1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus????

Discussion in 'Virus & Other Malware Removal' started by thedewar, Sep 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. thedewar

    thedewar Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    2
    I am running XP Home with the free version of AVG. When I scan with AVG (or any of the free online virus scans), my computer will scan for a period of time and then shut down. Restarting takes numerous attempts. I have used Adaware and was unable to delete the following file: C:\programfiles\commonfiles\wintools\wtoolsp.cfg

    Thanks for any help

    Here is my HJT log:

    Logfile of HijackThis v1.98.2
    Scan saved at 8:33:28 AM, on 9/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\PROGRA~1\NORTON~4\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\WINDOWS\System32\hphmon04.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
    C:\Program Files\ScannerU\AM32.exe
    C:\SIERRA\Planner\PLNRnote.exe
    D:\Office\OSA.EXE
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0915379b547e57fc7f174520805bc480\update\update.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Documents and Settings\thedewar\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - (no file)
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] E:\Program Files\Picasa\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = D:\Office\OSA.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\program files\microsoft office\office\excel.exe/3000
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/install/MFImgVwr.cab
    O16 - DPF: {816FE240-8F3B-460F-AA99-C53CC193807D} (CompositeView Control) - http://www.docs.co.clay.mn.us/wx/Client/IrcViewer.cab
    O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://www.lizardtech.com/plugin/MrSID_BPI.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    HI- First, you have HJT running from the desktop, please make a new folder, name it HJT on the desktop, drag Hijackthis.exe into it.


    You will need to know how to boot to Safe Mode- here are some directions:

    tap the "F8 key" continuously until you get the startup menu. Choose Safe Mode from the list. Press the Enter key to get there, give it plenty of time may take a minute or two...


    Ensure that you have done the following:

    (((You may have the Docments and Settings\thedewar\Local Settings\Temp instead))


    Run Hijackthis from the HJT folder: after the scan completes, fix the following:


    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O3 - Toolbar: (no name) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - (no file)
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)


    Next, find and delete the files shown below> not the folders, but the individual files at the END of the line.


    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Common Files\WinTools\WSup.exe

    C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    (above one is in Program Files\Common Files\Win Tools\)

    Delete the entire Win Tools folder next.

    Empty the Recycle Bin and reboot normally.

    You may run scans with AdAware and/or SpyBot, make sure you check for online updates to each, get rid of whatever they find and reboot again.

    Post a new log from HJT.
     
  3. thedewar

    thedewar Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    2
    You are great!!! My computer boots normally, Adaware does not show the wintools file any longer. The only problem I seem to have is with AVG. Although I thought the problem was fixed because it scaned through my C and D drives, when it got into my external E drive, the computer shut down. Upon start-up, Microsoft automatically checked my E drive for corrupted file. They checked out fine, and the computer booted normally after that. Here is my new HJT log:

    Logfile of HijackThis v1.98.2
    Scan saved at 3:53:52 PM, on 9/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\PROGRA~1\NORTON~4\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\News\NewsUpd.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\hphmon04.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
    C:\Program Files\ScannerU\AM32.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\SIERRA\Planner\PLNRnote.exe
    C:\WINDOWS\system32\ntvdm.exe
    D:\Office\OSA.EXE
    C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
    C:\Program Files\HJT\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] E:\Program Files\Picasa\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = D:\Office\OSA.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\program files\microsoft office\office\excel.exe/3000
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/install/MFImgVwr.cab
    O16 - DPF: {816FE240-8F3B-460F-AA99-C53CC193807D} (CompositeView Control) - http://www.docs.co.clay.mn.us/wx/Client/IrcViewer.cab
    O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://www.lizardtech.com/plugin/MrSID_BPI.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

    Thanks, thedewar
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Try this again it still appears.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    You can run HJT and check your log for that- it is not dangerous except that it can leave a slightly ajar "open door" and should be fixed.

    If you have any problems, do not hesitate to post back to this thread...you can save it as a Favorite. By now I would say you have printed some pages with the URL to the thread, so you also have it to type in.
    You can always find all your previous posts/threads at TSG by using the Search button, just type in your user ID
    thedewar or open your User Profile.

    I have not ever run into the external drive problem you had with AVG (probably because I have no externals drives...)
    I will look around and if I find something will post it here.
    Someone else may have some info about scanning external drives.

    You did very good work fixing those items!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269381

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice