Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on January 01, 2016, 01:52:36 AM
-
The issue that I have is not fully investigated yet, but the preliminary conclusion is that it may be due to Avast
Below is the link to discussion on Microsoft forum
https://social.msdn.microsoft.com/Forums/en-US/1d34d165-80c4-48ba-9684-0f121a971878/system-suddenly-goes-off-how-to-find-logfiles-to-understand-why-it-happened?forum=winforms
Will there be any comments?
-
There is nothing in avast that only runs once a month unless you scheduled a automatic scan once a month.
The problem in the post on the MS forum has nothing to do with avast.
-
The issue that I have is not fully investigated yet, but the preliminary conclusion is that it may be due to Avast
Below is the link to discussion on Microsoft forum
https://social.msdn.microsoft.com/Forums/en-US/1d34d165-80c4-48ba-9684-0f121a971878/system-suddenly-goes-off-how-to-find-logfiles-to-understand-why-it-happened?forum=winforms (https://social.msdn.microsoft.com/Forums/en-US/1d34d165-80c4-48ba-9684-0f121a971878/system-suddenly-goes-off-how-to-find-logfiles-to-understand-why-it-happened?forum=winforms)
Will there be any comments?
You could try using Blue Screen View or Who Crashed to see what may have caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html (http://www.nirsoft.net/utils/blue_screen_view.html)
or
http://www.resplendence.com/whocrashed (http://www.resplendence.com/whocrashed)
-
You could try using Blue Screen View or Who Crashed to see what may have caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html (http://www.nirsoft.net/utils/blue_screen_view.html)
or
http://www.resplendence.com/whocrashed (http://www.resplendence.com/whocrashed)
Thanks, Charyb. I have already shared the information, including minidump files, msinfo32 and evenviewer logs on MS forum (copy the link below):
https://drive.google.com/file/d/0B-j1nGDcVQKKaUlYUmQtUGVJZFk/view?usp=sharing (https://drive.google.com/file/d/0B-j1nGDcVQKKaUlYUmQtUGVJZFk/view?usp=sharing)
As you can see from those (using your BlueSreen utility, for instance) all 3 reported crash cases were somehow related to file ntoskrnl.exe.
What else should I investigate with that respect, in your view?
-
If Windows would be a car, you could call that application the engine (or at least a major part of the engine).
Technical information :
https://en.wikipedia.org/wiki/Ntoskrnl.exe
Do you happen to have multiple av's running ?
-
If Windows would be a car, you could call that application the engine (or at least a major part of the engine).
Technical information :
https://en.wikipedia.org/wiki/Ntoskrnl.exe
Do you happen to have multiple av's running ?
Apart from Avast in Chrome and on computer, I have MS EMET and Spybot's resident running, which I think is normal in our days. My Chrome also has Adguard Adblocking engine activated. Nothing else, this is it.
Please check today's ZigZag3143x answer in MS forum thread
https://social.msdn.microsoft.com/Forums/en-US/1d34d165-80c4-48ba-9684-0f121a971878/system-suddenly-goes-off-how-to-find-logfiles-to-understand-why-it-happened?forum=winforms
-
In regards to MS EMET:
The security mitigation technologies that EMET uses have an application-compatibility risk. Some applications rely on exactly the behavior that the mitigations block. It is important to thoroughly test EMET on all target computers by using test scenarios before you deploy EMET in a production environment. If you encounter a problem that affects a specific mitigation, you can individually enable and disable that specific mitigation. For more information, refer to the EMET user's guide.
FYI LINK: The Enhanced Mitigation Experience Toolkit (https://support.microsoft.com/en-us/kb/2458544), scroll down to "Are there any risks in using EMET?".
-
Yes, I am fully aware of that. So what?
Where is the logical linkage that causes the simultaneous use of memory by Avast and EMET, and why is it happening if it is actually behind the crash? :) By the way, is it the real cause of the problem or just a guess?
-
Yes, I am fully aware of that. So what?
Where is the logical linkage that causes the simultaneous use of memory by Avast and EMET, and why is it happening if it is actually behind the crash? :) By the way, is it the real cause of the problem or just a guess?
Since you have the problem, and you're using the program, you're the only one that can answer that question.
-
Let's see...
1]
I installed Avast after McAfee trial was over, which was like in the mid of summer 2015. Month or two later I witnessed my system crashed for the 1st time. Since then it has been repeating almost like on once-per-month basis
I sure would not be surprised if McAfee wasn't removed completely and is (at least) part of the problem.
2]
As I said before, there is nothing that avast does once a month unless you scheduled a monthly scan.
That is a very strong indication that it is not avast what is causing the problem.
3]
He has solved 40.000 BSOD's for people ?
Let's say he is really good.
Helping 5 people a day would mean he is doing it for about 22 years.
And 5 is already a lot.
That is if he is helping 7 days a week which is not likely.
Illness, holidays/vacation, other things to do (real life) etc...
The first BSOD's where introduced in the first Windows NT family, 22 years ago
Simple math (statistic calculations) would say that he started helping people with BSOD's over 35 years ago.
Guess what?
Not possible because they didn't existed at that time.
3]
Take your pick.
Do you want help here or at the msdn website ?
-
Let's see...
1]
I installed Avast after McAfee trial was over, which was like in the mid of summer 2015. Month or two later I witnessed my system crashed for the 1st time. Since then it has been repeating almost like on once-per-month basis
I sure would not be surprised if McAfee wasn't removed completely and is (at least) part of the problem.
I can assure you that my computer qualification allows me to state that McAfee was completely removed, and yes, before removing it I was aware that the problem with McAfee left-overs had been existent :)
-
Did you use the removal tool for McAfee ?
-
Did you use the removal tool for McAfee ?
Yes, I did
-
If you want a expert to check, i suggest posting diagnostic logs so essexboy can have a look inside
see instructions here >> https://forum.avast.com/index.php?topic=53253.0
scroll down to second picture ... Farbar Recovery Scan Tool ... run as instucted and attach the two diagnostic logs
see below the box you write in ... Attachments and other options
-
and Spybot's resident running
Spybot's teatimer and avast do not work well together.
Besides that, Spybot isn't recommended anymore for a long time because the lack of detection.
It once was a good tool, but that was a long time ago.
-
I used Spybot for many years and really liked the resident TeaTimer tool best of all regarding Spybot but I started running into compatibility issues (can't recall the problems now as that was so many years ago) and eventually ended up turning TeaTimer off and finally just gave up on Spybot not long after that. You might consider turning TeaTimer off and see if you still get the monthly crash that you've been getting on a regular basis.
If you still get the crash with TeaTimer off you could try the Avast Support Tool (https://www.avast.com/faq.php?article=AVKB33#artTitle) to see if this helps you out.
-
Yah, Spybot S&D with Tea Timer is certainly outdated.
-
Pls see attached the 2 logs of Farbar Recovery Scan Tool
I have also disabled autostartup of Spybot S&D
-
Does this happen at the same time every month ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
Task: {33D63D7D-4D18-4CCD-8F9C-92EB8659A8CE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7AD1327B-B56B-4928-958A-3A127CE13CA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D5B1E4A3-DC7F-4371-9D7B-F97877F968E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Users\jbionic\AppData\Local\Temp\_MEI60402
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Thanks, Essexboy. I think your script partially did what I had already done by disabling Spybot S&D.
See below the log from FRST64.exe.
-
The main elements removed were the scheduled tasks ... When is the next BSOD due ?
-
The main elements removed were the scheduled tasks ... When is the next BSOD due ?
If you look inside the fixlog, it seems that most of the commands didn't quite worked the way you wanted. Was I actually supposed to run your script and frst64.exe from administrative account? I can try to rerun it again then.
Your script completely removed Spybot S&D from my machine. Before advising me to run it I think it would be also advisable for you to let me know of consequences.
As I reported earlier, there is no pre-determined date for BSOD to appear. Each month it's sorta shifting, but happens just once per month: 25th of october, 28th of november, 30th of december ... - can you guess the next one?
-
Btw I am not sure if this is the related to the problem I experience, but starting from recently Ccleaner cannot remove the following Avast keys from the registry
https://goo.gl/photos/q9MxUaRziv6f1B4w6
(https://goo.gl/photos/q9MxUaRziv6f1B4w6)
-
Btw I am not sure if this is the related to the problem I experience, but starting from recently Ccleaner cannot remove the following Avast keys from the registry
https://goo.gl/photos/q9MxUaRziv6f1B4w6
(https://goo.gl/photos/q9MxUaRziv6f1B4w6)
you dont have latest CCleaner 5.13.5460
Your script completely removed Spybot S&D from my machine. Before advising me to run it I think it would be also advisable for you to let me know of consequences.
you dont need it when you have Malwarebytes
-
I've re-applied your script by running FRST64.exe from administrative account. Here is the log
-
you dont need it when you have Malwarebytes
My remark was not about what I have or what I shouldn't have. It is ME to decide what I should have.
But I find that it would be rather correct to warn me if smth gets removed simply because local experts think that this will resolve my initial problem
-
I misread your post I thought I saw that you had removed it .. Sorry
-
It is ME to decide what I should have.
absolutely ... it was just info
-
I misread your post I thought I saw that you had removed it .. Sorry
Lets put differently, Spybot is no longer present on my machine. So what's your forecast now? Will I stop to experience system crashes every month? :)
-
There was a task that ran to update the programme and from what I remember it was a monthly cycle
-
Can anyone advise me now on how to remove C:\FRST folder from my computer? :D
It refuses to delete even from administrative account because of Quarantine sub-folder that contains the whole Spybot directory from Program Files (>300 Mb)
-
Essexboy will remove it when back online later today
-
Essexboy will remove it when back online later today
Thanks, Pondus. I hope he knows how to do this if he recommends the tool çause I feel a little lost now :)
-
I hope he knows how to do this if he recommends the tool çause I feel a little lost now :)
Sure, don't worry.
