Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE browser redirect virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 national1

national1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 05 August 2009 - 10:21 AM

Hi! I am working an a client's machine that has an IE redirct virus. I have tried removing it in Safe Mode with System Restore off with Malware Bytes and SpyBot and it doesn't seem to want to go away. Can you please help me? I appreciate it, thank you!

Here are the HiJackThis logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:53, on 8/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [13217034] C:\Documents and Settings\All Users\Application Data\13217034\13217034.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [SpybotDeletingA8728] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1244] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3196] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8618] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9399] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3478] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA890] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4717] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotDeletingA2811] command.com /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC225] cmd.exe /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1374] command.com /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5653] cmd.exe /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3884] command.com /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4179] cmd.exe /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3769] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5293] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6049] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7470] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2602] command.com /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7810] cmd.exe /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7029] command.com /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1695] cmd.exe /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6501] command.com /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4735] cmd.exe /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA942] command.com /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2019] cmd.exe /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6799] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9970] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6236] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4012] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4907] command.com /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3078] cmd.exe /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB2702] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3523] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1151] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8886] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9288] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6831] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB661] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8818] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6850] command.com /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7472] cmd.exe /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8932] command.com /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3048] cmd.exe /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5712] command.com /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6214] cmd.exe /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB91] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD140] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1213] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3704] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7111] command.com /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5520] cmd.exe /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB157] command.com /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8735] cmd.exe /c del "C:\WINDOWS\system32\drivers\hjgruiunmllbuf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6978] command.com /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6714] cmd.exe /c del "C:\WINDOWS\system32\hjgruihjacpvbh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1741] command.com /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3905] cmd.exe /c del "C:\WINDOWS\system32\hjgruioubxvidy.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4502] command.com /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8164] cmd.exe /c del "C:\WINDOWS\system32\hjgruihcxjbgqp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8253] command.com /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7140] cmd.exe /c del "C:\WINDOWS\system32\hjgruijjnhkehs.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3765] command.com /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3588] cmd.exe /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm434YYUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 20541 bytes

BC AdBot (Login to Remove)

 


#2 national1

national1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 06 August 2009 - 06:24 AM

Please disregard my post. I believe I have resolved the issue.
I used RootRepeal to find the root hjgrui(etc).sys file that was the culprit which kept appearing upon restart, even in safe mode. Once I removed the .sys file, I restarted, ran MBAM and removed all the remaining "tendrils" of the virus, restarted again and MBAM came up clean. I've run several more scans and they've all been clean.
Just wanted to let you know :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users