I was running avast scanner. It froze up but continued scanning. Later it found two win32 sudiet Trojans. The results of the scan came up and it said everything was successful but both the scanner and the results were frozen. I did not remove the threats from the chest yet because they may be the key to this problem. Task manager says its running right but it wont respond. Also i can minimize and maximize them both using task manager.

I run xp pro sp2 2.8ghz amd x2 2gb ram.
Thanks—Rubin

How exactly does it freeze? Does it happen always approximately at the same place/folder of the scan?
Do you see a hard disk activity (when it freezes)? Is only the program frozen, or the whole computer (possibly with mouse cursor)?

You can go to the program settings and turn on the creation of the report file (with “OK files” to be included as well in the report). This way, you can find out where the scan really stopped (it’s going to be close to the end of the report).

After avast! disappears, check the end of the report file - the “troublesome” file is likely to be close to the end (close in the sense that this particular file will probably not be written in the report, but the previous one will be the last line, so it shouldn’t be hard to guess). They would certainly like to have this file - if it really causes problems to avast! - so that they could fix the problem.

The report file created (if you turned it on in program settings) will be (default location) at \Data\Report\Simple User Interface.txt

the scan continues just the window it self does not respond to the mouse.The window displays the scanning activity.

It froze up but continued scanning.

.

The results of the scan came up and it said everything was successful but both the scanner and the results were frozen.

.the scan did complete.In other words, only the window freezes but the scan continues and stangly the window displays the scans progress.Also be notified it was a through scan with archive files scanning enabled.

I see that you are running SP2 when SP3 has been available for almost a year that has several Critical Updates.

I believe SP3 had a problem with AMD systems on its initial release or was that SP2?

In IE got to Tools then Windows Update then download and install the updates.

Run Secunia Online Software Inspector to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

do u think automatic updated already installed sp3?
Back to the scanner. Ive noticed it freezes only when a virus is detected.This may be a sort of defense maybe?

Run a boot-time scan

do u think automatic updated already installed sp3?

Download HijackThis then install it then run it and post a scan here:
http://www.filehippo.com/download_hijackthis

Note: Make sure that Notepad is not in Word wrap mode and use Ctrl+A (Select All) then Ctrl+C (Copy) then Ctrl+V (Paste) the log in the Post reply window

i had hijack already here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:19 PM, on 3/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wireless LAN Card\RaConfig2500.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [XboxStat] “c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM..\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Advanced SystemCare 3] “C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe” /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: , nlcwka.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Unknown owner - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

–
End of file - 6652 bytes

---

An analysis of your HJT log shows the below problems :

Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Very BAD but deactivated entry that can be fixed.

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
Very BAD but deactivated entry that can be fixed.

O20 - AppInit_DLLs: , nlcwka.dll
My research found nothing on this dll which makes it very suspicious. I suggest it should be fixed.

At this point, and if you have already done a boot scan with avast, I suggest malwarebytes antimalware as the next step. Down load it, install it, update it, and then run it. Post the results log here.

http://www.malwarebytes.org/mbam.php

---

i have malaware bytes, the best program for malicious software detection and removal.how do i fix the following:

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Very BAD but deactivated entry that can be fixed.

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
Very BAD but deactivated entry that can be fixed.

i found somthing on the AppInit_DLLs if its any help:
http://support.microsoft.com/kb/197571

How to fix:
Run HJT again (close any other windows except HJT), tick the box to the left of the suspect entry you wish to fix, click the Fix Selected Button.

Regardless of what the microsoft kb article said, you need to fix the O20 - AppInit_DLLs: , nlcwka.dll entry as Charley) said.

t this point, and if you have already done a boot scan with avast, I suggest malwarebytes antimalware as the next step.

malware bytes found this root kit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.After i removed the rootkit avast did not freeze anymore. Thanks for the help!

-Rubin

Now’s the time to update to SP3 so the system won’t get infected as easily.

---

You are welcome, Rubin … glad I could help.

As Yokenny suggested, you really need to update to SP3.

---

As Yokenny suggested, you really need to update to SP3.

Yes i did update, but shouldn't automatic updates do it automatically?

It might have offered it 9 months ago when it was first released, so if you opted not to install it and clicked the option not to offer it in the future, no it wouldn’t. Or if you applied one of the many patches doing the rounds at the time to avoid the update that would also block it.