deleting what no longer exists (AVG7.5)

11 years ago

I updated a stored computer in April and have been trying ever since to get rid of a notice from AVG.

MY problem is the big orange "AVG Security Notification" in the middle of my screen, on startup, that I can't get rid of. It is telling me AVG 7.5 is no longer supported and my choices are "remain unprotected" and "Update now". The only way to get it off my screen is to hit one of those choices. I was already updated so I've been hitting remain unprotected.

Last week I removed AVG using its designated uninstall tool but still have that notification. I've been all over Google suggestions and nothing's worked. I saw some suggestions about going into the registry but I don't go there without instructions from someone who knows what they're doing. I've downloaded Revo, but AVG doesn't show up and I don't know what else to do. Help, please?

Sort by:Oldest

Comments (65)

breenthumb
Original Author
11 years ago
last modified: 9 years ago
alright
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Just got into a mess and had to do a system restore. (Hit administrator by mistake then nothing worked right.)

I'm going to have to continue tomorrow. Hate to stop now when its going so well, but I'm just too tired tonight and eyes are protesting. Better stop before I do something really bad.

I will pick up where we left off tomorrow and do it again. Thanks for all the help. Sandy
Related Discussions
Why do synthetics exist?
Q
Comments (52)
Usually (but not always) recommended application rates for High first number (N) fertilizers are intended to result in 1# of N/k. You can double check by doing the math (each number for NPK is the percentage of the corresponding nutrient contained in the bag. For instance: a 50# bag of fertilizer marked 24-5-10 contains 24%N, 5%P and 10% K. 50# x .24 =12# of N. At the application rate of 1#N/k it would cover 12,000 sq ft. At 1/2#N/k it would cover 24000sq ft.) FYI, in four years, it's unlikely you have a thatch problem. A thatch problem occurs when dead organic matter and rhizomes builds up faster than it can decay. The mater then builds up to create a woven layer in/on the top of the soil that prevents water and nutrients from getting to the soil. You can check for thatch by looking at a cross-section of a plug like the ones you'll be pulling for the soil test. Thatch is associated with spreading grasses (KBG and and not with fescues and rye. If you have less than 1/2" of thatch, don't bother dethatching. Another thing: lime and gypsum are not interchangeable. Adding gypsum will help change the Mg/Ca ratio without affecting the PH. This will help make your soil less hard/tight. So will increasing the organic content of the soil. Both take time. Aeration can help in the short term by fracturing the soil. It can also help accelerate the distribution of Ca/gypsum into the soil when aeration precedes the gypsum application. Best to limit aeration to the Fall, but if done in the Spring, it should be done before applying a Pre M. Once you get your soil balanced, you should no longer need to aerate (or at least seldom) BTW, the Mg freed up by the gypsum will also result in darker green. Milo contains iron, so no need to add additional iron. Iron will result in darker green grass.
...See More
X Post: DO NOT delete duplicate posts that are appearing...
Q
Comments (11)
Maybe this is the place to ask this question, I don't know. I'm not sure if this is Houzz related, or my phone or internet connection. I am terrible with this sort of thing. Here's what's been happening. It has been going on about as long as this double post thing on Houzz. When I use my iPhone to post anything to Houzz, I have to sign into my account again, if I have not used Garden Web via my iPhone in the past hour or so. I do not have this issue with my laptop and I do chose the option to remain signed in. I didn't used to have to sign in on my phone every time I went to post here. It happened once or twice before, but now I have to enter my email and password every time I've been off the forum for an hour or longer. Its a bit annoying, and sometimes discourages me from taking and posting a quick picture while in the midst of something. Does anyone know if this is likely a Houzz thing or my issue over here? Thanks, Lisa
...See More
I deleted my post with the 5 lb bass
Q
Comments (65)
Elmer everyone is allergic to some thing. Many older people can no longer digest certain foods. So your "not common to others" is just you just do not listen or watch what other people are doing. You live in a bubble. My objection to Sylvia's post was her contention that people should all eat a vegetarian diet and use corn and legumes as the protein. Which is very dangerous for some. Peanuts by the way is a legume. I have known several people that have been vegetarians of various types from those that only eat nuts and grains to ovo lacto ones. There are many ways to obtain what is needed for your body just not the one that Sylvia wants people to use.
...See More
Can or does anyone use the messaging function on here any longer?
Q
Comments (44)
Guess what? I MAY have figured out at least part of the problem! @fig_insanity Z7b E TN, @portlandmysteryrose, @seasiderooftop, @Vaporvac Z6-OhioRiverValley IF you have the on again, off again messaging issues, sign out of Houzz then sign back in. Until about twenty minutes ago, the only inbox I had was the fully blank one I complained about last night with no followers nor following. After signing out and signing back in...SHAZAM! I guess it reset and cleared my browser? I usually keep this and several other sites signed in as pinned pages on the browser I use for them so all I have to do is open the browser and they appear automagically.
...See More
zep516
11 years ago
last modified: 9 years ago
You're welcome! See you tomorrow and we can continue :)

Joe
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
I had posted the link for you on the other thread sorry here it is
How to Use AppRemover to Remove a Complete Security Application
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Sorry I missed it there, RC, but did run it over here and it didn't find anything.

Current HT log, (just to see what I might have goofed up last night and where we are now.)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:33:57 PM, on 6/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis(1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - "18DF081C-E8AD-4283-A596-FA578C2EBDC3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - "761497BB-D6F0-462C-B6EB-D4DAF1D92D43> - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - "9394EDE7-C8B5-483E-8773-474BF36AF6E4> - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - "BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - "DBC80044-A445-435b-BC74-9C25C1C588A9> - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - "BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - "CD67F990-D8E9-11d2-98FE-00C0F0318AFE> - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: "B38870E4-7ECB-40DA-8C6A-595F0A5519FF> (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - "438755C2-A8BA-11D1-B96B-00A0C90312E1> - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - "8C7461EF-2B13-11d2-BE35-3078302C2030> - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7498 bytes
bbbluz ~ DonnaB
11 years ago
last modified: 9 years ago
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

The above is an indication that it is still running at start up. Try accessing the program to disable it before trying the solutions above.
zep516
11 years ago
last modified: 9 years ago
Hi,

Have you tried this.

Restart the computer, hold the F8 Key down during restart, wait for the the Windows Advanced Boot options Menu to appear Black screen with white letters. Use the arrow keys on the keyboard to select Safe Mode hit enter, let the computer go into safe mode. Now run the AVG Remover tool again. Post a fresh log after.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Just did AVG Remover in Safe Mode. Then restarted so I could get around normally again. Never needed to use SM before and didn't know what to do.

Then I tried to run a fresh log but when I opened HT it didn't load. Rebooted a couple of times and was just about to try HT again. BRB
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Can't get HT to work anymore. Last night I could right click and choose "select all" to copy and paste here. Now nothing comes up unless I hit scan but then each line has boxes in front of them and I can't highlight or copy.

But I can still see AVG in START and further down RUN several places. Might just have to live with it.
zep516
11 years ago
last modified: 9 years ago
Try rebooting the computer, see if Hijackthis will run after reboot.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Should have said when I opened HT it would start the log. But nothing is happening now. Box stays blank unless I hit SCAN. And that's what comes up with boxes to check.

Would it hurt to try analyze or whatever without carrying out the completion?
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Sorry, Didn't see your post. It's been rebooted lots of times. Still doesn't work. Even reloaded it fresh again after reboot and--nothing.
zep516
11 years ago
last modified: 9 years ago
Would it hurt to try analyze

Don't do that. Don't do anything with Hijackthis unless directed.

Not sure how to advise you if we can't get the tools to run.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
OK. Thanks.
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
Zep what about doing a system restore to right before the safe mode since that seems to be when the problem with hijackthis started.

The logs show a lot of AVG in there, I don't understand why the dedicated AVG removal tool is not clearing out a bunch of that. Or appremover for that matter.

The problem breenthumb is you can't just live with it, it will cause conflicts with any other antivirus program you try to install and run. One has to be fully removed before a new one goes in.

There's an AVG forum not sure if they would have any ideas on this.
zep516
11 years ago
last modified: 9 years ago
Standard and limited user accounts normally do not have the proper rights to make changes to Windows so always log into a Windows with a user account that has full administrator rights when installing any software including AVG.

Most antispyware, parental control and process monitor types of protection software can block the required changes when installing any program, so make certain to disable them when installing or uninstalling anything.

http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=757
bbbluz ~ DonnaB
11 years ago
last modified: 9 years ago
Quoting Ravencajun:
"Zep what about doing a system restore to right before the safe mode since that seems to be when the problem with hijackthis started."

That sounds like a winner to me!

@Zep. How about using OTL? The available Directives & Commands could stop the services and processes for a better chance of removal. During research the other day I came across a scenario where the OP wanted to remove AVG and that is how it was accomplished though you'd need a log from OTL to get all the entries to list for removal. OTL will find more of the files than what HJT would.

Just a thought.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Hi guys, I can't tell you how much I appreciate the help you are giving me.

I've read your posts above and checked things out without making any changes yet. Thoughts: (in no particular order)

I am already running as admin

Joe, that link you included has removal instructions for AVG7. Seems worth doing. It especially says "If not going to reinstall, stop here."

MSE should probably be removed for now. Is Add Remove OK, or should I look up their removal instructions?

RC and bbbluz, that system restore to before HT problems would probably be good. What think ye?

Thanks so very much. Sandy
bbbluz ~ DonnaB
11 years ago
last modified: 9 years ago
breenthumb,

before we tell you to do a system restore please read the following:

Quoting breenthumb:
Then I tried to run a fresh log but when I opened HT it didn't load. Can't get HT to work anymore. Last night I could right click and choose "select all" to copy and paste here. Now nothing comes up unless I hit scan but then each line has boxes in front of them and I can't highlight or copy.

Above you said that you could get HJT to scan but the log that usually pops up in notepad doesn't. Is that what you mean by the above problems?

If so, try this:

Click on HJT icon that is on desktop to open the program. BEFORE you click on the scan button, look at the bottom of the window and click on the button that says Main Menu

Then click on the top button that says Do a system scan and save a logfile
breenthumb
Original Author
11 years ago
last modified: 9 years ago
It didn't load meant I wasn't able to get the log. Box remained empty. (The first night the log ran as soon as box opened.)

The list that comes up from hitting scan can not be copied. It is not a log.

Yes I can scan (by hitting scan) but is doesn't produce a log.

Sending this before I do the log.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:09 PM, on 6/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - (9394EDE7-C8B5-483E-8773-474BF36AF6E4) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7518 bytes
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Looks like its gone!!! I ran that link from the AVG forum.

No, still some down further. Yuck!!!!!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:51 PM, on 6/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - "18DF081C-E8AD-4283-A596-FA578C2EBDC3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - "761497BB-D6F0-462C-B6EB-D4DAF1D92D43> - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - "9394EDE7-C8B5-483E-8773-474BF36AF6E4> - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - "BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - "DBC80044-A445-435b-BC74-9C25C1C588A9> - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - "BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - "CD67F990-D8E9-11d2-98FE-00C0F0318AFE> - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: "B38870E4-7ECB-40DA-8C6A-595F0A5519FF> (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - "438755C2-A8BA-11D1-B96B-00A0C90312E1> - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - "8C7461EF-2B13-11d2-BE35-3078302C2030> - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6922 bytes
zep516
11 years ago
last modified: 9 years ago
Can you try and run that link again but do it in safe mode this time. I truly don't understand why we are having so much difficulty here
breenthumb
Original Author
11 years ago
last modified: 9 years ago
I still see 4 references to AVG but big bad notice on my screen is gone and so is the notice in the task bar.

I'm thinking its a win. Yes? MSE is still working perfectly so its not interfering there.

Thank you, thank you, thank you. Sandy
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Do you mean the link from AVG that you posted?
zep516
11 years ago
last modified: 9 years ago
You still have AVG in the log, we need to remove it, can you try to use safe mode and run the avg tool you ran from the AVG forum once more.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Looks the same.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:26 PM, on 6/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - (9394EDE7-C8B5-483E-8773-474BF36AF6E4) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6923 bytes
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:12 PM, on 6/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - (9394EDE7-C8B5-483E-8773-474BF36AF6E4) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6227 bytes
bbbluz ~ DonnaB
11 years ago
last modified: 9 years ago
breenthumb,

Let's remove the AVG folder from the programs files on the hard drive and see if that kills the beast.

Click on your Start button
Click on My Computer
Click on Local Disk (C:)
Click on Program Files folder

Look for the Grisoft folder then Right click and delete that folder.

Reboot the computer and post another HJT logfile.
zep516
11 years ago
last modified: 9 years ago
Lets try deleting the AVG (Grisoft) Folders, those folders are all located in the Program files folder. Lets go there and delete the folders, might want to do this in Safe Mode.

Here's how to get to the Programs file folder to look for the AVG (Grisoft folder)

We need to double click Mycomputer. That icon would normally be on the desktop, but also could be in the start menu when you click start either way find Mycomputer, double click it when it opens inside there click on Local Disk look for Program Files Folder double click that. Once in there look for any folder maybe more then one named AVG OR GRISOFT once found right click on it and delete it make sure you get all folders, it's possible there maybe only 1 but check carefully. Once the folders are deleted Reboot the computer, please run another Hijackthis scan an post the log.
zep516
11 years ago
last modified: 9 years ago
Ok thanks bbbluz,

I'll let you carry on.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Well, whooda thunk? Never even opened that file before. Good place for it to hide. I deleted several different files. Thanks again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:32:28 PM, on 6/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 1483 bytes
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Why is this one so much shorter? All C .
zep516
11 years ago
last modified: 9 years ago
Can't tell from that log. Could you post another log your missing to many entries. If this continues to occur please do a system restore and post another log.
zep516
11 years ago
last modified: 9 years ago
I deleted several different files

I only advised to delete folders called Grisoft in the program files folder. What did you delete? Only follow the instructions we are giving you. If you have a question about deleting something please ask first.

I want to see a normal hijackthis log before we continue. Hopefully a System Restore will produce that.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
I only deleted the ones all marked AVG, I think three.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:48 PM, on 6/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - (9394EDE7-C8B5-483E-8773-474BF36AF6E4) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - (638F11AA-DF27-433b-BA2E-7281CE561D71) - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6890 bytes
breenthumb
Original Author
11 years ago
last modified: 9 years ago
I went through again and found another file labeled Grisoft and deleted it but it doesn't seem to have changed anything.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:44 PM, on 6/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - "18DF081C-E8AD-4283-A596-FA578C2EBDC3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - "761497BB-D6F0-462C-B6EB-D4DAF1D92D43> - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - "9394EDE7-C8B5-483E-8773-474BF36AF6E4> - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - "BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - "DBC80044-A445-435b-BC74-9C25C1C588A9> - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - "BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - "CD67F990-D8E9-11d2-98FE-00C0F0318AFE> - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: "B38870E4-7ECB-40DA-8C6A-595F0A5519FF> (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - "438755C2-A8BA-11D1-B96B-00A0C90312E1> - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - "8C7461EF-2B13-11d2-BE35-3078302C2030> - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6923 bytes
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
I tell you what this is beyond baffling, why on Earth are those AVG entries not getting removed with all the known good tools that are being used. Very strange situation with AVG here.
bbbluz ~ DonnaB
11 years ago
last modified: 9 years ago
That's just one reason I don't like AVG.

I'm thinking that AVG had uninstalled improperly.

Let's try this approach:

The following tool is not a toy and should only be used under the guidance of a professional who is trained to use it.

Click on the link below to download OTL by OldTimer and save it to the Desktop.

OTL does not need to be installed, simply click the OTL icon to run.

Click on Run Scan button.

OTL will take a few minutes to generate a log which will be presented to you using Notepad just like the HJT logfile.

Please copy and paste the log into your next reply.

Here is a link that might be useful: OTL OldTimer's List-It
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Tried it twice. Nothing showed in the box but I could see the scan running line by line down on the bottom line. It froze up at the same spot both times "Scanning driver: xmlprov".

The first time hourglass showed in the box and when I looked at the top line is said not responding. The second time no hourglass and no notice but just nothing happened for a long long time.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
just tried again. Locked up in the same spot.
corrine_mvp
11 years ago
last modified: 9 years ago
Hi, breenthumb.

RavenCajun contacted me at LandzDown and asked if I'd take a look at your problem getting rid of AVG (not my favorite either.)

I believe the original problem removing AVG is as zep516 mentioned about needing to use an Admin account to remove it.

Since OTL is having a problem with the driver xmlprov, a has not yet been seen to be associated with malicious software, let's use HijackThis to remove the leftover AVG items from start-up.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

Click on Fix Checked when finished and exit HijackThis.

Shutdown/restart your computer (yet again :) ) and post a fresh HijackThis scan log.

(If that doesn't work, you'll need to register at LandzDown for a more thorough log analysis.)
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
Thanks Corrine another set of eyes and your experience is always a welcome addition.
breenthumb
Original Author
11 years ago
last modified: 9 years ago
Yes thanks Corrine, and you too Ravencajun. I am running admin acct.

Looks like that did it, but its always easier to see on preview. (Those logs aren't easy on the eyes. These old eyes like whitespace:)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:01:01 PM, on 6/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112263~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - "18DF081C-E8AD-4283-A596-FA578C2EBDC3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - "761497BB-D6F0-462C-B6EB-D4DAF1D92D43> - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - "9394EDE7-C8B5-483E-8773-474BF36AF6E4> - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - "BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - "DBC80044-A445-435b-BC74-9C25C1C588A9> - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - "BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0> - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - "08B0E5C0-4FCB-11CF-AAA5-00401C608501> - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - "CD67F990-D8E9-11d2-98FE-00C0F0318AFE> - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - "638F11AA-DF27-433b-BA2E-7281CE561D71> - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: "B38870E4-7ECB-40DA-8C6A-595F0A5519FF> (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - "438755C2-A8BA-11D1-B96B-00A0C90312E1> - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - "8C7461EF-2B13-11d2-BE35-3078302C2030> - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6503 bytes

Looking Good.
corrine_mvp
11 years ago
last modified: 9 years ago
Good job, breenthumb!

Although HijackThis isn't widely used any more due to other advanced programs, it at least removed the AVG start-up entries.

@zep516 -- Consider how many years HJT was the go-to tool for malware removal. Although we prefer using other tools these days, in this case, anything left over in the reg is insignificant.
breenthumb
Original Author
11 years ago
last modified: 9 years ago

Over the top? Sure. But so are all of you. Thanks, Sandy
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
Oh yeah that sounds great I know you were getting tired of all this mess.
Good job to everyone and thanks Corrine for coming over to GW.
zep516
11 years ago
last modified: 9 years ago
@corrine--- I wanted the removal tool to work, I didn't want to remove those entries with Hijackthis, I was bent on why the removal tool AVG would not work. Glad you stepped in, that was my last resort, then life got busy.

Joe,

Thanks for help corrine......
corrine_mvp
11 years ago
last modified: 9 years ago
I agree, Joe. It would have been best for the AVG removal tool to work and, if not, AppRemover.

deleting what no longer exists (AVG7.5)

Comments (65)

breenthumbOriginal Author

breenthumbOriginal Author

Related Discussions

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

breenthumbOriginal Author

COMPANY

BUSINESS SERVICES

GET HELP

CONNECT WITH US

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author

breenthumb
Original Author