View Full Version : AVP.EXE help!
Ok im getting those little boxes which give me the option to deny change or allow change.The little box reads:
Category: system startup global entry
Change: Value deleted
Entry: avp
Old data: C:/WINDOWS/avp.exe
Ok i dont really know what to do so for now im just going to deny the change. BTW im also getting internet cut outs could this be related to AVP.exe???? also my internet cuts out this started when i started getting the little boxes saying AVP
Could you show the last couple lines of your resident.log?Open Spybot,click mode,then Advanced Mode,then Tools,then Resident,scroll the window there down close to the end,and copy the last couple of lines,then paste them here.
What was happening around the time those little boxes from Teatimer started popping up,had you just had an malware infection removed or something like that?
12/2/2007 9:18:20 AM Denied (based on user decision) value "avp" (new data: "") deleted in System Startup global entry!
12/2/2007 9:50:46 AM Denied (based on user decision) value "avp" (new data: "") deleted in System Startup global entry!
12/2/2007 11:07:55 AM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
12/2/2007 11:13:10 AM Denied (based on user decision) value "SpybotDeletingB5027" (new data: "") deleted in System Startup user entry!
12/2/2007 11:34:16 AM Denied (based on user decision) value "avp" (new data: "") deleted in System Startup global entry!
12/2/2007 12:41:04 PM Allowed (based on user decision) value "avp" (new data: "") deleted in System Startup global entry!
12/2/2007 12:51:14 PM Allowed (based on user decision) value "OptusNet DSL Setup" (new data: "D:\OptusNet.exe") added in System Startup global entry!
12/2/2007 12:51:17 PM Allowed (based on user decision) value "Desktop Service Centre" (new data: "") deleted in System Startup global entry!
12/2/2007 12:51:26 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
12/2/2007 12:51:27 PM Allowed (based on user decision) value "wextract_cleanup1" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP001.TMP\"") added in System Startup global entry!
12/2/2007 12:51:27 PM Allowed (based on user decision) value "Search Bar" (new data: "") deleted in Browser page!
12/2/2007 12:52:54 PM Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
12/2/2007 12:52:55 PM Allowed (based on user decision) value "wextract_cleanup1" (new data: "") deleted in System Startup global entry!
12/2/2007 1:01:07 PM Allowed (based on user decision) value "SpybotDeletingB5027" (new data: "") deleted in System Startup user entry!
12/2/2007 1:01:10 PM Allowed (based on user decision) value "Desktop Service Centre" (new data: "C:\Program Files\OptusNet DSL Internet\DSC.exe") added in System Startup global entry!
12/2/2007 1:01:11 PM Allowed (based on user decision) value "OptusNet DSL Setup" (new data: "") deleted in System Startup global entry!
12/2/2007 1:13:05 PM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
12/2/2007 1:16:49 PM Allowed (based on user decision) value "SpybotDeletingB5027" (new data: "") deleted in System Startup user entry!
12/2/2007 1:47:45 PM Allowed (based on user decision) value "avp" (new data: "") deleted in System Startup global entry!
Could this be affecting my modem, because its gone crazy and is rebooting itself automatically. I will go after this and test out internet to see if it still is cutting out because of modem
What was happening around the time those little boxes from Teatimer started popping up,had you just had an malware infection removed or something like that?
Yes i removed *alot* of malware spyware ect... BTW modems still reseting itself
Hello,
Excuse me for edging in here.
Yes i removed *alot* of malware spyware ect... BTW modems still reseting itself
Deleting "OptusNet DSL Setup" System Startup global entry, may have something to do with that. What were you attempting to do?
Can you name the infections and which tools you used to remove please.
Also, which anti virus program do you have installed?
OK i have to quickly type this message before modem cuts out. With the optus thingy i was trying to re-install internet because modem was cutting out. OK infections i got are :
virtumonde.ddc
virtumonde
Wn32.BHO.df
These are what i got off the using spybot S&D 1.5. Ive just found an old norton 2005 which ive just installed and im scanning (im scanning as i type this message to you).
Im no longer getting AVG.EXE boxes.
Im looking into my modem and have found 1 other person with the same modem having rebooting problems. Ok but what i found unusal is that it started to cut out when i was infected with spyware ect. It never used to cut out before.
Hello.
Ive just found an old norton 2005 which ive just installed and im scanning (im scanning as i type this message to you).
Which means there was no anti virus program installed previously? :eek:
Installing Norton, which takes a lot of resources, may add to your troubles especially if it is out of date.
Did you perform a System restore, if so you won't have a known good restore point. What Operating system is this?
We should see a HJT log in our Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) so someone can take a look at the system.
The instructions to produce one are here "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) but as you are having modem difficulties, do you have access to another, clean, computer?
If so, you can download HJT to that one.
Upload to infected machine.
Run HJT on the infected PC and post the log you produce in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) using the clean PC.
HiJackThis log - Trend Micro HijackThis 2.0.2
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" and Paste (http://www.webmasternow.com/copyandpaste.html) the entire contents of the log (no attachments) into your (Click --> ) own new topic in the malware forum (http://forums.spybot.info/newthread.php?do=newthread&f=22)
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System, a helper will guide you.
Let us know how it goes. :)
Dont worry all spyware and malware are gone and im talking to optus about my modem. Thanks for your help
Hello.
Dont worry all spyware and malware are gone and im talking to optus about my modem. Thanks for your help
Thank you for letting us know, good luck. :greeting: