Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This Log

Unread postby jmharmon73 » July 20th, 2010, 11:44 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:02 AM, on 7/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 5.0\qbw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rharmon\Local Settings\Temporary Internet Files\Content.IE5\6XG68AP0\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 78.159.125.60 us.search.yahoo.com
O1 - Hosts: 78.159.125.60 uk.search.yahoo.com
O1 - Hosts: 78.159.125.60 search.yahoo.com
O1 - Hosts: 78.159.125.60 www.google.com.br
O1 - Hosts: 78.159.125.60 www.google.it
O1 - Hosts: 78.159.125.60 www.google.es
O1 - Hosts: 78.159.125.60 www.google.co.jp
O1 - Hosts: 78.159.125.60 www.google.com.mx
O1 - Hosts: 78.159.125.60 www.google.ca
O1 - Hosts: 78.159.125.60 www.google.com.au
O1 - Hosts: 78.159.125.60 www.google.nl
O1 - Hosts: 78.159.125.60 www.google.co.za
O1 - Hosts: 78.159.125.60 www.google.be
O1 - Hosts: 78.159.125.60 www.google.gr
O1 - Hosts: 78.159.125.60 www.google.at
O1 - Hosts: 78.159.125.60 www.google.se
O1 - Hosts: 78.159.125.60 www.google.ch
O1 - Hosts: 78.159.125.60 www.google.pt
O1 - Hosts: 78.159.125.60 www.google.dk
O1 - Hosts: 78.159.125.60 www.google.fi
O1 - Hosts: 78.159.125.60 www.google.ie
O1 - Hosts: 78.159.125.60 www.google.no
O1 - Hosts: 78.159.125.60 www.google.de
O1 - Hosts: 78.159.125.60 www.google.fr
O1 - Hosts: 78.159.125.60
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp70.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6546299245
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MBSC.internal.nationallightinginc.com
O17 - HKLM\Software\..\Telephony: DomainName = MBSC.internal.nationallightinginc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MBSC.internal.nationallightinginc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MBSC.internal.nationallightinginc.com
O20 - AppInit_DLLs: weyewove.dll c:\windows\system32\gevitizi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
O23 - Service: avast! NetAgent - ALWIL Software - C:\Program Files\Alwil Software\Avast4\AvAgent.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 9200 bytes
jmharmon73
Active Member
 
Posts: 1
Joined: July 20th, 2010, 11:40 am
Advertisement
Register to Remove

Re: Hijack This Log

Unread postby Gary R » July 23rd, 2010, 8:53 am

I see from the entries in your HJT log that you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The sections ....
.... explain why we do not offer help for such computers.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware