Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Help With Virus Removal - Hijack log included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Help With Virus Removal - Hijack log included

Unread postby bwjudy » September 6th, 2008, 12:24 pm

Hello Friends. I am having trouble removing some viruses off my computer. I have ran HiJackThis and ComboFix, I have posted my logs below.

Thanks ahead of time for any help!

COMBOFIX

ComboFix 08-09-04.09 - User 2008-09-05 16:29:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.46 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\FunWebProducts
C:\Documents and Settings\User\Application Data\FunWebProducts\Data\User\avatar.dat
C:\Documents and Settings\User\Application Data\FunWebProducts\Data\User\register.dat
C:\Documents and Settings\User\Application Data\FunWebProducts\Data\User\zbucks.dat
C:\Documents and Settings\User\Cookies\MM2048.DAT
C:\Documents and Settings\User\Cookies\MM256.DAT
C:\Documents and Settings\User\err.log
C:\WINDOWS\system32\winsrc.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS


((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-05 16:22 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-05 16:22 . 2004-08-04 03:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-05 13:15 . 2008-09-05 13:15 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-05 12:33 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-09-05 12:23 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-09-05 12:04 . 2004-08-04 03:56 656,384 --a------ C:\WINDOWS\system32\wininet.dll
2008-09-05 11:34 . 2008-09-05 13:23 2,823 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-04 17:39 . 2008-09-04 17:40 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
2008-09-04 17:38 . 2008-09-04 17:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-04 15:45 . 2008-09-04 15:49 <DIR> d-------- C:\Program Files\a-squared Free
2008-09-04 15:34 . 2004-08-04 01:32 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-09-04 15:33 . 2001-08-23 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-04 15:32 . 2001-08-23 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-04 15:31 . 2001-08-23 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-04 15:30 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll
2008-09-04 15:30 . 2001-08-23 08:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-09-04 15:30 . 2001-08-23 08:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-09-04 15:30 . 2001-08-23 08:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-09-04 15:30 . 2001-08-23 08:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2008-09-04 15:30 . 2001-08-23 08:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-09-04 15:30 . 2001-08-23 08:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-09-04 15:30 . 2001-08-23 08:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-09-04 15:23 . 2004-08-04 02:10 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-09-04 15:23 . 2004-08-04 02:10 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-09-04 15:23 . 2004-08-04 01:58 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-09-04 15:19 . 2004-08-04 03:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-09-04 15:19 . 2008-09-04 15:19 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-04 15:19 . 2008-09-04 15:19 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-04 15:19 . 2008-09-04 15:19 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-04 15:19 . 2008-09-04 15:19 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-04 15:19 . 2008-09-04 15:19 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-04 15:19 . 2008-09-04 15:19 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-04 15:12 . 2008-07-18 22:09 1,811,656 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-09-04 15:02 . 2004-08-04 01:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-04 15:02 . 2004-08-04 02:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-09-04 15:00 . 2004-08-04 03:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-09-04 15:00 . 2004-08-04 03:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-09-04 14:59 . 2004-08-04 02:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-09-04 14:59 . 2004-08-04 04:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-09-04 14:57 . 2004-08-04 03:56 146,432 --a------ C:\WINDOWS\system\winspool.drv
2008-09-04 14:57 . 2004-08-04 03:56 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2008-09-04 14:57 . 2001-08-23 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-09-04 14:57 . 2001-08-23 08:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-09-04 14:57 . 2001-08-23 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-09-04 14:57 . 2001-08-23 08:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-09-04 14:57 . 2004-08-04 02:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-09-04 14:56 . 2001-08-23 08:00 1,085,913 -ra------ C:\WINDOWS\SETCD.tmp
2008-09-04 14:56 . 2001-08-23 08:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-09-04 14:56 . 2001-08-23 08:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-09-04 14:56 . 2001-08-23 08:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-09-04 14:56 . 2001-08-23 08:00 13,608 -ra------ C:\WINDOWS\SETD9.tmp
2008-09-04 14:56 . 2001-08-23 08:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-09-04 14:56 . 2001-08-23 08:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-09-04 14:56 . 2001-08-23 08:00 7,382 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-09-04 13:59 . 2008-09-04 13:59 0 --a------ C:\WINDOWS\SETD2.tmp
2008-09-04 12:17 . 2008-09-04 12:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-04 11:54 . 2008-09-05 13:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-04 10:44 . 2008-09-04 10:44 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-04 10:44 . 2008-09-04 10:44 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-04 10:44 . 2008-09-04 10:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-04 10:43 . 2008-09-05 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-04 10:43 . 2008-09-04 10:43 <DIR> d-------- C:\Program Files\AVG
2008-09-04 10:43 . 2008-09-05 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 17:34 . 2008-09-03 17:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 17:34 . 2008-09-03 17:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-03 17:34 . 2008-09-03 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 17:34 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-03 17:34 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-20 22:59 . 2008-08-22 16:20 <DIR> d-------- C:\Program Files\AV9
2008-08-18 09:35 . 2008-08-18 09:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:09 --------- d-----w C:\Program Files\Google
2008-07-23 02:30 --------- d-----w C:\Program Files\Java
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-29 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-04 1232152]
"VTPreset"="VTPreset.exe" [2004-02-24 C:\WINDOWS\system32\VTPreset.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-04 96520]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-04 873752]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 231192]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-04 76040]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 68954]

*Newly Created Service* - COMSYSAPP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xign84ij.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 16:38:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-05 16:50:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 20:49:50

Pre-Run: 110,147,555,328 bytes free
Post-Run: 110,554,206,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

188 --- E O F --- 2008-09-02 22:49:38

--------------------------------------------------------------------------

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:19 PM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156426616515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1156431413218
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6613 bytes
bwjudy
Active Member
 
Posts: 1
Joined: September 6th, 2008, 12:19 pm
Top
Advertisement
Register to Remove

Re: Help With Virus Removal - Hijack log included

Unread postby Shaba » September 12th, 2008, 5:57 am

Hi bwjudy

Please post a fresh HijackThis log next :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Help With Virus Removal - Hijack log included

Unread postby Shaba » September 17th, 2008, 4:58 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 442 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index