hijack log keep getting a different virus each day
pca_lars - 30 April 2008 - 9:03am
<p>can someone advise me please i have run all the usual tools spywaredoctor avg spybot etc etc i think i may have been hacked user account is unavailable and so is device manager i keep getting you do not have the appropriate permissions i am the adminstrator and there is no password on my pc no one else uses it.<br />
this is my first post let me know if i have done it correctly cheers</p>
<p>Logfile of Trend Micro HijackThis v2.0.2<br />
Scan saved at 09:45:54, on 30/04/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16640)<br />
Boot mode: Normal</p>
<p>Running processes:<br />
C:\WINDOWS\System32\smss.exe<br />
C:\WINDOWS\system32\csrss.exe<br />
C:\WINDOWS\system32\winlogon.exe<br />
C:\WINDOWS\system32\services.exe<br />
C:\WINDOWS\system32\lsass.exe<br />
C:\WINDOWS\system32\Ati2evxx.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\Ati2evxx.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\ZoneLabs\vsmon.exe<br />
C:\WINDOWS\Explorer.EXE<br />
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe<br />
C:\WINDOWS\system32\spoolsv.exe<br />
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe<br />
C:\WINDOWS\ATKKBService.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
C:\Program Files\Spyware Doctor\pctsAuxs.exe<br />
C:\Program Files\Spyware Doctor\pctsSvc.exe<br />
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe<br />
C:\Program Files\Spyware Doctor\pctsTray.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\MsPMSPSv.exe<br />
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe<br />
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe<br />
C:\Program Files\Unlocker\UnlockerAssistant.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe<br />
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe<br />
C:\Program Files\PeerGuardian2\pg2.exe<br />
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe<br />
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe<br />
C:\WINDOWS\system32\ctfmon.exe<br />
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe<br />
C:\Documents and Settings\Keith Larwood\Desktop\Lars\eMule\emule.exe<br />
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe<br />
C:\Program Files\Mozilla Firefox\firefox.exe<br />
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<br />
C:\WINDOWS\system32\wbem\wmiprvse.exe</p>
<p>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.co.uk/">http://www.google.co.uk/</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank<br />
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = <br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <br />
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br />
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)<br />
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll<br />
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll<br />
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll<br />
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"<br />
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe<br />
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray<br />
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe<br />
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe<br />
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN<br />
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H<br />
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"<br />
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP<br />
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"<br />
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"<br />
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe<br />
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe<br />
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br />
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')<br />
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')<br />
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')<br />
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000<br />
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html<br />
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm<br />
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll<br />
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll<br />
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - <a href="http://www.creative.com/su/ocx/15026/CTSUEng.cab">http://www.creative.com/su/ocx/15026/CTSUEng.cab</a><br />
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - <a href="http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab">http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab</a><br />
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll<br />
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - <a href="http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab">http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab</a><br />
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - <a href="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab">http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab</a><br />
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154728354609">http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154728354609</a><br />
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <a href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172180975609">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172180975609</a><br />
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - <a href="http://ax.emsisoft.com/asquared.cab">http://ax.emsisoft.com/asquared.cab</a><br />
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll<br />
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe<br />
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe<br />
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe<br />
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe<br />
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe<br />
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe<br />
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe<br />
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe<br />
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe<br />
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe<br />
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe<br />
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe<br />
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe<br />
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe<br />
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe<br />
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe<br />
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe<br />
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe<br />
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe<br />
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe<br />
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe</p>
<p>--<br />
End of file - 10264 bytes</p>
Log in to PCAnswers
How to...
Speed up Windows Vista
TanyaC - 4 September 2008 - 10:14am
Staff Writer Tanya Combrinck guides you through three simple steps that will boost your Windows Vista systems performance. Get the full potential out of your hardware by turning off resource heavy features. ... read more »
Latest PC news from TechRadar
- Don't automatically hate the OLPC laptop
- Average UK broadband speed is just 3.6Mbps
- 5 reasons widgets may be the next big TV trend
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK
hijack log keep getting a different virus each day
Glamdring - 30 April 2008 - 10:20pm<p>That log file is clean.<br />
Ensure that you've disabled System Restore and then run a full AVG scan in Safe Mode.</p>