Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

One Avast shield keeps turning itself off; possible virus

This is a discussion on One Avast shield keeps turning itself off; possible virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello! Brand new computer (well, used, but new to me) and the same old virus problems. The Avast Behavior Shield


Closed Thread
 
Thread Tools Search this Thread
Old 05-07-2017, 08:18 PM   #1
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello!

Brand new computer (well, used, but new to me) and the same old virus problems.

The Avast Behavior Shield turns itself off every time I hit "Connect" on VZAccess manager during the last 24 hours. Avast does warn me that it's off and I click it back on manually. Says it's back on, but I have my doubts.

Particularly as when I tried to surf eBay, the website suddenly thought I lived in the Czech Republic. Yeah, I've changed my eBay password and my PayPal on a friend's clean computer already.

So here's the DDS log with the ATTACH, err, attached.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Lois at 19:58:07 on 2017-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2302.1316 [GMT -7:00]
.
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [appnhost] C:\Users\Lois\AppData\Local\Mixesoft\AppNHost\appnhost.exe
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
StartupFolder: C:\Users\Lois\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
TCP: Interfaces\{F95CEED0-1F7A-4F22-8ADB-56E509B2E268} : NameServer = 77.234.40.79
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-2-9 311808]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2015-4-17 32600]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\aswNetSec.sys [2017-4-9 507928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-15 1007160]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-15 569192]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-15 128648]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-5-3 263304]
R2 avast! Firewall;Avast Firewall Service;C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-5-3 310496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2016-8-12 5911720]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2017-4-9 29432]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-16 243744]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-16 158368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-5-3 7346208]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3;C:\Windows\System32\drivers\aswTap.sys [2014-9-27 44640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-10-7 114688]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2012-8-17 70672]
S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2012-8-17 173456]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2012-8-17 173456]
S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2012-8-17 12688]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2012-8-17 141840]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-05-08 02:25:55 -------- d-sh--w- C:\$RECYCLE.BIN
2017-04-29 04:13:15 -------- d-----w- C:\Program Files (x86)\Fitbit Connect
2017-04-28 04:14:36 -------- d-----w- C:\Users\Lois\AppData\Roaming\Verizon
2017-04-28 04:13:31 -------- d-----w- C:\Program Files (x86)\Verizon
2017-04-12 03:24:42 -------- d-----w- C:\ProgramData\Visan
2017-04-10 03:27:20 507928 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2017-04-10 03:24:46 29432 ----a-w- C:\Windows\System32\drivers\aswNetNd6.sys
.
==================== Find3M ====================
.
2017-05-04 05:48:20 158368 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2017-05-04 05:48:19 339696 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-05-04 05:48:18 75704 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-05-04 05:48:18 38296 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-05-04 05:48:18 128648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2017-05-04 05:48:16 101152 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-05-04 05:46:07 1007160 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-05-04 05:46:06 32600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2017-05-04 05:45:17 49016 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-05-04 05:45:16 334576 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-05-04 05:45:14 190256 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-05-04 05:45:13 311808 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-04-12 02:56:27 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-04-12 02:56:27 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-29 16:21:48 478720 ----a-w- C:\Program Files (x86)\setup.exe
2016-09-29 16:21:44 2310144 ----a-w- C:\Program Files (x86)\openoffice413.msi
2015-10-09 04:08:14 6420480 ----a-w- C:\Program Files (x86)\GUT23E6.tmp
.
============= FINISH: 19:59:10.22 ===============
Attached Files
File Type: txt attach.txt (13.3 KB, 377 views)
KeithEKimball is offline  
Sponsored Links
Advertisement
 
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with virus/malware
So it all seemed to start about 3 or 4 weeks ago when I got a virus that looked like an antivirus program (i forget the name off the top of my head) and wanted me to give money to purchase the software and get rid of the viruses it said I had. I looked online and found it was a virus. It wouldn't...
tm226 Resolved HJT Threads 44 09-12-2013 04:20 AM
Redirect Virus
Hi, Since about a month I've noticed that whenever I run google search after clicking at link in results page I'm being redirected to some random pages. I've ignored it at first as I thought It's harmless, however after making some research I notice it's a serious problem and after failing...
Asator616 Resolved HJT Threads 17 11-17-2011 04:21 PM
PLEASE HELP Stubborn Malware
Hey, early this week these messages from a fake program called Security Guard 2012 started popping up, it wanted me to pay for it and it made fake blue screens and reboot screens..it also redirected sites sometimes, didn't let me use certain programs, wouldn't let McAfee Real-Time scanning stay on...
Mike_Jack's_Gal Inactive Malware Help Topics 16 10-28-2011 04:17 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:38 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts