Author Topic: Avast...Problem with updating  (Read 12822 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: Avast...Problem with updating
« Reply #15 on: March 22, 2007, 07:19:50 PM »
It is just because drivers aren't loaded at boot for USB devices, you keyboard would work in windows because it loads the drivers and supports USB devices. When your system is booting you can peck away at the Delete or F1 keys to interrupt the boot and enter the BIOS setup, unfortunately as I said you are unlikely to be able to do that if the USB keyboard isn't enabled at boot. The setting if you get in are likely to be in the Peripherals section of the BIOS, but that may differ from manufacturer to manufacturer, so you would have to check the different sections.

Personally I still use a PS2 keyboard, I don't need the bells and whistles and that is obviously a 'legacy' device and enabled at boot, that said I still have a spare. They really are a cheap commodity not to have a spare. I have a wireless optical mouse, but I also have a spare PS2 mouse.

You really need to consider installing software using 'the administrator' account that way it is available for all users, limited users included (which I assume your daughter is). It would appear that some of the protection on your account isn't available on your daughters.

Check out this topic I contributed as it sounds similar to your pop-up alerts, http://forum.avast.com/index.php?topic=27297.0

I trust you mean AVG anti-spyware not anti-virus ?
If so the avg-as free version is on-demand only after the 30 trial, so that doesn't use resources unless you are scanning. Periodically, weekly you should do an on-demand scan with avg-as, when you do this pause standard shield so there isn't duplicate scanning, which should save resources.

As I said previously there is no rush to delete, they can't do any harm in the chest and always check before deletion.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bearclaw37

  • Guest
Re: Avast...Problem with updating
« Reply #16 on: April 02, 2007, 04:53:19 PM »
Part 1)
Ok...forget all my problems as previously posted!!!  In the end, maybe all I will have to do is delete but I will let you be the judge of that.

As far as I know, the problems that I was having in regards to having trojans in my temp files (I believe) had disappeared after doing numerous things to try and get rid of them.  I used:AVG anti spyware, spybot, ad-ware SE, and AVG 7.5.  However, after doing this to eliminate any tojans, virus/worms on my computer, I still found that my comp was running horribly slow.  I recently ran another scan and guess what...I still have a virus/worm on my computer but It appears to be in another area and not in my temp files as previously reported.  I'm not sure how they got there or why I keep getting these problems.  Is it possible I have a unknown  backdoor??

I also noticed that I had alot of processes running, 36.  I thought that was really high so I came upon a website that had listed all processes, what they were for and what risk level they were.  Here is a list of what I have running (the high risk ones)
csrss.exe.........W32.Gaobot.AOworm
lsass.exe..........Win32.Agobot.AAvirus
hsvsvc.exe.......hijacker.adware.win32.delfin
smss.exe..........possible worm as I have to determine if this was safe or not. could be a reg process or a worm.
svchosts..........this two had a few explainations and said that I had to figure out if they were indeed a risk to my computer.

Here is the latest copy of hijack this:
With my scans making this post longer than 10000 characters, I will have to post in 2 or 3 parts



« Last Edit: April 02, 2007, 05:06:40 PM by bearclaw37 »

bearclaw37

  • Guest
Re: Avast...Problem with updating
« Reply #17 on: April 02, 2007, 04:54:24 PM »
Part2

Logfile of HijackThis v1.99.1
Scan saved at 8:42:07 AM, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\ColorByNumbers\CBNUCLSrvr.exe
C:\Program Files\ColorByNumbers\CBNUCLSrvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73F09C9D-0336-4C43-A60B-F0F8F6E49B2B} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B116AB2-8F9E-4E27-B033-B773DC8908Fc} - C:\WINDOWS\system32\surrkphr.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C659C82E-6EF7-4658-9CAD-694305BFBAEa} - C:\WINDOWS\system32\esjmpeqf.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\vyqjjccm.dll",setvm
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.10/cfweb_activex.camfrogweb.com-advanced-2.0.1.10_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160013996265
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll (file missing)
O20 - Winlogon Notify: iifggec - iifggec.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

bearclaw37

  • Guest
Re: Avast...Problem with updating
« Reply #18 on: April 02, 2007, 05:04:47 PM »
Part3

Ok, I am having problems pasting my antivirus scan results as it says that it is longer than 10000.  Alot of the scan has files that couldn't be scanned and I assume that they have corrupted files that are within the programs that I downloaded in order to get rid of trojans in the first place.  here is the bottom part of the scan.  I'm not sure if the 3rd file is all of the files that I mentioned above.  If you like, I can try and split that in 2 or 3 parts.

C:\WINDOWS\system32\oobclcey.dll [L] Win32:Adware-gen. [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\vdxwmwxw.dll [L] Win32:Adware-gen. [Adw] (0)
File was successfully moved to chest...
Infected files: 3
Total files: 324265
Total folders: 5215
Total size: 22.7 GB

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: Avast...Problem with updating
« Reply #19 on: April 02, 2007, 05:21:12 PM »
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

You need to decide what resident AV you have installed and uninstall the other, since you are receiving help from the avast forums, I know which way I would go. Not to mention support on the free version of AVG can be very lacking.

Ensure you have the latest version of JRE (JAVA Runtime Enviroment) jre1.5.0_11, because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://www.java.com/en/download/index.jsp

Suspect:
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - blank (file missing)
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll (file missing)
O20 - Winlogon Notify: iifggec - iifggec.dll (file missing)

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm.
- BlackLight - It can detect rootkits like Rootkit Revealer but can also remove them. http://www.f-secure.com/blacklight/
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx

« Last Edit: April 02, 2007, 05:23:24 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bearclaw37

  • Guest
Re: Avast...Problem with updating
« Reply #20 on: April 02, 2007, 06:29:09 PM »
Hi David,
Avast is the only antivirus that I use on this comp.  Originally I used Norton but didn't find that it was detecting as it should of and switched to you guys.  I only used AVG because it was listed a being something to aid in getting rid of the trojans.

I had downloaded Blacklight and used it but it came up empty.  Should I try the other two?  Any other ideas?

I am currently deleting my java and reinstalling with the latest.

I really need to get rid of these viruses as they are driving me insane.  It's bad enough that my ram is getting low and slowing down my computer with out the aid of spyware and viruses/worms.  What do you suggest?  I will also be getting a keyboard that attaches to my comp.  Originally I did have one but bought a new wireless one with a wireless mouse in order to free up USB ports and because it got wrecked.  Anyway, I will be able to scan (hopefully) in safe mode soon.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: Avast...Problem with updating
« Reply #21 on: April 02, 2007, 09:21:03 PM »
The avg that is being listed as helpful is the avg-antispyware (which you also have, this is compatible with avast) NOT the avg-antivirus.

The reason I suggested the anti-rootkit tools is when something is this difficult to get rid of it could have other elements restoring it, you at least are confirming by testing.

If one doesn't reveal any thing I would move on to the next and the next until I had exhausted the options..

Did you run the avg-antispyware in safe mode (if you are now able to get into safe mode) as this often has a better result ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security