| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 104084 | 2009-10-16 03:58:00 | Antivirus driving me daft. | Thomas01 (317) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 821050 | 2009-10-16 03:58:00 | I have used AVG for years but after reading this months PCWorld decided to change to Avira. I removed AVG I made sure the Windows firewall was turned off. I first tried downloading Avira but it refused to install telling me that I should make sure the internet was working (it is) and I may have a firewall in operation. As far as I know I have deleted all program that may have a firewall but I still have Search and Destroy and Ad-Aware - I don't think (?) they have a firewall. Desperate I then tried the disk from PCWorld which didn't even start but told me that two of the files were corrupt and I should download a fresh version from the internet. So back to square one! After chewing pieces out of my desk I decided to go back to AVG So AVG went back on - but it informed me that I needed to download an update as I needed to get the database OK. Did this but after about ten minutes downloading the file it informed me like the previous program that I either was not on the internet (I was) or I had a firewall in operation. I have fairly recently changed to broadband and wonder if this is causing some confusion. Or have I got a virus? Tom |
Thomas01 (317) | ||
| 821051 | 2009-10-16 04:02:00 | First of all - dont go using the PCworld DVD's - lately there have been a lot of duds, with programs corrupted on them. Download Hijackthis (free.antivirus.com), run it and select save a log file, copy paste the complete log file back here. |
wainuitech (129) | ||
| 821052 | 2009-10-16 04:07:00 | Some malware is known to block anti virus programs from being downloaded. As for the CD issue-its PCWorld's fault, has happened to quite a few people. Download HijackThis then post a log here for analysis. Also, try Microsoft Security Essentials. Easy to use and very good detection rates for a free product. Blam |
Blam (54) | ||
| 821053 | 2009-10-16 04:13:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:10:15 p.m., on 16/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\fast.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\program files\microsoft money\System\reminder.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\EurekaMultimedia\Personal Dictionary & Thesaurus\Pdttray.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\COPERN~2\DesktopSearch.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://slingshot.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000311.dll O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Reminder] C:\program files\microsoft money\System\reminder.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [Multi Reminders] "C:\Program Files\Multi Reminders\reminder.exe" -c O4 - HKCU\..\Run: [LogitechSetup] F:\setup.exe /skip_all_checks /p /start /restart /l:enu O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-18 Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'SYSTEM') O4 - .DEFAULT Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Personal Dictionary & Thesaurus.lnk = C:\Program Files\EurekaMultimedia\Personal Dictionary & Thesaurus\Pdttray.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - akamai.downloadv3.com O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca342feffdb2ee) (gupdate1ca342feffdb2ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 10826 bytes |
Thomas01 (317) | ||
| 821054 | 2009-10-16 07:08:00 | You can tick these then tick fix checked Close browsers. May pay to disable system restore Uninstall all versions of java, then update it. Its out of date O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe I dont know what this file belongs to. Whats E? A partition or a cd/dvd? O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Reminder] C:\program files\microsoft money\System\reminder.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ Then reboot. Then get something like trojan remover, update it. Then scan. Then select all options under the utilities menu |
Speedy Gonzales (78) | ||
| 821055 | 2009-10-16 07:44:00 | Did you uninstall whatever programs (not delete their folders)?? Dont delete folders to programs you dont want. You'll stuff things up | Speedy Gonzales (78) | ||
| 821056 | 2009-10-16 21:29:00 | E is a CD/DVD player . I have uninstalled Java and replaced it with the latest downloaded copy . I always uninstall programs . I must admit to also sometimes deleting their folders once the program has been uninstalled . Didn't know I could harm things by doing that . I tried to get Trojan Remover but got a message that the site would not open - try again later . I will . I don't understand what you mean by "tick these" I plan on trying again to get Trojan Remover - and will follow the instructions etc plus rebooting . And will report progress . Tom |
Thomas01 (317) | ||
| 821057 | 2009-10-16 21:50:00 | You can delete the folders once the programs are un installed I think what Speedy meant was don't delete the folder if you have NOT un installed the program first | gary67 (56) | ||
| 821058 | 2009-10-16 23:11:00 | Well I did what I think I was supposed to. I got Trojan Remover from another site then installed it. Seemed to go OK but I couldn't find it then realized it was part of Search & Destroy - which I already had. So ran it. It found about 6 thingis and removed them - they mentioned browsers. So I rebooted and hoped all would be well - no luck - everything went well until the last part of the installation of Alvira when once again I was asked to check my internet connection - it was not working or I had a firewall up. Well neither. The internet was working in fact I had it on the web site for Alvira when it was telling me it was not working. All a bit sad really - I have lost my protection of AVG and cannot get Alvira. I have put back the Windows firewall and now hope that Search and Destroy will assist. |
Thomas01 (317) | ||
| 821059 | 2009-10-17 00:04:00 | Trojan remover is not part of search and destroy it is a standalone program, get it from the link in Speedy's signature | gary67 (56) | ||
| 1 2 | |||||