Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: darkknight9 on February 26, 2010, 08:37:28 PM
-
Howdy folks. Years ago I used Avast for protecting myself at home, but I've moved since then and am in school. School's laptop is running Vista and ever since about a week ago the 'Symantec Anti Virus' Auto-Protect would no longer switch on. I could attempt to start it manually, but after clicking the button, nothing.
So, I went to the well, and luckily here you are. I downloaded Avast last night and it worked like a charm.
Until I restarted this morning and the pc would not boot. I had to go to a "previous good version" and now both Symantec and Avast will not turn on. When I attempt to run a scan (quick or full) an error message occurs telling me that the scan can not be run due to missing endpoints from the endpoint mapper. When I attempt to use something within the avast control window nearly every option tells me unable to start XXXX shield isnt running "shield unreachable".
Help!
Something is keeping my system from trying to protect itself. Like a bad conscience telling my good conscience not to worry about having another drink. :)
Here is my hijack this log if it helps!
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:22:41 PM, on 2/26/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\kass.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\hijack\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
The rest follows in the next comment!
Thank you very much for a great product. You even still have a voice telling me when the virus database is updated. My son thinks that the neatest!
-K
-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uwstout.edu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uwstout.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwstout.edu\
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KeyAccess] kass.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "D:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Student\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MathPlayer 2.20; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://racers.lego.com/en-US/games/Supersonic.aspx"
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.64.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
Part 3 below
-
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: KeyAccess - Sassafras Software Inc. - C:\Windows\keyacc32.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
-
Hi and welcome darkknight9 ;)
may be a good idea would be to edit your posts and attach files instead :)
-
Hi go here and download the norton removal tool to clear the remnants http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
Having done that
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire (http://www.mediafire.com/) and post the sharing link.
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop
- Close ALL OTHER PROGRAMS.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Under Additional Scans check the following:
- Reg - Shell Spawning
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
To attach a file, do the following:- Click Additional Options
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload and then click it
-
Thank you Logos and essexboy!
essex: I am unable to remove Norton due to permissions. Should I run the following step regardless and report my findings?
-
Yes please
-
Done and done. Snappy little program that OTS. ;)
-
OK could you re-run the Norton removal tool by right clicking and selecting run as administrator. Currently Norton is running twice as many services/drivers as Avast ! You will need to repair Avast after this - -do you know how to do that ?
If that fails then run the following to kill the services and drivers
Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> vptray.exe -> C:\Program Files\Symantec AntiVirus\VPTray.exe
YY -> savroam.exe -> C:\Program Files\Symantec AntiVirus\SavRoam.exe
YY -> rtvscan.exe -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe
YY -> defwatch.exe -> C:\Program Files\Symantec AntiVirus\DefWatch.exe
YY -> ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
YY -> ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
YY -> lucoms~1.exe -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
[Win32 Services - Safe List]
YY -> (Symantec AntiVirus) Symantec AntiVirus [Auto | Running] -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe
YY -> (DefWatch) Symantec AntiVirus Definition Watcher [Auto | Running] -> C:\Program Files\Symantec AntiVirus\DefWatch.exe
YY -> (ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
YY -> (ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
YY -> (LiveUpdate) LiveUpdate [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
[Driver Services - Safe List]
YY -> (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
YY -> (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
YY -> (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS
YY -> (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\srtspl.sys
YY -> (SRTSP) SRTSP [File_System | System | Stopped] -> C:\Windows\System32\drivers\srtsp.sys
YY -> (SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\System32\drivers\srtspx.sys
YY -> (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\SYMREDRV.SYS
YY -> (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "osCheck" -> C:\Program Files\Norton Antivirus\osCheck.exe ["C:\Program Files\Norton Antivirus\osCheck.exe"]
YY -> "vptray" -> C:\Program Files\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner]
YN -> {44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class]
[Empty Temp Folders]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
-
Well, it hangs on "YY -> lucoms~1.exe -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE"
After a reboot, the following is displayed on a notepad document:
Files\Folders moved on Reboot...
C:\Program Files\Symantec AntiVirus\VPTray.exe moved successfully.
File move failed. C:\Program Files\Symantec AntiVirus\SavRoam.exe scheduled to be moved on reboot.
