[voltronDefender]

Hi;

Can someone check my HJT log file? I recently am having problems with performing a full system scan using Avira 9 Premium for the past 6 days already. All the other security softeare I have are okay and can perform their respective full/partial scan. I have sent word to Avira about my problem but I wanted to have a second opinion on this one.

My security set-up is Avira 9 Premium / OA Premium as real-time. With MBAM free/SASpy free and HitmanPro as on-demand scanners. All of my scanners says I am clean. Avira 9 can perform the partial scans through the GUI>Local Protection>Scanner, it's only the "full system scan" and my "scheduled full-system scan".

Thinking it was Online Armor as the culprit, I disabled it as I performed the "full system scan" and "scheduled full system scan". Both tries merited a freeze. I repeated this for 2x more and it still froze.

Again, I can do partial scanning via the Local Protection>Scanner and it completes it all. No freezing. Even if Online Armor Premium is on. I tried to perform both scanning via the Local Protection>Scanner with OA Premium both "on" and "off" but all was okay.

I tried to uninstall and re-install Avira 9 but after I have updated it, it still is the same. I cannot perform my full system scan up to now. All the other scanning through the GUI>Local Protection>Scanner are okay.

Are there anyone here having this kid of problem or have experirnced this kind of "phenomenon"....?

I have already tested my hardware and all are working fine especially my ram and storage.

I am posting a HJTlog file here for your perusal if this can help.

I'd really appreciate the help. Thank you very much.

--------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:51 AM, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Jarte WordPad\Jarte.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{392D5140-D401-423C-8074-C5F99509CBD4}: NameServer = 203.131.75.67
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AVSETUP_4b2b2f0f\basic\avupgsvc.exe (file missing)
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 6239 bytes

[Fred Flintstone]

Hi voltron..

Nothing bad showing in that log to account for your problem.
More likely an issue with Antivir itself in my opinion, if MBAM, SAS etc say you are clean I would tend to go along with that!
There is more likely a conflict somewhere caused by the program itself.

I use Avira (free) myself and don't get any problems at all with MBAM installed?
I suggest you stick with your thread at Avira forum and see what they come up with?

Regards
Fred..

[voltronDefender]

Hi Fred;

Thanks for the welcome!

Yeah, I also believe that it's an internal program problem with Avira 9....I have tried from disabling my other security software to uninstalling-reinstalling them and then scanning in safe mode. Got 1 scan successfull but the next bzzzzt!

I am still waiting on a reply from them as I have performed almost all of their advice to no avail.

By the way about my HJT..in your opinion, am I clean?

Thanks dude!

[Fred Flintstone]

Hi voltronDefender,

As I said, nothing bad in the HJT log or anything that I believe would cause this problem.
See what happens with Avira reply and go from there.

Fred

[voltronDefender]

Hi Fred;

Thanks dude! I'll get back to here when I have word on it at the Avira Forums.

Regards!

[voltronDefender]

Hi Fred;

Sorry for the late reply. I had problems with my hdd. As of now I am bargaining to a friend to lend me one. But, the good news is the problem was solved via the use of the Avira Registry Cleaner and the safe mode-manual unstall. It was okay and I tried to use a friends advice of an rsit.exe checker similar to HJT. I would get a BSOD and would reboot to a checkdisk. It was there that I found out I had dozens of corrupted files and some errors. I did not have the errors before and no corrupted files as I do a checkdisk often. Anyway, I tested the drive and it failed.

I'll be making an RMA for it.

Thanks for the help and more power to the forum!

[Fred Flintstone]

You are welcome, glad you found out what the problem was..

Good luck

Fred

This post has been edited by Fred Flintstone: 17 January 2010 - 12:46 AM

[Fred Flintstone]

Since this issue appears to be resolved, this Topic is now closed. Should you need this thread reopened, please PM me or another Staff member, including the address of this thread and we will reopen it for you.