-= Why..?

-= I got this weird problem again… Avast displays a red slash sign beside it & freezes the computer [I can actually open one window, then freeze… I can’t update too…]… I suffered this a few months ago & I have to uninstall & reinstall avast 4 times but with no luck so I switched to Avira for a week or so… After a few while, I tried to reinstall avast for the 5th time & it worked but now, for about a month again, the problem is back… I have to stick to Avira again…

-= I tried using avast removal tool, reinstall, change the avast service to Automatic, delays avast loading from windows services, checking for possible viruses, cleaning up any remnants of Avira… No luck at all… :-\

Red splash after month ?
Did u register for a free key ?

-= I registered for a HOME version, entered the key… But no luck, pc is still frozen… I tried the demo version of PRO, but still, the problem persists…

Have you tried a repair of Avast via the control panel>add remove programs?
Have you run the Avira registry cleaner/removal package?
Have you looked on the forum for “RPC error” and checked your services status?

b Have you tried a repair of Avast via the control panel>add remove programs?[/b]
Yes

b Have you run the Avira registry cleaner/removal package?[/b]
Yes

b Have you looked on the forum for “RPC error” and checked your services status?[/b]
Yes, but no luck in solving this issue…

-= Could this be caused by a conflicting program…?

But of course. What else are you running?
If Avira left stuff behind, that alone could do it; but I think not since (if I’m reading you correctly) the problem pre-dates the installation of Avira.

Hi chronoboi001!

could you make a hijackthis-log please…
possibly we can see anything which could conflict…

yours
onlysomeone

And in post 1 where you say

change the avast service to Automatic
it defaults to automatic. Had you changed that at some point before?

It defaults to automatic. Had you changed that at some point before?
-= I do not actually change it, it was just a recommendation by Avast when I click “More Info about the problem”…

onlysomeone
-= I’ll be posting one…

-= I’m having hard time with Avira right now, it keeps telling me about infections… :-\

-= By the way, Avira keeps bothering me about this 2 infections:

b[/b]
Filename: zip.zip
Infection Name: TR/Crypt.FKM.Gen
VirusTotal Findings: VirusTotal

b[/b]
Filename: MPEG2_SVCD__plugin_for_NERO.exe
Infection Name: TR/Crypt.ZPACK.Gen
VirusTotal Findings: VirusTotal

-= I don’t have that much trust to Avira yet since Avast did not detect this two before. Could this be a real one or a false positive?

-= Here is my HiJack This Log… Thank you in advance to all the people who had been helping me since then… ;D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:38 PM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS.DEFAULT..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


End of file - 5498 bytes

didn’t you say you use avast?!
you only have Avira installed… ::slight_smile:

-= I still use Avast about 6 hours ago but since it makes my PC freeze, I need to use another antivirus to keep me protected, somehow… So I downloaded Avira…

-= I tried reinstalling avast for 3 times & the third attempt worked… I’m looking forward to thanking each of you who helped me along the way… I still can’t find what is causing this “odd” stuff, it might probably be a random bug… So far, thanks again…

-= Tarq,
I just visited the link for Avira AntiVir Removal tool but, I found out that it was somehow, referring to Avira AntiVir 7… I have previously installed Avira AntiVir 9 & looking forward if the removal tool for version 7 will also work on version 9…?

-= By the way, last question, Avira AntiVir detected the following as threat but Avast don’t… I’m still doubted if I will consider removing this files or not… In any case, you want a copy of the file, I’ll be sending it to you via e-mail…

b[/b]
Filename: zip.zip
Infection Name: TR/Crypt.FKM.Gen
VirusTotal Findings: VirusTotal

b[/b]
Filename: MPEG2_SVCD__plugin_for_NERO.exe
Infection Name: TR/Crypt.ZPACK.Gen
VirusTotal Findings: VirusTotal

-= Many thanks… :slight_smile:

Sorry, Chronoboi, wrong link. Try the 7th one down.
Those detections appear to me to be warnings of potentially suspicious files, probably because of the way they are packed, than definite malware containers. Treat as suspicious, but also maybe a FP.

-= Tarq,

   Thank you very much.. Avast is significantly faster to start & respond after removing some remnants of Avira AntiVir..

   About the threat, I already quarantined them to be sure..

   Many thanks..

If you wanna help us to improve the detection you can move them to the chest and email them to ALWIL so their team will verify if thee a virus on these fils you sended :slight_smile:

Mr.Agent

-= Mr. Agent,

  Affirmative.. I'll do it now.. ;D