File\Folder C:\Program Files\Symantec AntiVirus\Rtvscan.exe not found!
File\Folder C:\Program Files\Symantec AntiVirus\DefWatch.exe not found!
C:\Program Files\Common Files\Symantec Shared\ccApp.exe moved successfully.
File\Folder C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found!
File move failed. C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE scheduled to be moved on reboot.
Registry entries deleted on Reboot...
LuComServer is obviously possessed by evil!!!! :D
-
Good morning. I am having the same problem: No shields, with no response when I click on the FIX NOW button, press the File System Shield which gives me the error "Unable to start the File System Shield. Shield Unreachable.", nor with pressing the start scan choices, other than "Unable to start scan. There are no endpoints available from the endpoint mapper." My suspicion is that there is some conflict between Avast and the Windows Internet Explorer 8 KB976662 update that ran early this morning since my Avast was working perfectly last night.
I'm really not computer savvy at all. I read the whole of this thread, and while relieved that I'm not the only one facing this, fear I wont be able to fix this without a little hand-holding.
If I go to the Add/Remove Programs and just remove the update in question, will I just compound the problem?
-
After reading other similiar posts..would it be less complicated if I uninstall Avast and re-download/install and see if problem persists?
-
That would be the best initial start do a clean install
darkknight9 could you run another OTS scan please - but this time press the quick scan button
-
darkknight9 could you run another OTS scan please - but this time press the quick scan button
You betchya! ;)
-
Lets see if we can sneak up on it this time - most of it has gone now
Once done can you let me know what problems you are still experiencing
Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> lucoms~1.exe -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
[Win32 Services - Safe List]
YY -> (SavRoam) SavRoam [Auto | Running] -> C:\Program Files\Symantec AntiVirus\SavRoam.exe
YY -> (LiveUpdate) LiveUpdate [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"]
YY -> "vptray" -> C:\PROGRA~1\SYMANT~1\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class]
YN -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class]
[Custom Items]
:files
C:\Program Files\Symantec AntiVirus
C:\Program Files\Symantec
:end
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
-
It was quick!
I have posted the log below... The only problem I seem to be encountering now is that the avast system does not fully initilize. It will now appear in the system tray, with a warning that the pc is not protected. When I attempt to enable all shields... nothing. When I opne the user interface, and I attempt to "fix now" a prompt comes up asking me if I want to do this... yes... then nothing. And if I attempt to scan the computer I get the endpoint mapper error. I have tried making sure that the exe in the avast folder is set to "run as administrator" but It still does not seem to want to initilize.
Also, something very curious... when I reight clicked just now on VisthAux.exe to double check that I had remembered to select "Run as Administrator" It said preparing to install Symantec!!!
Its almost more persistent than speed cameras. :D
-
What I would recommend now for Avast is a full uninstall and then re-install
The log shows that all the Norton services are now dead
Re-run the Norton uninstall tool again - running as administrator, if it fails again try it from safe mode
-
I wasn't quite sure if I'd be able to get used to the fairer voice of a gal instead of the stern one it used to have but "virus database has been updated" is honestly one of the most wonderful things I've heard since "I want a divorce". :)
The Symantec would not allow itself to be dislodged even in safe mode, claiming I did not have a proper device or add on. I'm not sure what thats about and other than the occasional "Symantec Antivirus beginning install" That I have to shut down when I open the mailreader, a browser or right click on some programs it seems to be gone.
I'm running a full system scan right now, and I have to admit... I'm afraid of truning it off lest it want me to restart from a "previous known good" configuration where I loose Avast again. Only six more months till a new laptop! :)
Thank you very much for your help essex!
What I would recommend now for Avast is a full uninstall and then re-install
The log shows that all the Norton services are now dead
Re-run the Norton uninstall tool again - running as administrator, if it fails again try it from safe mode
-
My pleasure
-
When I opened the Add/Remove and clicked on Avast, I noticed that besides the Uninstall choice, that it also gave the options of "Repair" and "Update Components". I clicked the Update and Repair buttons, and after a moment of updating, all my red letters turned green (YAY) and Avast says my system is now secured. I havent actually turned off the computer yet (kind of afraid to), but when I do restart, if this problem returns, is using the Add/Remove Programs the best way to uninstall Avast?