Need help. I may have a virus

I believe I have a virus. My computer keeps slowing down and the screens locks up for up to 2 to 3 minutes. I have scanned with the avast home free version and found nothing. What else should I try?? Should I buy the licensed version???
Is there a “low leve scan” in avast

Thanks, and please reply to my email address. I’m not sure I can find my way back to this post. I don’t like this bulletin board that you have it is too complex.

bobrafalovich

Hi, welcome to the forum. Please remove your email address or you will get spammed.

Since you started this topic, a small icon will appear beside it showing you posted in it. Also click the notify tab at the the top right corner of your post. You will then be notified when there is a repy.

Let’s have a look. Please follow the prompts to ensure HJT (hijackthis) is installed correctly in it’s own folder and a shortcut is placed on your desktop.

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Replies are to the forum (it may help others) and your default Profile setting should send an email notification for topics you started or contributed to when there is a reply.

What is your OS ?
What is your firewall ?
what version of avast are you using 4.8.1169 (see about avast) is the latest build ?

What are you doing before the screen locks up for 2-3 minutes ?
When does this happen commonly, shortly after boot, after browsing for a while, after file downloads, P2P, etc. when ?

I’m not sure how to remove my email address. I find this bulletin board rather complex.

OK, here is the log file. It is in 2 posts because the forum will only allow 1000 characters

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:00 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Downloads\HiJackThis\HiJackThis.exe

Actually it will be in 3 posts because of the 1000 character limit.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM..\Run: [SystemTray] “SysTray.Exe”
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [avast!] “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 - HKLM..\Run: [trueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM..\Run: [Acronis Scheduler2 Service] “C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe”
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19..\Run: [H/PC Connection Agent] “C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE” (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [H/PC Connection Agent] “C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE” (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [H/PC Connection Agent] “C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [H/PC Connection Agent] “C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE” (User ‘Default user’)
O4 - HKUS.DEFAULT..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User ‘Default user’)
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

And here is part 3 of the log file

by the way thanks for your help ;D ;D

Bob

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~5\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~5\inetrepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~5\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.0.1
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.22.downloads.estara.com./as/OneCCDM.php?template=306633&sessionid=1414138019_75.170.62.207_3467&=&req=1209586278206OneCC.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip..{B1900374-5DA1-464A-98B6-A5935A6D1FCD}: NameServer = 205.171.3.65,205.171.2.65
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe


End of file - 11974 bytes

That is why I used the term modify.

Look for the Modify button on your post, click that and you can then edit/modify your original post. See image, example from one of my posts in this topic, note you will only see the Modify button for your own posts, you can’t modify other peoples posts.

To : David R

What is your OS ?
***XPSP2
What is your firewall ?
***Windows
what version of avast are you using 4.8.1169 (see about avast) is the latest build ?
***Yes, this build
What are you doing before the screen locks up for 2-3 minutes ?
****Just working in various programs, nothing special. It’s driving me nut!!! Like right now
When does this happen commonly, shortly after boot, after browsing for a while, after file downloads, P2P, etc. when ?
****Within about 2 minutes after boot up is complete

To: DavidR,

Thanks, I removed my email address. I’m starting to get an idea of how this forum works.

Thanks

Well good news and bad news. The good news is there isn’t much to see in your log, except a slightly out of date java and possibly adobe. We can help with that later if you wish. The bad news is I don’t see your cause of your problem in the log. ;D

I see you mentioned the problem starts shortly after bootup. Avast will check for updates on startup if you are on highspeed(allways connected). It can be resource intense.

A few questions to help us.

Is this a new problem?

Are you a new avast user?

Does the problem seem to sort itself out, or is a reboot required?

Any other antiviurs program used prior to avast? and how was it removed?

Do you know your system spec, ie cpu, ram?

There are a lot of very knowledgable people here. Please post back, someone will be here. :smiley:

Thanks Oldman!!!

Your Questions, my answers *****

Is this a new problem?
******* It has been getting worse over a period of about 2 weeks. Started about 2 weeks ago

Are you a new avast user?
*******No I’ve been using it for the past 3 years. But I’m using the free home version. Should I upgrade to
*******the paid version???

Does the problem seem to sort itself out, or is a reboot required?
******As time goes along the problem worsens and then requires a reboot

Any other antiviurs program used prior to avast?
***Norton, what a piece of s that program is. I had to call support to get an internet path to an ******uninstall program to get rid of it. But that was about 3 years ago. And the machine has been working
******OK since then

and how was it removed?
******Norton was uninstalled with a downloaded uninstall program that I had to call their support number to get

Do you know your system spec, ie cpu, ram

******I have one Gig Ram, one Gig Mhz processor, My system is somewhat complex because I have 3 removable ATX Drive caddies (with HD’s - one for applications, one for data, one for back-up). Also has 50 pin SCSI adapter card, photo slide scanner, 3 internal SCSI HD’s. And an ATX DVD/CD burner, 4 usb ports attached to a sewing machine, printer, scanner, digital camera and other stupid devices (too many things, yes!!)

I think we can rule out remnants of norton and your cpu/ram spec.

The pro is the same as the home, it’s just a little more configurable, ie more ineterfaces, scheduling and one more provider. But and use the same engine.

Did your version of avast update itself? Not the vps, but the program itself?

Low level scan I suppose would be a boot time scan, if this is what you are asking about.

P2P, what are you using to scan the downloads?

Hi bobrafalovitch and oldman,

The slowing down of the computer for periods of 1 to 2 min may be related to errors in the functioning of the OS (can be driver related, can be something else), a way to establish this side of the story is to evaluate errors (red exclamation marks) in the event viewer logs, bobrafalovitch may easily watch this doing the following: go from start to execute and there give in “eventvwr.msc” without the “” off-course. Anxious to see what errors were reported there and for what ModNames?

polonus

Hay OldMan,

Did your version of avast update itself?
******I’m using 4.8.1169, I think this is the newest, right?

Not the vps, but the program itself?

Low level scan I suppose would be a boot time scan, if this is what you are asking about.
******Yes, how do you get avast to scan the computer on boot up.

P2P, what are you using to scan the downloads?
******I thought avast would scan the downloads as they came in. Is this not the case? Do I have to scan them manually?

I used TrendMicro House Call, It took 5 hours to run and it found a few malware things and cookies but that was all.

Also, I’m thinking I should get rid of the XP firewall and get a firewall that really works. Any suggestions? Are there any free ones out there that are good??

Thanks

bobrafalovich

Hay Polonus,

Here is a log file of the “warnings”. “Errors” will be on the next post (too many characters for a single post)
Type Date Time Source Category Event User Computer
Warning 5/10/2008 11:57:59 AM Userenv None 1517 SYSTEM MYRNA
Warning 5/9/2008 9:40:41 PM MsiInstaller None 1001 myrna MYRNA
Warning 5/9/2008 9:40:41 PM MsiInstaller None 1004 myrna MYRNA
Warning 5/9/2008 9:40:37 PM MsiInstaller None 1001 myrna MYRNA
Warning 5/9/2008 9:40:37 PM MsiInstaller None 1004 myrna MYRNA
Warning 5/9/2008 9:40:37 PM MsiInstaller None 1001 myrna MYRNA
Warning 5/9/2008 9:40:37 PM MsiInstaller None 1004 myrna MYRNA
Warning 5/9/2008 9:19:02 PM Userenv None 1517 SYSTEM MYRNA
Warning 5/9/2008 6:44:07 PM Userenv None 1517 SYSTEM MYRNA
Warning 5/9/2008 6:28:47 PM Userenv None 1517 SYSTEM MYRNA
Warning 5/8/2008 1:04:15 PM Userenv None 1517 SYSTEM MYRNA
Warning 5/8/2008 12:51:20 PM Userenv None 1517 SYSTEM MYRNA
Warning 5/7/2008 2:42:09 PM Userenv None 1517 SYSTEM MYRNA
Warning 5/3/2008 10:24:17 AM Userenv None 1517 SYSTEM MYRNA
Warning 5/3/2008 9:31:22 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/26/2008 10:31:15 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 5:35:43 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 5:35:43 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/26/2008 4:39:02 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 4:39:02 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/26/2008 4:31:45 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 4:31:45 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/26/2008 4:30:44 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 4:30:44 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/26/2008 4:30:34 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 4:30:34 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/26/2008 4:30:18 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/26/2008 4:30:18 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/22/2008 11:25:18 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/21/2008 3:32:48 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/19/2008 12:20:36 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/19/2008 12:20:36 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/19/2008 12:20:29 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/19/2008 12:20:29 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/19/2008 12:20:05 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/19/2008 12:20:05 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/19/2008 10:08:51 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/17/2008 9:06:54 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/12/2008 10:56:42 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/12/2008 3:04:12 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/11/2008 9:17:41 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/10/2008 6:27:56 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/8/2008 8:54:47 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/8/2008 9:48:54 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/6/2008 10:36:33 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/6/2008 9:54:16 AM Userenv None 1517 SYSTEM MYRNA
Warning 4/3/2008 5:34:53 PM MsiInstaller None 1001 myrna MYRNA
Warning 4/3/2008 5:34:53 PM MsiInstaller None 1004 myrna MYRNA
Warning 4/3/2008 5:26:02 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/2/2008 1:18:51 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/1/2008 10:38:32 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/1/2008 10:31:53 PM Userenv None 1517 SYSTEM MYRNA
Warning 4/1/2008 1:39:34 PM Userenv None 1517 SYSTEM MYRNA
Warning 12/22/2007 10:30:02 AM Userenv None 1517 SYSTEM MYRNA
Warning 12/22/2007 12:42:26 AM Userenv None 1517 SYSTEM MYRNA
Warning 12/21/2007 10:31:28 AM Userenv None 1517 SYSTEM MYRNA
Warning 12/20/2007 12:14:59 PM Userenv None 1517 SYSTEM MYRNA
Warning 12/17/2007 11:38:40 PM Userenv None 1517 SYSTEM MYRNA
Warning 12/15/2007 9:56:13 PM Userenv None 1517 SYSTEM MYRNA
Warning 12/15/2007 9:44:27 PM Userenv None 1517 SYSTEM MYRNA

Here are the Application Errors:

Error 5/10/2008 11:51:14 AM nview_info None 1 N/A MYRNA
Error 5/10/2008 11:51:00 AM nview_info None 1 N/A MYRNA
Error 5/10/2008 11:48:11 AM nview_info None 1 N/A MYRNA
Error 5/9/2008 9:40:44 PM nview_info None 1 N/A MYRNA
Error 5/9/2008 9:03:38 PM nview_info None 1 N/A MYRNA
Error 4/26/2008 5:22:25 PM MsiInstaller None 11706 myrna MYRNA
Error 4/26/2008 4:31:42 PM MsiInstaller None 11706 myrna MYRNA
Error 4/26/2008 3:25:47 PM MsiInstaller None 11704 myrna MYRNA
Error 4/24/2008 1:06:32 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:05:58 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:04:43 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:02:44 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:03:31 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:02:26 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:01:36 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:01:02 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 1:00:32 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:58:36 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:52 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:41 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:41 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:41 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:41 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:29 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:29 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:47:17 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:45:17 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:44:19 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:43:53 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:43:34 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:43:32 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:42:58 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:42:50 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:42:33 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:41:52 AM nview_info None 1 N/A MYRNA
Error 4/24/2008 12:42:04 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 2:08:14 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 2:08:12 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 2:08:12 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 2:08:07 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 2:07:41 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 2:07:29 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:55:02 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:48:20 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:48:20 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:48:20 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:48:14 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:46:04 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:36:18 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:53 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:53 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:53 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:53 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:53 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:53 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:34:19 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:33:58 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:21:21 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:15:10 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:15:10 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:15:10 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:15:10 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:15:10 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:11:07 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:14:04 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:10:12 AM nview_info None 1 N/A MYRNA
Error 4/21/2008 1:10:10 AM nview_info None 1 N/A MYRNA
Error 4/20/2008 2:40:24 PM Application Error None 1000 N/A MYRNA
Error 4/20/2008 2:38:40 PM Application Error None 1000 N/A MYRNA
Error 4/18/2008 7:45:24 PM Application Error None 1000 N/A MYRNA
Error 4/15/2008 1:27:28 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:27:15 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:26:56 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:26:26 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:26:16 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:26:13 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:25:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:25:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:25:24 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:24:54 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:20:17 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:20:17 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:20:08 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:18:48 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:18:11 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:17:29 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:12:06 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:05:33 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:05:33 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:05:17 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:04:40 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 1:03:41 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:58:51 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:56:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:56:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:56:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:56:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:56:58 AM nview_info None 1 N/A MYRNA
Error 4/15/2008 12:56:58 AM nview_info None 1 N/A MYRNA
Error 4/12/2008 9:43:58 PM nview_info None 1 N/A MYRNA
Error 4/12/2008 2:25:19 PM nview_info None 1 N/A MYRNA
Error 4/9/2008 12:37:27 PM Application Error None 1000 N/A MYRNA
Error 4/9/2008 12:12:40 PM Application Error None 1000 N/A MYRNA
Error 4/8/2008 6:44:25 PM nview_info None 1 N/A MYRNA
Error 4/5/2008 6:36:42 PM nview_info None 1 N/A MYRNA
Error 4/5/2008 5:31:48 PM nview_info None 1 N/A MYRNA
Error 4/2/2008 12:09:19 PM Application Error (100) 1000 N/A MYRNA
Error 12/17/2007 10:39:08 PM Application Error None 1000 N/A MYRNA
Error 12/17/2007 10:37:49 PM Application Error None 1000 N/A MYRNA
Error 12/17/2007 1:09:03 AM nview_info None 1 N/A MYRNA

Polonus,

Do you want to see the System warning/errors also??

bobrafalovich

OK I think I have a handle on what the problem might be, with the 4.8 version onwards there is a rootkit scan carried out shortly after boot, to effectively give any rootkit time to activate or it might escape the rootkit scan. Here is the probable issue, the scan starts two minutes after your desktop is up, so coincides with that time frame.

I would suggest you try the beta build, it is quite stable and it improves some other issues and the start of the scan is also further delayed, so that and other updates may help you. It certainly won’t make it any worse.

avast! beta 4.8.1178, see http://forum.avast.com/index.php?topic=34612.0 for information and link to aswbeta.exe which starts the conversion to the beta build.

You don’t need to uninstall the current version everything will be handled by the aswbeta.exe file. Once the beta is installed the VPS updates are as normal and when the beta goes live the auto or manual program update will convert to the regular release, again no requirement to reinstall.

You could of course disable this rootkit scan after boot if you aren’t happy about using beta software, but the avast betas have in the past and this one been relatively problem free and stable.
Program Settings, Troubleshooting, check the ‘Disable rootkit scan onm system startup.’

Re Boot Scan:
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

Hi bobrafalovitch,

Yep, you could give them as well. If the suggestion of DavidR does not cure the hick-ups of your OS, then we (oldman and I) can see what the state of your OS is, and get nearer to the culprit of what has gone wrong, you can also attach it in a txt file that you attach to your next posting, so far what I have seen leads to the process NVIDIA nView Desktop and Window Manager or NVIDIA nView Control Panel, Version belongs to the software NVIDIA nView Desktop and Window Manager or nview.dll or NVIDIA nView Control Panel, Version by NVIDIA Corporation (www.nvidia.com).

Description: nview.dll is located in the folder C:\Windows\System32 or sometimes in a subfolder of C:\Windows. Known file sizes on Windows XP are 1466368 bytes (34% of all occurrence), 1470464 bytes, 1458176 bytes, 1441792 bytes, 852038 bytes, 1462272 bytes, 1363968 bytes, 1474560 bytes, 835654 bytes, 1478656 bytes, 1175552 bytes, 831557 bytes, 1187840 bytes, 1335296 bytes, 1126400 bytes, 548933 bytes, 852039 bytes, 1331200 bytes, 798789 bytes, 823365 bytes, 1437696 bytes, 868421 bytes, 1368064 bytes, 774213 bytes, 1191936 bytes, 1323008 bytes, 544837 bytes, 856135 bytes, 1339392 bytes, 856133 bytes, 528456 bytes, 847942 bytes, 507976 bytes, 770117 bytes, 753733 bytes.
A .dll file (Dynamic Link Library) is a special type of Windows program containing functions that other programs can call. This .dll file can be injected to all running processes and can change or manipulate their behavior. nview.dll is not a Windows system file. The program is not visible. The service has no detailed description. It can change the behavior of other programs or manipulate other programs. nview.dll is able to record inputs, monitor applications. Therefore the technical security rating is 63% dangerous, however also read the users reviews.

Important: Some malware camouflage themselves as nview.dll, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the nview.dll process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer’s security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World. Do a search for nview.dll on your computer and upload that to virustotal.com for an online evaluation scan with various av…

polonus