10 replies to this topic

[timmy5712]

i would greatly appreciate some expert comment on my HJT log posted here. No major problems, but my Firefox browser (V 2.0.0.2)has closed on me unexpectedly a couple times recently. And when it has i open IE7,but typically, that will also prematurely close. I also use Yahoo! search but that sometimes plays up when i shut the computer down.

[Y] Logfile of HijackThis v1.99.1 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v7.00 (7.00.6000.16414) - This should be the newest version.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\Windows Defender\MsMpEng.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\Ahead\InCD\InCDsrv.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from our visitors as good.
[AVSCAN] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe - Part of AVG Antivirus
[AVSCAN] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe - Antivirensoftware
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\Fast.exe -
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our visitors as good.
[Y] C:\Program Files\Ahead\InCD\InCD.exe -
[Y] C:\WINDOWS\system32\fast.exe -
[AVSCAN] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe - ScanSoft Omnipage
[Y] C:\WINDOWS\system32\RunDll32.exe - RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
[Y] C:\Program Files\Windows Defender\MSASCui.exe - This entry was classified from our visitors as good.
[?] C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe - This is a unknown process.
[?] C:\Program Files\EZBackitup\EZBkuptray.exe - This is a unknown process.
[?] C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe - This is a unknown process.
[?] C:\Program Files\1-Click Answers\answers.exe - This is a unknown process.
[Y] C:\Program Files\3M\PSNLite\PsnLite.exe - This is a unknown process.This entry was classified from our visitors as good.
[Y] C:\Program Files\Microsoft Office\Office\1033\msoffice.exe -
[?] C:\Program Files\1-Click Answers\agtserv.exe - This is a unknown process.
[?] C:\Program Files\ASUPSM\USB Phone\UPhone.exe - This is a unknown process.
[Y] C:\PROGRA~1\3M\PSNLite\PSNGive.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\WordWeb\wweb32.exe - WordWeb Dictionary
[Y] C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe - Possibly nasty! According to our database this process runs normally in c:\program files\yahoo!\yahoo! desktop search\! Check if you know this process and arrange a viruscheck where required.Yahoo! Desktop Search
[Y] C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe - Yahoo! Desktop Search
[Y] C:\WINDOWS\system32\Notepad.exe - In Windows integriertes Schreibprogramm.
[Y] C:\Program Files\hijackthis\HijackThis.exe - Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
[Y] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 - This page has been identified as safe.
[Y] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 - This page has been identified as safe.
[Y] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; - This page has been identified as safe.
[Y] O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll - AnswersToolbarU.dll - 1-Click Answers, http://www.answers.c...in/download_ans wers_win.jsp
[Y] O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll - Toolband.dll - Canon EasyWebPrint, http://www.canoneasy...int.com/en/inde x.htm
[Y] O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe -
[Y] O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe - Not dangerous, but unnecessary.Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
[Y] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP - AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
[Y] O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe - This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" - OmniPage SE2
[Y] O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd - Unknown application.This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide - This entry was classified from our visitors as good.
[?] O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" - Unknown application.
[Y] O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE - Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks
[Y] O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - Not dangerous, but unnecessary."Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"
[?] O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe - Unknown application.
[Y] O4 - HKCU\..\Run: [Uniblue Quick Access] "C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe" /startup - Quick Access application from UniBlue Systems Ltd -
[Y] O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized - Pando P2P Software
[Y] O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe - Not dangerous, but unnecessary.WordWeb - free theasaurus and dictionary. Start manually
[?] O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe - Unknown application.
[?] O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe - Unknown application.
[?] O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe - Unknown application.
[Y] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - Not dangerous, but unnecessary.Speeds up the time it takes to load the Adobe Reader application. Your choice
[Y] O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - Adobe Reader Synchronizer
[Y] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE -
[Y] O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe - This entry was classified from our visitors as good.
[?] O4 - Global Startup: USB Phone.lnk = C:\Program Files\ASUPSM\USB Phone\UPhone.exe - Unknown application.
[Y] O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe - Not dangerous, but unnecessary.Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address
[Y] O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html - This entry was classified from our visitors as good.
[?] O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm - To be fixed if the entry 'Answers...' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
[Y] O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html - The entry Easy-WebPrint Add To Print List has been identified as safe.
[Y] O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html - The entry Easy-WebPrint High Speed Print has been identified as safe.
[Y] O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html - The entry Easy-WebPrint Preview has been identified as safe.
[Y] O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html - The entry Easy-WebPrint Print has been identified as safe.
[N] O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that can be fixed.This entry was classified from our visitors as good.
[N] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that can be fixed.This entry was classified from our visitors as good.
[Y] O11 - Options group: [INTERNATIONAL] International* -
[Y] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126830321593 - This entry has been identified as safe.
[Y] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126745978375 - This entry has been identified as safe.
[Y] O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab - This entry has been identified as safe.
[Y] O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll - This entry was classified from our visitors as good.
[Y] O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll - This entry was classified from our visitors as good.
[Y] O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe - This service (Ati2evxx.exe) was identified as a good one.This entry was classified from our visitors as good.
[Y] O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe - This service (ati2sgag.exe) was identified as a good one.This entry was classified from our visitors as good.
[AVSCAN] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe - This service (avgamsvr.exe) was identified as a good one.
[AVSCAN] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe - This service (avgupsvc.exe) was identified as a good one.This entry was classified from our visitors as good.
[Y] O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - This service (GoogleUpdaterService.exe) was identified as a good one.
[Y] O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe - This service (InCDsrv.exe) was identified as a good one.
[Y] O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe - This service (InCDsrv.exe) was identified as a good one.
[Y] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe - This service (iPodService.exe) was identified as a good one.

timmy5712

[ken545]

timmy

Welcome to Tom Coyote .

• Open HJT Scan and Save a Log File, it will open in Notepad
• Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.
• Please use and not

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

[timmy5712]

Logfile of HijackThis v1.99.1
Scan saved at 8:38:29 p.m., on 18/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\fast.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\1-Click Answers\agtserv.exe
C:\Program Files\ASUPSM\USB Phone\UPhone.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
c:\program files\yahoo!\yahoo! desktop search\textExtractor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\chkdsk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: USB Phone.lnk = C:\Program Files\ASUPSM\USB Phone\UPhone.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126830321593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126745978375
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

[ken545]

timmy5712

Your log basically looks fine. Have you run or are about to run the CHKDISK utility???? I have never seen this turn up on a HJT log.

Lets clean you up a bit, run the trail of AVG and its important that I see the report as it may point to something bad on your system that is not showing up on your log.

Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.

• Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run AVG and update the definition files.
• On the main screen select the icon Update then select the Update now link.
• Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
• Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
• Under Reports
• Select Automatically generate report after every scan
• Un-Select Only if threats were found
• Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.

Boot your computer into Safemode

• Go to Start> Shut Off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
• This will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to SAFEMODE
• Then press the Enter on your Keyboard

Tutorial if you need it How to boot into Safemode


IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:

• Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
• Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
• AVG will now begin the scanning process, be patient this may take a little time.
• Once the scan is complete do the following:
• If you have any infections you will prompted, then select Apply all actions
• Next select the Reports icon at the top.
• Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
• make sure to remember where you saved that file, this is important
• Close AVG Anti-Spyware 7.5

Reboot into normal windows and run this system cleaner.

Download and Install CCleaner
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner



Let me see the AVG report and a New HJT log please.

[timmy5712]

thanx Ken I have a pretty good cover for nasties. Im running AVG 7.5.446 & update/run it daily. My Scheduled Tasks also has the following - all run or updated no longer than a week apart - AdAware CCleaner 1.38.485 chkdisc dfrg, Windows update. The only problems i occasionally get are tracking cookies, which i quarantine. And avg snared a virus abt 2 yrs ago. however i have never scanned for "Issues" with CCleaner. So i did and it produced a report with abt 250 Issues!!. Many are for "missing/shared DLL, Uunused file ext, ActiveX/Com issue,font issue, help file issue", & the like. i have always been wary of doing anything involving the Registry, but maybe i should be bold & hit the "Fix selected issues" button? It certainly seems like a lot of junk is lodged there. i get comfort from yr response that hitting "Fix"[asks you to backup the Registry..Say Yes[/i] If the Fix needs to be reversed, is that straight forward? tim

[ken545]

tim

Are we on the same page, I see you have AVG Free Anti Virus 7.5. installed, I was referring to AVG Anti Spyware I need you to download , install and run the trial of AVG Anti Spyware 7.5.0.50 Its important that I see the report.

chkdisc <-- This is a utility that you need to run about every 6 months or so, it checks your disk for errors , not for malware or viruses.

If you run the Issues scan with CCleaner, it will create a backup and if you had a problem you can restore it.

Restore registry backups with CCleaner

Right-click on the .REG file created and select 'Merge'.
By default these files will be saved into your 'My Documents' folder.


Let me see the AVG Anti Spyware report please

[timmy5712]

Are we on the same page

. We weren't, but we are now that i have given myself a swift upper cut after realising that AVG has anti spyware as well as A-V. Apologies...
i've installed AVG A-S & followed the steps you set out. a copy of the AVG Anti Spyware report is below-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:54:03 p.m. 20/03/2007

+ Scan result:



:mozilla.215:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Tim\Cookies\tim@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.188:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.189:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.88:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.89:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.90:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.107:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.108:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.109:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.110:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Tim\Cookies\tim@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.244:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.245:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.246:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.43:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Tim\Cookies\tim@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Tim\Cookies\tim@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Tim\Cookies\tim@asia-en.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Tim\Cookies\tim@sg.real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.100:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.102:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.104:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.105:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.210:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\1guxfcof.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

thanks for yr patience
Tim

[ken545]

Good Morning Tim

Your log looks fine, no nasties on it and all AVG found where cookies so I would say unless you are experiencing any problems that your good to go As far as getting confused with the versions, no problem, I get a little confused my self some times.


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.

• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• Tom Coyote
• TonyKlein CastleCops
• Grinler BleepingComputer
• Geeks To Go
• Dslreports

Here are some free programs to install, don't leave home without them

• Spybot Search and Destroy 1.4
  Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  
• Ad-Aware SE Personal 1.06
  Check for Updates and run a Full System Scan on a regular basis.
  
• Spyware Blaster It will prevent most spyware from ever being installed.
  
• Spyware Guard It offers realtime protection from spyware installation attempts.
  
• Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
  
• IE-Spyad
  IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  
• Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.

Thanks for stopping by Tom Coyote , I'm glad I was able to help you.

[timmy5712]

sincere thanks Ken. Its coming up midnight here in New Zealand so i'm gonna leave it til tomorrow to work thru yr list of sggestions.

[ken545]

Your very welcome Tim

[ken545]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php