Author Topic: The registry entries for Avast... well?  (Read 4066 times)

0 Members and 1 Guest are viewing this topic.

druzila

  • Guest
The registry entries for Avast... well?
« on: October 05, 2006, 02:21:29 PM »
Please, starting with Windows XP, I have experienced some difficulties. This, below, is a content of the log file, from Hijackthis. This entries are well?

Workstation(no network - single machine) with AMD Duron 1.6mhz. with 512mb RAM. and 40mb. IDE/HD.

----- start log
Logfile of HijackThis v1.99.1
Scan saved at 08:59:06, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Opera\Opera.exe
C:\hijack\HijackThis.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{02ED2F6A-39EA-4E08-9C79-FF5859F5DD19}: NameServer = 201.10.128.3 201.10.120.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{02ED2F6A-39EA-4E08-9C79-FF5859F5DD19}: NameServer = 201.10.128.3 201.10.120.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{02ED2F6A-39EA-4E08-9C79-FF5859F5DD19}: NameServer = 201.10.128.3 201.10.120.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

---- end log.

Thanks for possible help...

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: The registry entries for Avast... well?
« Reply #1 on: October 05, 2006, 02:28:07 PM »
This seems very short for a HijackThis! log!  Are you sure you have posted the entire log?

What difficulties have you experienced?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

druzila

  • Guest
Re: The registry entries for Avast... well?
« Reply #2 on: October 05, 2006, 02:35:33 PM »
Thank you for help me. 
I think that yes, however I cannot guarantee. I do not have much experience with the hijackthis. 
The machine breaks constantly, when initiating (?).
Thanks and best regards,

Dru

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: The registry entries for Avast... well?
« Reply #3 on: October 05, 2006, 02:52:11 PM »
There's nothing in the HijacKThis log.

I think you have a problem while the computer is booting, if I understand correctly.

It could be a hardware problem or damaged XP installation.

You could try running a hard disk check, booting into 'last known good,' a system restore, or repairing XP.

http://support.microsoft.com/kb/315265

http://www.xmission.com/~comphope/issues/ch000626.htm

http://www.geekstogo.com/forum/index.php?showtopic=138
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

druzila

  • Guest
Re: The registry entries for Avast... well?
« Reply #4 on: October 05, 2006, 03:08:22 PM »
Ok. Thank you very much for your help.
Escuse me for my poor english... I don't speak or write very well.

Dru

WwTIPPYwW

  • Guest
Re: The registry entries for Avast... well?
« Reply #5 on: October 05, 2006, 03:19:18 PM »
off topic -If you don't use these a lot, you might want to consider removing these from starting up every time you turn on your PC.  Really not needed and might speed up your boot up.

Code: [Select]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

druzila

  • Guest
Re: The registry entries for Avast... well?
« Reply #6 on: October 14, 2006, 03:32:29 PM »
Ok.
Thank you for your suggestion.  I was traveling and came back just today.  So, I have made the suggested alterations. Thanks and best regards. 
Dru.

jackthib

  • Guest
Re: The registry entries for Avast... well?
« Reply #7 on: October 15, 2006, 05:07:29 AM »
I could be wrong (newbie here) but you seem to be missing 2 programs which could slow down the logon process:

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Check to see if you have them at the specified location...

Offline chocholo

  • Poster
  • *
  • Posts: 645
  • BSC, GSC, MCP
    • Avast
Re: The registry entries for Avast... well?
« Reply #8 on: October 15, 2006, 11:36:46 AM »
Hijackthis is searching for 'C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service' (including double quotes and '/service' parameter) as a file, this causes 'file missing', because only present is 'C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe'.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11816
    • AVAST Software
Re: The registry entries for Avast... well?
« Reply #9 on: October 15, 2006, 01:59:16 PM »
So, this is a bug in HijackThis, actually - there's nothing wrong about those entries.

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: The registry entries for Avast... well?
« Reply #10 on: October 15, 2006, 02:29:10 PM »
Hi druzilla, you appear to missing the 02 entries whilst it is not beyond possibility that you have none it is also a sign of malware intrusion.  So I would suggest you rename HJT to somthing else e.g. Gotcha and then re-run it and see if you get any 02 entries appearing.  If you do it may be a sign of a Virtumondo infection