Author Topic: -= Why..? (Read 8676 times)

.: L' arc :. · « **on:** May 14, 2009, 06:31:52 AM »

-= I got this weird problem again.. Avast displays a red slash sign beside it & freezes the computer [I can actually open one window, then freeze.. I can't update too..].. I suffered this a few months ago & I have to uninstall & reinstall avast 4 times but with no luck so I switched to Avira for a week or so.. After a few while, I tried to reinstall avast for the 5th time & it worked but now, for about a month again, the problem is back.. I have to stick to Avira again..

-= I tried using avast removal tool, reinstall, change the avast service to Automatic, delays avast loading from windows services, checking for possible viruses, cleaning up any remnants of Avira.. No luck at all.. $:-\$

koyot · « **Reply #1 on:** May 14, 2009, 08:16:10 AM »

Red splash after month ?
Did u register for a free key ?

.: L' arc :. · « **Reply #2 on:** May 14, 2009, 12:09:46 PM »

-= I registered for a HOME version, entered the key.. But no luck, pc is still frozen.. I tried the demo version of PRO, but still, the problem persists..

Tarq57 · « **Reply #3 on:** May 14, 2009, 01:23:52 PM »

Have you tried a repair of Avast via the control panel>add remove programs?
Have you run the Avira registry cleaner/removal package?
Have you looked on the forum for "RPC error" and checked your services status?

.: L' arc :. · « **Reply #4 on:** May 14, 2009, 01:27:23 PM »

(1) Have you tried a repair of Avast via the control panel>add remove programs?
Yes

(2) Have you run the Avira registry cleaner/removal package?
Yes

(3) Have you looked on the forum for "RPC error" and checked your services status?
Yes, but no luck in solving this issue..

.: L' arc :. · « **Reply #5 on:** May 14, 2009, 01:29:35 PM »

-= Could this be caused by a conflicting program..?

Tarq57 · « **Reply #6 on:** May 14, 2009, 01:39:34 PM »

But of course. What else are you running?
If Avira left stuff behind, that alone could do it; but I think not since (if I'm reading you correctly) the problem pre-dates the installation of Avira.

onlysomeone · « **Reply #7 on:** May 14, 2009, 01:40:22 PM »

Hi chronoboi001!

could you make a hijackthis-log please...
possibly we can see anything which could conflict...

yours
onlysomeone

Tarq57 · « **Reply #8 on:** May 14, 2009, 01:43:32 PM »

And in post 1 where you say

Quote

change the avast service to Automatic

it defaults to automatic. Had you changed that at some point before?

.: L' arc :. · « **Reply #9 on:** May 14, 2009, 02:52:47 PM »

It defaults to automatic. Had you changed that at some point before?
-= I do not actually change it, it was just a recommendation by Avast when I click "More Info about the problem"..

onlysomeone
-= I'll be posting one..

-= I'm having hard time with Avira right now, it keeps telling me about infections.. $:-\$

.: L' arc :. · « **Reply #10 on:** May 14, 2009, 02:58:47 PM »

-= By the way, Avira keeps bothering me about this 2 infections:

(1)
Filename:    zip.zip
Infection Name:    TR/Crypt.FKM.Gen
VirusTotal Findings: VirusTotal

(2)
Filename: MPEG2_SVCD__plugin_for_NERO.exe
Infection Name:    TR/Crypt.ZPACK.Gen
VirusTotal Findings: VirusTotal

-= I don't have that much trust to Avira yet since Avast did not detect this two before. Could this be a real one or a false positive?

.: L' arc :. · « **Reply #11 on:** May 14, 2009, 03:04:39 PM »

-= Here is my HiJack This Log.. Thank you in advance to all the people who had been helping me since then..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:38 PM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5498 bytes

onlysomeone · « **Reply #12 on:** May 14, 2009, 03:11:40 PM »

didn't you say you use avast?!
you only have Avira installed...

.: L' arc :. · « **Reply #13 on:** May 14, 2009, 03:16:39 PM »

-= I still use Avast about 6 hours ago but since it makes my PC freeze, I need to use another antivirus to keep me protected, somehow.. So I downloaded Avira..

.: L' arc :. · « **Reply #14 on:** May 15, 2009, 12:13:37 PM »

-= I tried reinstalling avast for 3 times & the third attempt worked.. I'm looking forward to thanking each of you who helped me along the way.. I still can't find what is causing this "odd" stuff, it might probably be a random bug.. So far, thanks again..

-= Tarq,
I just visited the link for Avira AntiVir Removal tool but, I found out that it was somehow, referring to Avira AntiVir 7.. I have previously installed Avira AntiVir 9 & looking forward if the removal tool for version 7 will also work on version 9..?

-= By the way, last question, Avira AntiVir detected the following as threat but Avast don't.. I'm still doubted if I will consider removing this files or not.. In any case, you want a copy of the file, I'll be sending it to you via e-mail..

(1)
Filename: zip.zip
Infection Name: TR/Crypt.FKM.Gen
VirusTotal Findings: VirusTotal

(2)
Filename: MPEG2_SVCD__plugin_for_NERO.exe
Infection Name: TR/Crypt.ZPACK.Gen
VirusTotal Findings: VirusTotal

-= Many thanks..

Author Topic: -= Why..? (Read 8676 times)

.: L' arc :.

-= Why..?

koyot

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

Tarq57

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

Tarq57

Re: -= Why..?

onlysomeone

Re: -= Why..?

Tarq57

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

onlysomeone

Re: -= Why..?

.: L' arc :.

Re: -= Why..?

.: L' arc :.

Re: -= Why..?