-
To remove these use delfix, this will reset your restore points
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
Select the options as shown
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
-
To remove these use delfix, this will reset your restore points
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
Select the options as shown
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
I did exactly as advised however the FRST folder is still there and I cant remove it even from administrative account.
I may seem to ask a little stupid question, but wouldn't it be easier if I simply removed Spybot without having to go in circles with lots of different apps, such as FRST or delfix?
Why did you have to remove all my restore points?
I am getting a little irritated because of 0-effect so far
-
FRST is a diagnostic tool, it was used to look for error/what could be wrong and not speficially targeting SpyBoot
Essexboy may use several tools to fix a computer depending on what the problem is, all tools used are removed in one go with delfix
-
FRST is a diagnostic tool, it was used to look for error/what could be wrong and not speficially targeting SpyBoot
Essexboy may use several tools to fix a computer depending on what the problem is, all tools used are removed in one go with delfix
Well, I mean that's totaly fine, but how comes FRST folder is still there instead of being "removed in one go "?
And you still fail to answer my question, wouldn't it be easier just to uninstall Spybot via Control panel in WIndows since it appears to be the only problem that existed?
-
Where is the FRST folder ?
-
Where is the FRST folder ?
System disk C:\FRST
Why did you have to remove my restore points by the way? :) I am kinda losing the way you lead me
-
Delfix should have removed that folder as it is in the normal position
Generally I work with infected systems and once clean, restore points need to be removed to stop re-infection
-
Delfix should have removed that folder as it is in the normal position
It hasn't, so what? I am not trying to mislead or anything
Generally I work with infected systems and once clean, restore points need to be removed to stop re-infection
Who told you that my system was infected? My system occassionally crashed because of Avast , but it doesn't imply it was infected.
To me it all looks like you tried to cure the problem that didnt exist. And I am not sure you resolved the problem, it looks like you may have made it only worse
So what are your suggestions of the next steps I should take to remove FRST? Please be mindful that I dont want my system to be ruined completely :)
-
I'll recommend you to use avast cleaner to completely remove avast files, restart your computer and then reinstall avast again. Remember to use CCleaner to remove history, logs, cookies etc
I dont understand how this is related with FRST issue. Are you actually assuming that removing Avast will help to remove FRST folder?
By the way I am not a premier subscriber of Avast - does this mean I can still use Avast Cleaner freely?
Are there any instructions on how to use Avast Cleaner to get rid of FRST left-overs? Where do I get Avast Cleaner, please share the link?
And why would I take an advise from anyone who's got only 3 posts here with questionable reputation?
-
IS there any short-cut just to get rid of FRST folder that you created?? without removing Avast, without reformating my disks, without removing all applications on my system and without throwing my notebook against the wall? I am MF completely annoyed by idiotic advises. Looks like someone doesnt even read carefully what I write here
-
I have used the program called Unlocker to remove the FRST folder. Thank you very much, guys, for your valuable advises. Now lets see if my system is gonna crash again after so many sensible movements resulting in 3 pages of extremely valuable correspondence.
-
Unfortunately I am not online 24/7 and I have a life..
I will let the author of delfix know that it failed to remove the FRST folder
Nothing I have done would necessitate a re-install of windows, that is a bit of an overkill
To do a clean install of Avast
Download Avast Uninstall Utility (http://www.avast.com/en-gb/uninstall-utility) to your Desktop.
Download the correct version of Avast
Avast Free (http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe)
Avast Pro (http://files.avast.com/iavs9x/avast_pro_antivirus_setup.exe)
Avast Internet Security (http://files.avast.com/iavs9x/avast_internet_security_setup.exe)
Avast Premier (http://files.avast.com/iavs9x/avast_premier_antivirus_setup.exe)
Disconnect from the net
Uninstall Avast via control panel
- Run the uninstall tool and accept the reboot to safe mode
- Once complete reboot your system
- Reinstall Avast
----------
-
Nothing I have done would necessitate a re-install of windows, that is a bit of an overkill
To do a clean install of Avast
Download Avast Uninstall Utility (http://www.avast.com/en-gb/uninstall-utility) to your Desktop.
Download the correct version of Avast
Avast Free (http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe)
Avast Pro (http://files.avast.com/iavs9x/avast_pro_antivirus_setup.exe)
Avast Internet Security (http://files.avast.com/iavs9x/avast_internet_security_setup.exe)
Avast Premier (http://files.avast.com/iavs9x/avast_premier_antivirus_setup.exe)
Disconnect from the net
Uninstall Avast via control panel
- Run the uninstall tool and accept the reboot to safe mode
- Once complete reboot your system
- Reinstall Avast
----------
Why do you suggest that I re-install Avast?