You are not logged in.

Thursday, April 24th 2014, 8:17am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "clostridium88" started this thread

Date of registration:
Nov 15th 2011

Version:
none

Operating System:
windows vista

  • Send private message

1

Tuesday, November 15th 2011, 8:33am

also have the same error

i also have the same problem and i've run HJT
this is the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:32:47 PM, on 11/15/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\atikah\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atikah\Downloads\my downloads\installer\HiJackThis.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\PC Speed Up\PCSUService.exe
O23 - Service: SocialSay Updater - Unknown owner - C:\Program Files\SocialSay\ExtensionUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 2376 bytes

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

2

Tuesday, November 15th 2011, 8:53am

Hi clostridium88,

Please note that the HJT log, which you have posted is not complete.
Scotty is currently on patrol

This post has been edited 1 times, last edit by "Farger" (Nov 15th 2011, 1:16pm)


  • "clostridium88" started this thread

Date of registration:
Nov 15th 2011

Version:
none

Operating System:
windows vista

  • Send private message

3

Tuesday, November 15th 2011, 9:05am

how to enable real time protection?

as instructed earlier, i've tried to run HJT again but it said it's already running. so, i can't get the complete log.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

4

Tuesday, November 15th 2011, 9:14am

Hi,

Are you able to run MBAM? From what I see, Windows Defender is running: please read this
Scotty is currently on patrol


  • "clostridium88" started this thread

Date of registration:
Nov 15th 2011

Version:
none

Operating System:
windows vista

  • Send private message

5

Tuesday, November 15th 2011, 10:25am

well, the event viewer do have

Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
but the path found is not the same as given in the link you provided. instead,

Path Found: process:pid:1228;file:C:\Windows\3151739927:3896714308.exe

does it mean that Windows Defender is blocking avira free antivirus?

then, i've tried running mbam. i've already click perform full scan n scan. at first the window shows that it scanning the hard drives. but suddenly it disappear. when i access my window task manager. it did not state that mbam is running.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

6

Tuesday, November 15th 2011, 1:15pm

Hi,

1. Download AntiZeroAccess to your desktop
Double click on it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Type y and press enter to run the scan
Please post AntiZeroAccess_Log.txt contents in your next post. This file is saved in the same location as AntiZeroAccess program

2. Please download TDSSKiller and save it to your desktop
- extract the content to your desktop;
- after that, open the TDSSKiller folder and double click on TDSSKiller.exe to run the application, then click on Start Scan;
-if an infected file is detected, the default action will be Cure, click on Continue;
- if a suspicious file is detected, the default action will be Skip, click on Continue;
- It may ask you to reboot the computer to complete the process. Click on Reboot Now;
- if no reboot is required, click on Report. A log file should appear. Please upload it like you did before;
- if a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Upload it.

3. After that, please download and run DDS
Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.
DDS will start scanning your computer. When DDS has finished scanning, you will see two Notepad windows named dds.txt and attach.txt. Please save both logs and upload them.
Scotty is currently on patrol