We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
virus
Comments
-
peter_the_piper wrote: »I think I'm muddying the waters with this avira thing. i'll delete all its files and Eusing reg cleaner to get rid of the garbage first and then see about the rest. 2 antiviruses running at the same time is going to cause some confict isn't it?
What other antivirus are you running?
If you just mean the online scanners then that should be okay, but if you have another av installed on your computer with Avira then it will cause problems.0 -
Avira was playing up so downloaded avast. Stopped avira (except for update which I cant do) started avast. I think its time for a radical move. Hard disk is too small so will get a new one and do a fresh install, can't now do sys restore to go back nor can uninstall avast.I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.0
-
This will uninstall Avast - it's specified to run it in safe mode.
http://www.avast.com/uninstall-utility0 -
Thanks, managed to uninstall avast. Now left with an avira constantly trying to update. I tried to install a fresh copy over the top as they remove the old installation first, at least they should but they just told me to remove manually but cannot as the updater is constantly running.I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.0
-
Is update.exe running in Taskmanager?0
-
Yes, removed it and still it up dates. Now trying revo uninstaller which seems to be working. Will then put avast back on. Hope this is right, it feels like 1 step forward and 2 step back.I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.0
-
Once you've done that lets get some diagnostic reports before going further. It's easier to see what is wrong and then point you in the right direction rather than running scan after scan for the sake of it.
It should take 2-3 minutes.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
OK. Avira gone. Avast on. MB scan (all clear) took 6.min45sec which is more like it. Thanks, will do above when I get home, I flit in and out from work at moment, will have to do some work soon or else.
Edit. Avast has found 3 infections so far, still running, will do the DDS when able.I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.0 -
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by heather at 18:45:17 on 2012-02-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.476 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.!!!!!!!!!!!!/?barid={E7B946B6-6A5F-4A45-90E3-7BC9BB77AF8F}
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{01ACB49B-3E84-4641-A886-EDC910A6D8A9} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\heather\application data\mozilla\firefox\profiles\meuig2i8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.!!!!!!!!!!!!/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-1-27 16024]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-29 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-29 337112]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-27 233136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-29 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-29 44768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-28 74640]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-9-27 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-9-27 818432]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-1-27 224920]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-9-27 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-9-27 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-9-27 115216]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-28 86224]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2012-2-28 110032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-20 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-20 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-29 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-29 15:03:43 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-29 15:02:44 41184 ----a-w- c:\windows\avastSS.scr
2012-02-29 12:54:32
d
w- c:\documents and settings\heather\local settings\application data\VS Revo Group
2012-02-29 12:51:18 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-29 12:50:59
d
w- c:\program files\VS Revo Group
2012-02-28 22:17:09
d
w- c:\documents and settings\heather\application data\Malwarebytes
2012-02-28 22:16:35
d
w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-28 22:16:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 22:16:31
d
w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 21:54:37
d
w- c:\program files\AVAST Software
2012-02-28 21:54:37
d
w- c:\documents and settings\all users\application data\AVAST Software
2012-02-28 21:27:04
d
w- c:\windows\system32\wbem\repository\FS
2012-02-28 21:27:04
d
w- c:\windows\system32\wbem\Repository
2012-02-28 20:18:09 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-02-28 20:18:09 715736 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2012-02-28 20:18:08 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2012-02-28 20:18:08 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2012-02-28 18:50:07
d--h--w- c:\program files\Ask.com
2012-02-28 18:50:02
d--h--w- c:\documents and settings\heather\local settings\application data\AskToolbar
2012-02-28 18:49:28 74640 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-28 18:49:28 36000 ---ha-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-28 18:49:27
d--h--w- c:\program files\Avira
2012-02-28 18:49:27
d--h--w- c:\documents and settings\all users\application data\Avira
2012-02-28 11:16:13 168827 ----a-w- c:\documents and settings\all users\application data\1330427679.bdinstall.bin
2012-02-28 11:16:13
d--h--w- c:\program files\Bitdefender
2012-02-28 11:11:32 21528 ----a-w- c:\documents and settings\all users\application data\1330427488.bdinstall.bin
2012-02-28 11:11:12 188153 ----a-w- c:\documents and settings\all users\application data\1330427312.bdinstall.bin
2012-02-28 11:00:28 22032 ---ha-w- c:\windows\DCEBoot.exe
2012-02-28 10:46:17 200976 ---ha-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-28 10:20:33
d--h--w- c:\program files\common files\Bitdefender
2012-02-28 09:28:42
d--ha-w- C:\Kaspersky Rescue Disk 10.0
2012-02-18 22:00:41 14744 ---ha-w- c:\documents and settings\heather\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2012-02-18 21:57:18
d--h--w- c:\program files\SweetIM
2012-02-18 21:57:18
d--h--w- c:\documents and settings\all users\application data\SweetIM
2012-02-15 09:18:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-15 09:18:01 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-02-15 09:18:00 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2012-02-15 09:18:00 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-15 09:18:00 262144 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2012-02-15 09:18:00 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-15 09:18:00 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-15 09:17:59 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-15 09:17:58 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-15 09:17:57 203736 ----a-w- c:\program files\mozilla firefox\nspr4.dll
2012-02-15 08:30:26 3072 -c-h--w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 08:30:26 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-02-07 20:41:33
d--h--w- c:\documents and settings\all users\application data\Macrium
2012-02-07 20:40:57
d--h--w- c:\program files\Macrium
.
==================== Find3M ====================
.
2012-01-27 16:20:14 12952 ---ha-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-01-27 16:20:04 16024 ---ha-w- c:\windows\system32\drivers\pssnap.sys
2012-01-27 16:19:58 47256 ---ha-w- c:\windows\system32\drivers\psmounter.sys
2012-01-12 16:53:24 1859968 ---h--w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024
w- c:\windows\system32\html.iec
2011-12-02 08:20:30 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:47:55.82 ===============I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.0 -
Thanks. Now post attach.txt0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.5K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.5K Work, Benefits & Business
- 598.2K Mortgages, Homes & Bills
- 176.7K Life & Family
- 256.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards