.exe
94 0.0% P01 C:\PROGRA~1\SAS\SAS9~1.1\CORE\SASEXE\SASOACT.EXE
95 0.0% P01 C:\Program Files\NetSupport Manager\Client32.exe
96 0.0% P01 C:\DDS\Daisy\DaisySvc.exe
97 0.0% P01 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
98 0.0% P01 C:\Documents and Settings\Administrator\My Documents\HiJackThis.exe
99 0.0% P01 C:\Program Files\Java\jre6\bin\jqs.exe
100 0.0% P01 C:\Program Files\DNA\btdna.exe
101 0.0% P01 C:\Program Files\Java\jre6\bin\jusched.exe
102 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
103 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bbc.co.uk/
104 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
105 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
106 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
107 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
108 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/e ... efault.htm
109 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/uk/e ... efault.htm
reevo_uk
Active Member
 
Posts: 1
Joined: February 7th, 2009, 5:31 am
Advertisement
Register to Remove

Re: Recurring trojans and malware

Unread postby NonSuch » February 8th, 2009, 1:25 am

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware