We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Avira anti virus
Comments
-
Ill post the results from combofix and malwarebytes later0
-
malware log
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 3
2009-04-03 18:16:09
mbam-log-2009-04-03 (18-16-09).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 85962
Time elapsed: 19 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Rik heres the combo log, it dont meant much to me so i hope you can understand it
ComboFix 09-04-01.01 - chris 2009-04-03 19:56:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.636 [GMT 1:00]
Running from: c:\documents and settings\chris\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)
FW: PC Tools Firewall Plus *enabled*
.
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 20:04 . 2009-04-03 20:04 <DIR> d
c:\documents and settings\LocalService\Application Data\Xfire
2009-04-03 19:56 . 2008-04-14 00:15 60,032 --a
c:\windows\system32\drivers\USBAUDIO.sys
2009-04-03 19:56 . 2008-04-14 00:15 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-04-02 20:56 . 2009-04-02 20:56 <DIR> d
c:\documents and settings\chris\Application Data\Malwarebytes
2009-04-02 20:56 . 2009-03-26 16:49 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-04-02 20:55 . 2009-04-02 20:56 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-04-02 20:55 . 2009-04-02 20:55 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 20:55 . 2009-03-26 16:49 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 20:48 . 2009-04-02 20:48 <DIR> d
c:\program files\Trend Micro
2009-04-02 20:48 . 2009-04-02 20:48 <DIR> d
c:\program files\Avira
2009-04-02 20:48 . 2009-04-02 20:48 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
2009-04-02 20:48 . 2009-02-13 11:31 55,640 --a
c:\windows\system32\drivers\avgntflt.sys
2009-03-29 21:32 . 2009-04-02 20:20 <DIR> d
c:\program files\World of Warcraft
2009-03-29 21:31 . 2009-03-29 21:31 <DIR> d
c:\documents and settings\All Users\Application Data\Blizzard
2009-03-29 21:28 . 2009-03-29 21:30 <DIR> d
c:\program files\World of Warcraft Trial
2009-03-29 19:33 . 2009-03-29 23:24 <DIR> d
c:\program files\Common Files\Blizzard Entertainment
2009-03-29 19:21 . 2009-04-03 20:06 <DIR> d
c:\program files\Xfire
2009-03-29 19:21 . 2009-04-03 07:36 <DIR> d
c:\documents and settings\chris\Application Data\Xfire
2009-03-20 23:26 . 2009-03-20 23:26 41,808 --a
c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 06:36
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 19:45
d
w c:\program files\PC Tools Firewall Plus
2009-04-02 19:37 130,424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-31 17:23
d
w c:\program files\ThreatFire
2009-03-03 18:19 51,472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-03-03 18:19 39,184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 18:19 33,040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 18:19 12,560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-03-01 09:12
d--h--w c:\program files\InstallShield Installation Information
2009-02-27 07:38 95,640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-02-27 07:38 73,840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-22 20:54
d
w c:\documents and settings\chris\Application Data\Creative
2009-02-15 08:56
d
w c:\program files\Windows Media Connect 2
2009-02-12 16:18
d
w c:\program files\SIW
2009-02-11 16:04
d
w c:\program files\Common Files\InstallShield
2009-02-10 08:51
d
w c:\program files\Belarc
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 16:49 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-01 16:49 348,160 ----a-w c:\windows\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-27 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" [2007-05-28 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\chris\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-03-20 3025232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-09 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-09 39184]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-01-09 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-02 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-01-09 73840]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-09 95640]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-09 33040]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 efipsk;efipsk;\??\c:\docume~1\chris\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\chris\LOCALS~1\Temp\efipsk.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - MBAMSwissArmy
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!0ee06bc2-ca86-11dd-be9c-806d6172696f}]
\Shell\AutoRun\command -
\autorun.exe
.
.
Supplementary Scan
.
FF - ProfilePath - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\vgwiwwrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 20:05:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1108)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
- - - - - - - > 'lsass.exe'(1164)
c:\program files\ThreatFire\TFWAH.dll
- - - - - - - > 'explorer.exe'(24012)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\Xfire\xfire_toucan_36285.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\Microsoft.VC80.CRT\MSVCR80.dll
.
Completion time: 2009-04-03 20:11:48
ComboFix-quarantined-files.txt 2009-04-03 19:11:30
Pre-Run: 30,111,993,856 bytes free
Post-Run: 30,110,453,760 bytes free
138 --- E O F --- 2009-03-29 18:29:500 -
I'll have to check the log another time. As theyre shutting this site down for a few days you may need to BUMP it to wake me
:idea:0 -
*bumped for Rik*
I'm keeping tabs on this having installed Avira myself over the weekend.Where there's a will, there's a way to get something cheaper from somewhere else!!
0 -
-
I cant see anything wrong with the log
Try uninstalling and reinstalling Avira:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards