You are not logged in.

Friday, April 18th 2014, 10:07am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "plumbobb" started this thread

Date of registration:
Jun 11th 2010

  • Send private message

1

Friday, June 11th 2010, 11:20pm

PC froze mid-scan with Avira AntiVir Personal

Hi! Thank you so much for any help you can give. I tried scanning my PC, which I think had been infected a couple of months ago, but which I thought I'd eliminated viruses from after multiple scans with multiple anti-virus programs. I settled on Avira for maintenance. Today when I tried to scan my computer, it crashed to "windows has recovered from a serious error" stage (message after bootup post-crash) several times, but each time with more progress through the scan, until it completed just now, with a notification of 3 hidden objects, but no virus (what constitutes a hidden object, by the way?). This seemed weird and I'm wondering if I'm the only person to experience this.

Thanks!

AlfaMS

Community member

Date of registration:
Mar 3rd 2007

Version:
Avira Antivirus Suite

Operating System:
Windows 8.1 Pro 64 Bit MC & LinuxMint 16 64 Bit

  • Send private message

2

Friday, June 11th 2010, 11:27pm

Hi,

with Windows and with several opened prgrams you'll inevitably be confronted with quite a few "hidden objects" which by themself are not a threat.
One thing puzzles me, though: you say you have come across a fe infections using quite a few different antivirus software programs, right? Changing programs won't make your opersting system better, or even eliminate problems, I am afraid. If there is a nasty infection then the only cure would IMHO be a clean new start.
Ceterum censeo Avira Forum non esse delendam.

  • "plumbobb" started this thread

Date of registration:
Jun 11th 2010

  • Send private message

3

Saturday, June 12th 2010, 12:43am

I get the same three hidden objects whether I have Avira running on its own or fourteen programs. And the infection I cleared a few months ago I cleared up by using AVG, malwarebytes, and adaware in succession until the system seemed to be clear of virus symptoms. Since then I've kept an eye on it, periodically checking the hijack this log file, and haven't noticed anything unusual until this recent freeze-up today and an additional hidden object (there were two previously).

bystander

Community member

Date of registration:
Mar 14th 2010

Operating System:
windows 7

  • Send private message

4

Saturday, June 12th 2010, 1:50am

@plumbobb

my suggestion :

1. if avg and adaware are still running in ur system, uninstall them.
2. run a scan and post the scan log here please

cheers

  • "plumbobb" started this thread

Date of registration:
Jun 11th 2010

  • Send private message

5

Saturday, June 12th 2010, 5:10am

Hi, Bystander!

Thank you so much for your reply. Here is the report file for an updated Avira (I downloaded the most recent update just prior to running it). I do not have any other anti-viruses running. When I was tackling the infection a couple months ago, I installed the other anti-virus programs, but once I thought I had it under control, I switched to Avira alone.

Thanks again!

vira AntiVir Personal
Report file date: Friday, June 11, 2010 16:43

Scanning for 2206493 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : USER-3A1C8490BE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/19/2010 13:26:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 13:26:52
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:26:25
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:12:40
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 20:12:40
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 20:12:41
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 20:12:41
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 20:12:41
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 20:12:41
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 20:12:41
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 20:13:09
VBASE014.VDF : 7.10.8.38 2048 Bytes 6/10/2010 20:13:09
VBASE015.VDF : 7.10.8.39 2048 Bytes 6/10/2010 20:13:09
VBASE016.VDF : 7.10.8.40 2048 Bytes 6/10/2010 20:13:10
VBASE017.VDF : 7.10.8.41 2048 Bytes 6/10/2010 20:13:10
VBASE018.VDF : 7.10.8.42 2048 Bytes 6/10/2010 20:13:10
VBASE019.VDF : 7.10.8.43 2048 Bytes 6/10/2010 20:13:10
VBASE020.VDF : 7.10.8.44 2048 Bytes 6/10/2010 20:13:10
VBASE021.VDF : 7.10.8.45 2048 Bytes 6/10/2010 20:13:10
VBASE022.VDF : 7.10.8.46 2048 Bytes 6/10/2010 20:13:11
VBASE023.VDF : 7.10.8.47 2048 Bytes 6/10/2010 20:13:11
VBASE024.VDF : 7.10.8.48 2048 Bytes 6/10/2010 20:13:11
VBASE025.VDF : 7.10.8.49 2048 Bytes 6/10/2010 20:13:11
VBASE026.VDF : 7.10.8.50 2048 Bytes 6/10/2010 20:13:11
VBASE027.VDF : 7.10.8.51 2048 Bytes 6/10/2010 20:13:11
VBASE028.VDF : 7.10.8.52 2048 Bytes 6/10/2010 20:13:12
VBASE029.VDF : 7.10.8.53 2048 Bytes 6/10/2010 20:13:12
VBASE030.VDF : 7.10.8.54 2048 Bytes 6/10/2010 20:13:12
VBASE031.VDF : 7.10.8.62 55808 Bytes 6/11/2010 21:05:03
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/23/2010 23:45:54
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/4/2010 20:12:50
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 00:45:37
AESBX.DLL : 8.1.3.1 254324 Bytes 4/23/2010 23:45:54
AERDL.DLL : 8.1.4.6 541043 Bytes 4/17/2010 13:26:41
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/17/2010 13:26:40
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/13/2010 00:45:36
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/4/2010 20:12:49
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/4/2010 20:12:46
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/4/2010 20:12:45
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/23/2010 23:45:52
AECORE.DLL : 8.1.15.3 192886 Bytes 5/13/2010 00:45:35
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 23:45:51
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/19/2010 13:26:52
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/19/2010 13:26:52
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/19/2010 13:26:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/19/2010 13:26:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, June 11, 2010 16:43

Starting search for hidden objects.
c:\windows\system32\ntmsdata\ntmsjrnl
c:\WINDOWS\system32\NtmsData
[NOTE] The file is not visible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System\oodefrag12.00.00.01professional
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'soffice.bin' - '81' Module(s) have been scanned
Scan process 'soffice.exe' - '15' Module(s) have been scanned
Scan process 'Steam.exe' - '87' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '45' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '52' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '17' Module(s) have been scanned
Scan process 'winampa.exe' - '17' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '29' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned
Scan process 'Explorer.EXE' - '95' Module(s) have been scanned
Scan process 'wscntfy.exe' - '17' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '18' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '36' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '76' Module(s) have been scanned
Scan process 'DkService.exe' - '72' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1676' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{3FCD4CC4-69A5-4468-ABBF-982042816A88}\RP13\A0002947.exe
--> Object
[1] Archive type: RSRC
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!


End of the scan: Friday, June 11, 2010 17:51
Used time: 1:07:50 Hour(s)

The scan has been done completely.

22921 Scanned directories
721641 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
721641 Files not concerned
7855 Archives were scanned
2 Warnings
0 Notes
635763 Objects were scanned with rootkit scan
3 Hidden objects were found

bystander

Community member

Date of registration:
Mar 14th 2010

Operating System:
windows 7

  • Send private message

6

Saturday, June 12th 2010, 10:51am

@plumbobb

The scan has been done completely and no freeze up this time.

-------------------------------------------------------------------------------------------------

"c:\windows\system32\ntmsdata\ntmsjrnl
c:\WINDOWS\system32\NtmsData
[NOTE] The file is not visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible."

r u infected with TROJ_DLOADER.ABO before?
i think they are left over from the infection.

---------------------------------------------------------------------------------------------------------------------------------------------

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System\oodefrag12.00.00.01professional
[NOTE] The registry entry is invisible.

this one from o&o defrag and it is ok.

my 2nd suggestion :

1. run a full system scan by malwarebytes in safe mode.
2. if the scan log is clean then u have nothing to worry about.


cheers

This post has been edited 1 times, last edit by "bystander" (Jun 12th 2010, 11:05am)


Date of registration:
Jan 5th 2009

Operating System:
XP

  • Send private message

7

Monday, June 14th 2010, 9:19am

Hi,

I think those entries are legit.
Thanks for choosing Avira
Alexandru Manea
Avira Operations GmbH & Co. KG

Barrie

Community member

Date of registration:
Jan 31st 2006

Version:
none

Operating System:
Mac OS X 10.8.3

  • Send private message

8

Monday, June 14th 2010, 8:46pm

Hi,

Regarding both entries I agree with Alex both look OK, ;) please read my post in this thread regarding this KEY
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist.


Regards
Barrie
Cordialement - Grüße and Regards.

[Avira Tech Blog - Avira VL Virusscan.jotti -HijackThis - - Avira tools - Online shop - Avira safe mode scan
Sorry NO support via PM > Kein Support über PN > Aucun support par message privé.

Date of registration:
Jan 5th 2009

Operating System:
XP

  • Send private message

9

Tuesday, June 15th 2010, 8:49am

Hi,

Just to be sure please follow bystander instruction on post 6
Thanks for choosing Avira
Alexandru Manea
Avira Operations GmbH & Co. KG