| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91509 | 2008-07-09 10:37:00 | hijack this help please | timmy5953 (6846) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 687038 | 2008-07-09 10:37:00 | i have one huge mess after trying to instal AVG 8.Instal Wizard wont go past "insert licence no." - & i do not have the number. Message i get is "initialisation of set up data file failed....file is corrupted." this corrupted file is in the 47mB download of AVG8. Downloaded it again. same problem.Tried Restore. no luck. Tried to uninstal AVG 7.5, and achieved partial uninstal.. so, the Gods are obviously unhappy with me. i presently have no anti virus protection, just a partly uninstalled AVG7.5 which compains abt every movement in MS Outlook, & a downloaded AVG8, which wont instal. ADD/REMOVE PGMs can't uninstal AVG 7.5. If i cannot get AVG stable & functioning ok, I think i'll try Avast or similar. My system = XP,broadband, MS Outlook 2000, Office 2000,Firefox 2.0.0.15, CCleaner,Spybot,A2 anti spyware, Windows Defender. Feel theres some malware involved somewhere. Hijack this log follows. Wd really appreciate help - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:42:43 p.m., on 9/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\program files\a-squared free\a2service.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\fast.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\EZBackitup\EZBkuptray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\1-Click Answers\agtserv.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9211 bytes |
timmy5953 (6846) | ||
| 687039 | 2008-07-09 10:54:00 | kill task: C:\Program Files\EZBackitup\EZBkuptray.exe please upload to a onlinevirusscan fix: O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause |
humi (13487) | ||
| 687040 | 2008-07-09 20:58:00 | Tick these the tick fix checked Close browsers O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Get rid of AVG and install Avast instead Run ccleaner then click on tools/uninstall. Highlight AVG8 and delete the entry |
Speedy Gonzales (78) | ||
| 687041 | 2008-07-10 00:33:00 | thanks Humi. No disrespect but Im going to go with Speedy G as he was fantastic in a previous problem i had. Speedy, i dont quite follow Tick these the tick fix checked.i think you mean tick the box that will delete the entry for the 9 items on yr list. so i pasted a copy of the scan i posted, analysed it, and got the coloured report with headings "Action. Entry. Kind, etc".but that report doesnt have any boxes to tick. have i missed something? |
timmy5953 (6846) | ||
| 687042 | 2008-07-10 00:49:00 | Well tick the entries I posted then tick fix checked. After you run hijackthis again | Speedy Gonzales (78) | ||
| 687043 | 2008-07-10 02:53:00 | thanks Speedy. ive fixed the 9 items i checked and they are gone.But cannot uninstall AVG 7.5.(there are now no signs of AVG8) Tried with ccleaner/tools/uninstall & Add/remove pgms in Control Panel. the response from both was "AVG setup has encountered a problem and must close" The problem seems to affect only Outlook.WHen i open Outlook i get "cannot create instance of AVG 7 kernal, err = 0x80040154" however it still opens. Then while in Outlook, EVERY action results in message "The add-in program "C:\PROGRA~1\Grisoft\AVG7\avgxch32.dll could not be installed or loaded. This problem may be resolved by using Detect and Repair on the Help menu" This does not block me from doing anything in Outlook; its just a pain to have to keep clearing the error message every second click. ANd Detect and Repair is a dead end. i think the remnants of AVG is the problem. Maybe i should try to re-install 7.5? |
timmy5953 (6846) | ||
| 687044 | 2008-07-10 03:07:00 | Delete the AVG8 entry in tools/uninstall in ccleaner. Then go to program files and see if theres an AVG folder / or folders here. If there is, delete them. Then go back to ccleaner. Click on registry / scan for issues. Whatever comes up delete it DONT bother with AVG its got worse. After you delete its entry and its folders then hopefully remove its entries in the registry, delete the install files and install Avast Home |
Speedy Gonzales (78) | ||
| 687045 | 2008-07-14 09:26:00 | Speedy have done as you suggested. Twas better, but still some irritating vestiges of AVG present.As i had been in Registry with CCleaner, (ive always regarded Registry as sacrosanct) decided to follow recommended fixes from a scan with Advanced WIndows Care, including Registry fixes.. Voila! -- AVG is gone. so i then installed AVAST & have given it a few days to see whetther system stayed stable. It has. Started and closed abt 20 times since. Only problem was one close down that happened without any prompting. but ive had many startups and close downs since so im not going to worry abt one unexplained closure. time to do ssome catch up computing! my thanx again |
timmy5953 (6846) | ||
| 1 | |||||