PCAnswers logo

Please check

pca_jeepers - 9 May 2008 - 9:07am

<p>Logfile of Trend Micro HijackThis v2.0.2<br />
Scan saved at 10:04:25, on 09/05/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br />
Boot mode: Normal</p>

<p>Running processes:<br />
C:\WINDOWS\System32\smss.exe<br />
C:\WINDOWS\system32\winlogon.exe<br />
C:\WINDOWS\system32\services.exe<br />
C:\WINDOWS\system32\lsass.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\WINDOWS\system32\spoolsv.exe<br />
C:\WINDOWS\Explorer.EXE<br />
C:\WINDOWS\system32\hkcmd.exe<br />
C:\Program Files\Comodo\Firewall\CPF.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe<br />
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe<br />
C:\WINDOWS\system32\ctfmon.exe<br />
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
C:\Program Files\Comodo\Firewall\cmdagent.exe<br />
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe<br />
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe<br />
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\SearchIndexer.exe<br />
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe</p>

<p>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2071115">www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2071115</a><br />
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR">http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR</a><br />
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR">http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = <a href="http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2071115">www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2071115</a><br />
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <a href="http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR">http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR</a><br />
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)<br />
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)<br />
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll<br />
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll<br />
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll<br />
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe<br />
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe<br />
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background<br />
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP<br />
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"<br />
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k<br />
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000<br />
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll<br />
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll<br />
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll<br />
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL<br />
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll<br />
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll<br />
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - <a href="http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1197726285281">http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1197726285281</a><br />
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <a href="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196104086500">http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196104086500</a><br />
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll<br />
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe<br />
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe<br />
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe<br />
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<br />
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe</p>

<p>--<br />
End of file - 5817 bytes</p>

‹ please check hijack log keep getting a different virus each day ›

Please check

Glamdring - 9 May 2008 - 6:31pm

<p>Clean as far as I can see, though you can fix this item as it's redundant:</p>

<p>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)</p>

Please check

Isitme - 9 May 2008 - 7:43pm

<p>...and update to AVG8 :wink:</p>

Please check

pca_jeepers - 9 May 2008 - 7:47pm

<p>Thanks :D</p>

Please check

pca_burnout69 - 11 May 2008 - 1:02pm

<p>Hello jeepers</p>

<p>If I may also add to great advice already provided, please open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries too:<span style="font-weight:bold"></p>

<p>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)<br />
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k</p>

<p></span>Close all other open windows and click on <span style="font-weight:bold">Fix checked</span>, then exit HijackThis.</p>

<p>Also your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.</p>

<p><span style="font-weight:bold"><span style="color:blue">Update Java:</span></span><br />
Go here and download the latest version of Java Runtime Environment (JRE) 6 Update 6<br />
<a href="http://java.sun.com/javase/downloads/index.jsp">http://java.sun.com/javase/downloads/index.jsp</a><br />
Go to <span style="font-weight:bold">Start</span> > <span style="font-weight:bold">Control Panel</span> double-click Add or Remove Programs.<br />
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )<br />
Select any found and click Remove.<br />
Then install the version you downloaded earlier.</p>

<p>Hope this helps.</p>

Please check

pca_jeepers - 11 May 2008 - 9:16pm

<p>Thanks again :D</p>

Log in to PCAnswers

Please note: Old PCAnswers accounts are
still active as pca_YOURUSERNAME.


Join here | Forgotten your password?.

  • PCAnswers 193

    Check out the all-new PCAnswers!

    Every issue is packed with tips and tutorials, and now comes with a fantastic Video disc, with over an hour of watch-and-learn "How to..." tutorials.

    Not convinced? Take a test drive online for free


How to...

TanyaC's picture

Speed up Windows Vista

TanyaC - 4 September 2008 - 10:14am

Speed up Vista

Staff Writer Tanya Combrinck guides you through three simple steps that will boost your Windows Vista systems performance. Get the full potential out of your hardware by turning off resource heavy features. ... read more »

For more tutorials, visit the Tutorials section.