Dr Tweak
55 Guests, 0 Users
Welcome, Guest. Please login or register.
August 16, 2018, 05:16:02 pm

Login with username, password and session length

AVG Errors

kilt01

AVG Errors
« on: July 05, 2004, 10:01:25 am »
Im running windows XP home. I have AVG 6 and it wont allow me to update. I tried to uninstall it so I could reinstall and it wont allow me to uninstall. I downloaded it again but it wont install.
When i go to "add & remove program" and try to get rid of it it says "error " cant find shell.dll .
tShould mention i believe i had tht new CWS strain thts been around .. I used Hijack this and to get rid of it.The CWShreeder didnt work on it.  help ive been trying to set my system up according to your suggestions and keep running into problems. my system is
MS windows XP home version 2002 service pack 1
intel pentium 4 CPU 2.40 GHz
512 MB ram

Offline Dr Tweak

  • Dr Tweak
  • *****
  • 1924
  • Gender: Male
  • Dr Tweak
    • View Profile
    • www.drtweak.com
Re:AVG Errors
« Reply #1 on: July 05, 2004, 10:24:36 am »
Can you please post a HijackThis log here?

 ;D

kilt01

Re:AVG Errors
« Reply #2 on: July 06, 2004, 05:04:59 pm »
Logfile of HijackThis v1.98.0
Scan saved at 8:46:21 PM, on 07/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Hummingbird\Connectivity\9.00\HostExplorer\PrintServices\PESRV.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\addhy32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\ielo32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\spyware control\spykillers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tetla.dll/sp.html#26560
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://tetla.dll/index.html#26560
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tetla.dll/index.html#26560
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tetla.dll/sp.html#26560
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tetla.dll/sp.html#26560
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://tetla.dll/index.html#26560
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {52B2CB22-30E3-B0AD-A1D3-8E7E7FD2A9BA} - C:\WINDOWS\javaqo.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [addhy32.exe] C:\WINDOWS\addhy32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35EBA954-8AB4-4CF0-8EE0-AF1C5D119A8C}: NameServer = 205.188.146.146


kilt01

Re:AVG Errors
« Reply #3 on: July 06, 2004, 05:08:09 pm »
todays log!!
Logfile of HijackThis v1.98.0
Scan saved at 4:06:38 PM, on 07/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Hummingbird\Connectivity\9.00\HostExplorer\PrintServices\PESRV.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\spyware control\spykillers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35EBA954-8AB4-4CF0-8EE0-AF1C5D119A8C}: NameServer = 205.188.146.146


Offline Dr Tweak

  • Dr Tweak
  • *****
  • 1924
  • Gender: Male
  • Dr Tweak
    • View Profile
    • www.drtweak.com
Re:AVG Errors
« Reply #4 on: July 07, 2004, 06:45:58 am »
OK great, remove the following:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

Also is AVG up to date and setup as I suggest and a full system scan been done?

 :)

kilt01

Re:AVG Errors
« Reply #5 on: July 07, 2004, 11:10:11 am »
Hi DOC! Did as you said above and got rid of those items in the hijack this scan.. THANK-YOU!!!!
As for the AVG6 no im not up to date , nor have i scanned. Heres whats happening. 1) Wont let me update. So i tried to uninstall to re-instale. Error says (Cannot Find SHELL.DLL C:\program~1GrifsoftAVG6\Setup.Exe or one of its components. on top of all this says cant run 16 bit windows program?
So i tried to install without un installing , wont let me says C:\Docune~1ADMIN\LOCALS~1\TEMP\WZS21.Temp\setup.Exe or one of its components are missing.. on top says cant run 16 bit windows program.
So what have i lost by mistake a dll or something?  :-[ :-[

Offline Dr Tweak

  • Dr Tweak
  • *****
  • 1924
  • Gender: Male
  • Dr Tweak
    • View Profile
    • www.drtweak.com
Re:AVG Errors
« Reply #6 on: July 07, 2004, 02:21:52 pm »
OK then try a FREE online scan from TrendMicro and see if it finds anything. Then we can try and get AVG working properly.

 8)

kilt01

Re:AVG Errors
« Reply #7 on: July 08, 2004, 03:26:05 pm »
WOW!!! I did the free scan at trendmicro. Followed their instructions and deleted the 81 infected files!
So whats next? should i try to down load the avg again..

Thanks again YO THE MAN DOC!!!!!!!

Offline Dr Tweak

  • Dr Tweak
  • *****
  • 1924
  • Gender: Male
  • Dr Tweak
    • View Profile
    • www.drtweak.com
Re:AVG Errors
« Reply #8 on: July 08, 2004, 03:32:12 pm »
Yes try installing AVG again, most likely all the viruses you had were preventing AVG from installing properly. So let's install AVG and set it up right and scan with it so this doesn't happen again.

It's also a good idea to run the system file checker in XP if you have been infected with a virus to make sure all of your critical system files are in tact. To do so put your XP cd in your cd drive and click start - run and type sfc /scannow.

 ;)

kilt01

Re:AVG Errors
« Reply #9 on: July 11, 2004, 05:37:45 am »
Hi DOC!

Did as you said and the scan wouldnt run (sfc/scannow).Said no such file . Tried to uninstall the AVG 6. Wouldnt do it. Basically says the un-installer and that pathway is missing. Tried to download AVG 6 again it downloads then when i try to run it error SHLL.DLL cant run 16 bit program.then another error says basically TMP\setup.EXE or one of its components cant run 16 bit Windows program
What next Doc? Shoot the darn thing and put it out of it's missery right!! ???

 ???

kilt01

Re:AVG Errors
« Reply #10 on: July 11, 2004, 05:49:39 pm »
Oh yea I ran adaware an shows a trojan . i didnt remove and ran high jack this again.. take a look at this . Same thing is back see F2.Logfile of HijackThis v1.98.0
Scan saved at 7:47:32 PM, on 07/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Hummingbird\Connectivity\9.00\HostExplorer\PrintServices\PESRV.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Admin\My Documents\spyware control\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab


Offline Dr Tweak

  • Dr Tweak
  • *****
  • 1924
  • Gender: Male
  • Dr Tweak
    • View Profile
    • www.drtweak.com
Re:AVG Errors
« Reply #11 on: July 11, 2004, 08:57:30 pm »
Do not use 2 antivirus programs at the same time.

Have HijackThis fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

 ;D

kilt01

Re:AVG Errors
« Reply #12 on: July 13, 2004, 12:20:58 pm »
The F2 line on high jack this comes back after rebootLogfile of HijackThis v1.98.0
Scan saved at 2:19:30 PM, on 07/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Hummingbird\Connectivity\9.00\HostExplorer\PrintServices\PESRV.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\spyware control\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35EBA954-8AB4-4CF0-8EE0-AF1C5D119A8C}: NameServer = 205.188.146.146


Offline Dr Tweak

  • Dr Tweak
  • *****
  • 1924
  • Gender: Male
  • Dr Tweak
    • View Profile
    • www.drtweak.com
Re:AVG Errors
« Reply #13 on: July 13, 2004, 12:43:46 pm »
You are going to have to manually delete this file:

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

That is what is causing problems. Navigate to:

C:\WINDOWS\System32 and look for netdc.exe and right click on it and select "delete" then delete the contents of your Recycle Bin.

 :)

kilt01

Re:AVG Errors
« Reply #14 on: July 14, 2004, 10:54:40 pm »
Shell Name explorer.exe C:\WINDOWS\System32\netdc.exe in Registry not found in process list.   06/27/2004 15:07:55.046   thread:3776   [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
this was found in system 32 folder, in wbem folder,in "logs" folder in "framework text" Text Document 585 KB it runs for miles and miles . but prior to that it reads from the top of the log like this ..
 Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting)   10/31/2002 14:32:37.624   thread:936   [d:\xpclient\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2235]
Shell Name Explorer.exe in Registry not found in process list.   11/11/2002 14:55:55.406   thread:360   [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed.   11/11/2002 14:55:55.406   thread:360   [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process list.   11/11/2002 14:55:55.406   thread:360   [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]  

And this was at the top and runs for 99% of the log

So do i delete  the log .. didnt find anything  called "netdc.exe"
oh GOD forgive me!!!!!!!and take this plaque from me please!!!

 

Recent

Members
  • Total Members: 21
  • Latest: vojay
Stats
  • Total Posts: 547
  • Total Topics: 192
  • Online Today: 67
  • Online Ever: 148
  • (December 04, 2012, 10:34:33 am)
Users Online
Users: 0
Guests: 55
Total: 59
Google (4)