problem with avast & google searches virus?

DaveG247 · 13 September 2009 at 10:54AM

Hi all,

Think my dads managed to get another virus on his pc . Went round to find a map for him and noticed that avast has a small red symbol next to it in the taskbar, thought it was just that it need an update which I ran with no problems. Restarted the pc but the symbols still there when I double click I get a message saying "avast!: The AAVM subsystem detected a RPC error the operation could not be completed"
Clicked the FAQ and tried what was suggested but still no luck also did a google search to see if I could find any help, but every time I click on the google links I just get ebay pages or other random sites no related to what I searched for.
Guessed I had a virus as I've had this problem before so ran and updated Malwarebytes, which opens and runs for about 5 seconds and then closes. Tried to reopen but then I get an error saying "Windows cannot access the specified drive, path, or file. You may not have the appropriate permissions to access the item" Had a go at reinstalling Malwarebytes and renaming the file but still no luck

Also just tried to run Hijackthis to post a log but the same thing happens as with Malwarebytes it runs and then closes and then gives me the Windows cannot access error again.

Can anyone offer any advice?

Thanks Dave

fiddiwebb · 13 September 2009 at 11:09AM

There isn't another antivirus installed and running at the same time or remains of an av that has been uninstalled incorrectly, for instance Mcafee?

DaveG247 · 13 September 2009 at 11:12AM

not as far as I'm aware I got rid of AVG a few months ago and everthing seems to have been working fine until now

fiddiwebb · 13 September 2009 at 11:59AM

Have you tried the repair function in Avast?

If that does not work try a new avast install

1. Uninstall avast from add & remove programmes
2. Restart
3. Download latest version of Avast Uninstall and use it to complete uninstallation
4. Restart
5. Install the latest avast! version
6. Restart

Are all your windows up to date?

DaveG247 · 13 September 2009 at 8:52PM

Cheers

I'll give that a go and let you know what happens, windows should be up to date.

Browntoa · 13 September 2009 at 9:18PM

download combofix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and rename the file to something else if it will not run

DaveG247 · 15 September 2009 at 6:45PM

Right I've uninstalled Avast and ran ComboFix the log is below. Had a few problems re installing Avast so its not been installed yet.

Any advice would be great cheers

EDIT: Malwarebytes seems to be working fine now and has not found any problems & googles also not sending me to random pages.

ComboFix 09-09-14.02 - D Goodhand 15/09/2009 19:30.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1247.882 [GMT 1:00]
Running from: E:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\clgqxu
c:\program files\clgqxu\jyacsysguard.exe
c:\recycler\S-1-5-21-1757981266-1580818891-854245398-1006
c:\windows\Downloaded Program Files\Quarantine
c:\windows\msa.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\drivers\bsfrrubf.sys
c:\windows\system32\logs
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.
2009-09-15 18:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 18:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 10:58 . 2009-09-13 10:58

d

w- c:\program files\Trend Micro
2009-08-18 17:24 . 2009-08-21 14:39

d

w- c:\program files\eymmmj
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 11:28 . 2005-11-18 21:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 09:01 . 2002-12-11 23:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-07-16 16:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-10-02 11:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2003-07-16 16:45 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 07:56 81920

w- c:\windows\system32\ieencode.dll
2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 . 2005-06-21 21:37 45568 -csha-r- c:\windows\system32\cygz.dll
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2003-8-30 65588]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [07/09/2005 10:41 9344]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S3 APAIFILT;APAIFILT;c:\windows\system32\drivers\APAIFILT.SYS [26/06/2009 11:24 8952]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09/11/2007 00:36 13352]
S3 U2SG54HP;BUFFALO WLI-U2-SG54HP Wireless LAN Driver;c:\windows\system32\drivers\U2SG54HP.SYS [07/09/2006 04:34 347776]
S3 wliucg;BUFFALO WLI-UC-G Wireless LAN Driver;c:\windows\system32\drivers\WLIUCG.SYS [07/01/2008 11:01 456576]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kcxgkcjn
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
.

Supplementary Scan

.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.tiscali.co.uk/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
Trusted Zone: live.com\maps
DPF: DirectAnimation Java Classes - [URL]file://c:\windows\Java\classes\dajava.cab[/URL]
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 19:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'explorer.exe'(984)
c:\windows\system32\PortableDeviceApi.dll
.

Other Running Processes

.
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-15 19:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 18:42
Pre-Run: 23,454,740,480 bytes free
Post-Run: 26,929,950,720 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
146 --- E O F --- 2009-09-15 11:46

Browntoa · 15 September 2009 at 7:32PM

you had this

http://www.bleepingcomputer.com/startups/MSA.exe-23769.html

which has now been removed

Malwarebytes would have got it if you could have got it to run earlier

http://www.bleepingcomputer.com/virus-removal/remove-ms-antivirus

Browntoa · 15 September 2009 at 7:36PM

just go to www.windowsupdate.com and choose "express" to confirm that you have all the current updates

DaveG247 · 19 September 2009 at 12:13PM

Cheers for all your help Browntoa seems to be ok now . One thing I have noticed is there's a MS update for Windows Malicious Software Removal Tool September 2009 (KB890830) which installs and says everything ok but then the MS shield still keeps telling me there are updates waiting but it the same update everytime which seems strange????

Thanks

problem with avast & google searches virus?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free