Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: GrahamE on November 15, 2007, 09:54:37 PM
-
Hi everyone,
I don't know if anyone will be able to help me with this...
Just recently, when scanning with Avast (standard or thorough), the scan hangs/freezes. It's done it when it reached C\RECYCLER and on Zone Alarm files. If I try to stop the scanner, I get the 'egg-timer' and I have to close the interface using the Task Manager. Only Avast is affected, the rest of the PC functions normally.
The only thing I've altered on the PC recently is to add a 2nd Harddrive, formatted as a Basic NTFS drive, to be used for storage (no OS). I've added no data to the drive yet. Thinking this might be the problem, I disabled the new drive in the bios, and indeed, Avast then functions as normal. Having enabled the new drive again, I find that Avast won't scan it using the context menu either. It gets to '3 files scanned' and hangs. The only thing in there are a couple of 'hidden files', namely RECYCLER (85 bytes) and System Volume Information ('folder is empty'). In properties, the drive apparently has 65.6MB in it, which made no sense to me (85 bytes + 'empty' = 65.6MB???)
Has anyone got any idea where I've gone wrong with this drive, and why it's causing problems for Avast?
Many thanks for any help. :)
Graham.
(XP Pro, Avast 4.7.1043, 071114-0)
-
Strange...
Do you have archive scanning enabled? (if you scan from the Simple User Interface)
When the program is frozen, please try to create a dump. The description is here:
http://forum.avast.com/index.php?topic=27240.msg222376#msg222376
The only difference will be that you want to dump a different process; if you are scanning from the context menu, it would be:
userdump.exe ashQuick.exe c:\ashquick.dmp
For Simple UI it would be:
userdump.exe ashSimpl.exe c:\ashsimple.dmp
Thanks.
-
Strange...
Do you have archive scanning enabled? (if you scan from the Simple User Interface)
I've tried standard and thorough scans, with and without achive scanning, and the result is the same.
When the program is frozen, please try to create a dump. The description is here:
http://forum.avast.com/index.php?topic=27240.msg222376#msg222376
The only difference will be that you want to dump a different process; if you are scanning from the context menu, it would be:
userdump.exe ashQuick.exe c:\ashquick.dmp
For Simple UI it would be:
userdump.exe ashSimpl.exe c:\ashsimple.dmp
I'm sorry, I don't fully understand how to do this. Is this right:
1. download and save 'userdump.exe'
2. scan with avast until it freezes
3. once frozen, run the downloaded file.
When you say use the following parameters... (which will be replaced by 'userdump.exe ashSimpl.exe c:\ashsimple.dmp' if I'm scanning using the main program and not context)... where do I enter these details?
-
Suppose you save the userdump.exe file into C:\
Then, when Simple UI is frozen, select "Run..." from Windows start menu (or press Win+R) and enter the following into the box:
C:\userdump.exe ashSimpl.exe c:\ashsimple.dmp
Then, we'd be interested in the c:\ashsimple.dmp file, of course.
-
Hi Igor,
I've created the dmp file and zipped it, but unfortunately, I now find that I don't know how to upload it to ftp://ftp.avast.com/incoming, sorry! :-[
-
To Upload them to ftp://ftp.avast.com/incoming - First Connect to the link (just click it in your browser, use IE or clone, might be best I can't get firefox to work) and drag the zip file from windows explorer into the Right pane and drop it, that starts the upload, you don't have read access to this folder.
I don't know what you have called the zip file but it might help to call it say GrahamMemDmp.zip so that it can be identified as coming from you, just in case there happens to be any other ashsimpl.zip uploaded (probably not but a good habit to get into)
-
GrahamE are you having this problem only with avast! or other software is affected as well?
Please correct me if I'm wrong but usually this type of lockups are related with IRQs & DMAs conflicts.
-
To Upload them to ftp://ftp.avast.com/incoming - First Connect to the link (just click it in your browser, use IE or clone, might be best I can't get firefox to work) and drag the zip file from windows explorer into the Right pane and drop it, that starts the upload, you don't have read access to this folder.
I don't know what you have called the zip file but it might help to call it say GrahamMemDmp.zip so that it can be identified as coming from you, just in case there happens to be any other ashsimpl.zip uploaded (probably not but a good habit to get into)
Hi David,
My confusion arose because when I clicked on the link, a plain white page with "to view this FTP page in Windows Explorer, click 'page' and then 'open FTP site in Windows Explorer'". Having done that I was faced with an empty page with no instructions. Your picture was all the explanation I needed, and I've uploaded it now ("GrahamE avastdmp.zip").
Thanks as always, for your help. :)
-
GrahamE are you having this problem only with avast! or other software is affected as well?
Please correct me if I'm wrong but usually this type of lockups are related with IRQs & DMAs conflicts.
As far as I know so far, nothing else is affected. I tried to search for and understand IRQ's and DMA's and can't answer you I'm afraid. I did notice in 'Disk Management' that both my existing HDD and the new one are both 'primary drives'. Is that right?
-
Hi David,
<snip>
Your picture was all the explanation I needed, and I've uploaded it now ("GrahamE avastdmp.zip").
Thanks as always, for your help. :)
Your welcome, hopefully Igor will be able to get on the case now.
-
There is nothing really suspicious in this dump - avast! seems to be scanning, or in particular opening a file (so the program is actually stuck somewhere in kernel code responsible for file opening - which is an information that is not present in this kind of dump).
To find why it's stuck in kernel, we would need the kernel dump ("bluescreen"). However, the filename being opened got some hits on google... could you please try to run a rootkit scanner (e.g. GMER (http://www.gmer.net/index.php)) on your machine?
-
There is nothing really suspicious in this dump - avast! seems to be scanning, or in particular opening a file (so the program is actually stuck somewhere in kernel code responsible for file opening - which is an information that is not present in this kind of dump).
To find why it's stuck in kernel, we would need the kernel dump ("bluescreen"). However, the filename being opened got some hits on google... could you please try to run a rootkit scanner (e.g. GMER (http://www.gmer.net/index.php)) on your machine?
Igor, I'd already run AVG and Panda anti-rootkit scanners prior to posting on here, and both came up with nothing. I've done a scan now with gmer, and it has a long list in it that means nothing to me at all. What do I do, save the log and post it here? Thanks :)
-
Yes ;)
-
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-16 16:05:06
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT sbhr.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.13 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 70, 42, 91, AA, 20, A5, 91, ... ]
? srescan.sys The system cannot find the file specified.
? C:\WINDOWS\system32\drivers\sbapifs.sys The system cannot find the file specified.
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA919070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA919070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA919070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA919070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA919070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AA9263D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA919070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [AA9115C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AA911510] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AA9116C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AA911220] \SystemRoot\System32\vsdatant.sys
-
#2
---- Devices - GMER 1.0.13 ----
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F74721DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F74721DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7472454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F74721DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A917DF76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A917C812] aswMon2.SYS
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AA925CC0] vsdatant.sys
-
#3
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F75172C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F75178E6] aswTdi.SYS
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AA925CC0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F75172C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F75178E6] aswTdi.SYS
-
#4
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AA925CC0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F75172C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F75178E6] aswTdi.SYS
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AA925CC0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F75172C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F75178E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F75178E6] aswTdi.SYS
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [AA925CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [AA925CC0] vsdatant.sys
-
#5
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F74721DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F74721DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7472454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F74721DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7465F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [A917DF76] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [A917C812] aswMon2.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [A917C812] aswMon2.SYS
---- Registry - GMER 1.0.13 ----
Reg \Registry\USER\S-1-5-21-790525478-2025429265-839522115-1003\Software\Zepter Software\RegLib
Reg \Registry\USER\S-1-5-21-790525478-2025429265-839522115-1003\Software\Zepter Software\RegLib
---- EOF - GMER 1.0.13 ----
-
That's it. Sorry if there was an easier way to do that !
-
I see that you have ZoneAlarm, SpywareTerminator as well as CounterSpy installed on the machine. Maybe they're just conflicting with each other.
Well, to be 100% sure, I'd actually need to have a lookg at the full dump (not just the process dump you already sent).
For instructions on how to create it and deliver it to us, please see: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71
Cheers
Vlk
-
I see that you have ZoneAlarm, SpywareTerminator as well as CounterSpy installed on the machine. Maybe they're just conflicting with each other.
Well, to be 100% sure, I'd actually need to have a lookg at the full dump (not just the process dump you already sent).
For instructions on how to create it and deliver it to us, please see: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71
Cheers
Vlk
Hi Vlk,
Obviously I can't be certain, but since this problem only arose since approximately the time I fitted the new HDD, and I've been running those three together for a long time now with no problem, I'd be very surprised if it is a conflict. But then, what the hell do I know.....
I'm following the instructions you posted, and will get back with the memory dump asap.
Many thanks :)
-
Ok, I'm doing something wrong, and I'm not sure what.
I did the regedit thing (see pic), then the 'generate complete memory dump' thing (it actually said 'kernel memory dump' which is what I assumed you wanted - see pic). I then rebooted.
I ran Avast until it froze. I then held down the right-hand Ctrl key and pressed scroll lock twice. Nothing happened.
Can you see what I've done wrong? Sorry.
-
Actually, "Full memory dump" is what Vlk had on mind - even though maybe "Kernel memory dump" would be enough, don't know.
What kind of keyboard do you have - PS/2 or USB?
-
The choice was either 'none', 'small memory dump (64KB)' or 'kernel memory dump'
I'm using a USB keyboard (no PS/2 sockets on PC)
-
Mine gives 'Complete memory dump' after the Kernel option in the drop down list.
-
Definitely not on mine.
I ran Avast again until it froze and tried the ctrl/scroll lock thing again. When scroll lock is pressed for the first time Avast pops up with "running test, do you really want to close this window". The second scroll lock click removes this pop-up. As I said before, simply clicking on 'stop' to halt the scan doesn't work, I just get an 'egg-timer'.
-
I guess it's caused by the size of the swap file. The full dump is huge (as big as you RAM size), and it's written in place of the swap file - so the swap must be at least that big for this option to be available.
Anyway, I'm afraid the manual bluescreen shortcut works only with PS/2 keyboard. The Microsoft Knowledgebase article has some instructions for USB keyboard as well (a different registry key):
http://support.microsoft.com/kb/244139
- but it requires installation of an updated USB keyboard driver - and it speaks only about Windows 2003, so I'm really not sure if this would work on XP (and I don't know if it's a good idea to try...) :-\
-
To make sure that the feature is enabled on a computer that uses a USB keyboard, follow these steps: 1. Start Registry Editor.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
3. Make sure that the following registry entry is enabled:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
4. Exit Registry Editor.
So just doing this by itself would be no good or could cause problems?
I'm not questioning you at all (although I'm about to ask a question, so I suppose I am really! ;D ) but if this started when the 2nd harddrive was put in, and I can temporarily stop the problem by disabling it, isn't the problem for Avast being caused by something I've done with the HDD? Please accept my apologies in advance if you're all now holding your heads in disbelief at the stupidity of this question! ;D
-
So now I'm not quite sure if you have already followed the steps you yourself quoted in your previous post. And if you have, if you're now able to invoke the blue screen by using the Ctrl + 2x ScrollLock key trick (make sure to reboot the system after making the registry change).
I'm not questioning you at all (although I'm about to ask a question, so I suppose I am really! ) but if this started when the 2nd harddrive was put in, and I can temporarily stop the problem by disabling it, isn't the problem for Avast being caused by something I've done with the HDD? Please accept my apologies in advance if you're all now holding your heads in disbelief at the stupidity of this question!
With all respect, I'm reluctant to make any conclusions until I actually see the dump.
Cheers
Vlk
-
No, I haven't done it yet, I was asking if it was worth the risk or if you felt it was a waste of time even trying. I'm afraid I'll be away from the PC for a couple of hours now, but I will do it as soon as I get back.
I'll upload the dump if it works and let you know on here that I've succeeded. If you don't hear from me for a long time, you'll know I'm doing a reformat/fresh install! :'(
-
I made the registry change, and I'm afraid it didn't work.
-
;D ;D
I've got it to work (Avast scanning, that is)!! :o
I deleted the new HDD partition and reformatted it as a Dynamic Disk Simple Volume (rather than a Basic Volume).
I've now run a standard scan (no archive), just in order to do it quickly, and it went all the way through, with no freezing!!
I'll try a thorough scan with achive tomorrow, but it's looking good. I'm also able to context menu-scan the new HDD with no problem.
I just hope I don't come back tomorrow with my tail between my legs.......
-
Sorry if I've been a long time, but it's taken a while to dry the tears and to make an attempt to remove the article that's wedged itself between my legs....
As I said earlier, I deleted the new harddrive volume and reformatted it, this time as a Dynamic Simple Volume. I then rebooted and used the context menu to scan the new drive. It scanned it in about 2 seconds, as one would expect with nothing in it.
I ran a standard scan which completed with no problems. I then ran 2 thorough scans, one with archive scanning enabled, and both completed fine.
I then shut down the PC.
This morning all the old problems are back (both context menu and standard scan freeze).
Any thoughts?
-
Thinking about it, there might be a simple workaround: go to avast! settings and enter the following path into the list of exclusions:
C:\System Volume Information\tracking.log
It won't tell us where the problem is, so it's hard to say whether the same problem appears with another file... but it might solve this particular problem (I hope?)
-
Thanks for your continued help, Igor.
I entered the path into the exclusion list and it stuck somewhere else this time (image 1). I shut down, restarted and ran 2 more scans, with it freezing both times I'm afraid (images 2 & 3).
-
Having got a bit fed up, I've now completely wiped the 2nd drive using Killdisk. It doesn't show up in My Computer, and shows up in Disk Management as 'not allocated' and 'not initialized'. When I open Disk management, the 'Initialize and Convert Wizard' opens.
With it in this state, Avast works perfectly.
Since my last post, I have also found that AdAware SE also freezes during scanning - it shows up in Task Manager as 'not responding' and then starts again, freezes again, and finally gets through the scan. I ran Kaspersky online scan, and this also froze! All other scanners work, I've run them all, and I've tried pretty-well every other program on the PC and nothing else seems affected.
Since wiping the drive has solved all the problems, I can only think that I'm doing something wrong when installing the HDD.
Any help anyone can give would be very much appreciated. I know this isn't a general knowledge Forum, but I would very much like the 2nd drive, and certainly don't want to be without Avast!
Thanks,
Graham.
-
Hello again and sorry for the delay.
IRQ and DMAs are commonly referred as "interruptions" and they're the 'bridge' used by the operating system and software to directly 'speak' to hardware components installed in your PC.
For example, you may have a super fast DVD unit or Hard Drive, but if DMA is not activated -by these days that's activated by default- you'll never get the maximum performance from those devices because instead 'talking' directly to them, OS must use a walkaround thus making the whole process really slow. DMA stands for Direct Memory Address.
I tell you a little story to graphic this:
Some days ago I finally setted up my sister computer and until I finally managed to activate DMA support for the DVD recorder, uploading data to its HD was a painfull process. Every DVD took about 30 minutes or more (damn!!) to dump it's data -pictures, music, videos- to the hard disk. When I finally managed to activate DMA support it took no more than 10 -often less- minutes to copy all the files. As you see, having a well tweaked PC really makes the difference.
For more info just check http://en.wikipedia.org/wiki/Direct_memory_access (http://en.wikipedia.org/wiki/Direct_memory_access) and http://en.wikipedia.org/wiki/IRQ (http://en.wikipedia.org/wiki/IRQ)
Best!
-
Hi martosurf,
Thanks for replying.
I did try to read up on DMA's and IRQ's after your last posting, but it was a bit beyond me I'm afraid. In the link you posted about IRQ's it says that this is no longer a common problem, so I guess out of the two, a DMA issue is more likely. How do you activate DMA support?
-
By way of an update to this thread, Igor and Vlk have been helping me with this problem through 'My Messages'.
They enabled me to crash the PC and create a full dump, which once analysed, pointed to a conflict being caused by
C:\WINDOWS\System32\Drivers\Klif
which is a Kaspersky driver.
I've never installed Kaspersky (just run the online scan which apparently uses ActiveX, not drivers). Further investigation by Igor and Vlk revealed that this entry, and others relating to Klif come from ZoneAlarm, which it would seem, use the Kaspersky drivers.
I've started a new thread http://forum.avast.com/index.php?topic=31607.0 asking if anyone using ZA could possibly check their system to see if they have similar entries.
Why these drivers caused Avast (as well as AdAware and Counterspy in the end) to freeze during scans if I had the 2nd HDD installed, but caused no problem if I disabled it first, I do not know!
I would however like to take this opportunity to thank everyone on here who has helped with this, but in particular Igor and Vlk, who have put in an incredible amount of work in order to rectify this problem. I'm still a bit lost for words every time I think about it. I've been helped a lot on these Forums before, but this time it's just been amazing. I really can't believe the level of commitment.....I'm serious, what do I say?
Thank you. :)
-
I've never installed Kaspersky (just run the online scan which apparently uses ActiveX, not drivers).
The on-line scanning uses files here:
C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner
-
Hi (again!) Tech,
Yeah, originally it was thought that the 'Klif' had been installed by Kaspersky itself, that is, left behind from a previous install of the full AV, but I'd never done that. I'd uninstalled the online scanner, and removed the file you mention. It took a while before ZoneAlarm was found to be a possible suspect!
-
It took a while before ZoneAlarm was found to be a possible suspect!
Well, by the path of the files I will say that ZA IS guilty here, not only suspect ;)
-
;D Yes, it's obvious now they've all been found! The analysis of the memory dump revealed that the problem was with C:\WINDOWS\..Klif, and so ZA wasn't immediately apparent. Because it was a Kaspersky driver, there was a more obvious suspect! Having deleted this entry, and run a search for "Klif", the others came to light, and ZA was in the frame!