Author Topic: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x  (Read 16270 times)

0 Members and 1 Guest are viewing this topic.

Offline valuelurker

  • Newbie
  • *
  • Posts: 5
Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« on: January 08, 2006, 03:40:33 AM »
Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x

Long story short, I am testing out (demo) Avast Pro 4.0 for my shop, looking to switch from Mcafee.  All laptops networked to a server.  We use XP Pro and synch to our server files to always have a virtual copy of the network on the go.  Info here http://support.microsoft.com/default.aspx?scid=KB;en-us;307853&

Mcafee had the same kind of problems, but they figured it out.  I am disappointed, and I a user and avast home 4.0 and like it.

Here is the situation, after the desktop loads up, everything just freezes.  How do I know it is Avast?  Safe mode boot, uninstall Avast Pro 4.0 and I am back in business.  Only with no virus protection.

If anyone has a solution, ideas, etc, let me know.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #1 on: January 08, 2006, 01:02:29 PM »
Here is the situation, after the desktop loads up, everything just freezes.  How do I know it is Avast?  Safe mode boot, uninstall Avast Pro 4.0 and I am back in business.  Only with no virus protection.
Is this a clean installation or you have installed McAffee before in the same system?
Are you sure you're able to use avast! Professional the way you described or, on contrary, you should have the ADNM version of avast?
The best things in life are free.

Offline valuelurker

  • Newbie
  • *
  • Posts: 5
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #2 on: January 08, 2006, 02:51:38 PM »
Mcafee uninstalled before Avast Pro 4.0 installation.

Are you sure you're able to use avast! Professional the way you described or, on contrary, you should have the ADNM version of avast?

Unsure as to the technical nature of the question.  I am trying to replace one virus scanner with another.  I am aware of a issue that virus scanners don't like, offline files, at it seems to be an issue here in that the system hangs before the offline files can load up.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #3 on: January 08, 2006, 11:02:10 PM »
This very much sounds like a conflict with some other application running on the machine. Most usually this is another AV (maybe forgotten but still running on the background, or just incompletely uninstalled) but from time to time can also be some other software (especially low level software).

Could you please post e.g. output from HijackThis http://216.180.233.162/~merijn/files/HijackThis.exe


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Dready

  • Newbie
  • *
  • Posts: 19
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #4 on: January 09, 2006, 01:39:21 PM »
Hi!

I have a similar Problem but am unable to find the cause. I have Win XP64 and installed Avast in November. Everything worked fine until the week before christmas.

I figured out to change the services of avast to manual (from automatic). Now i am able to boot without freeze, but in the moment i activate them everything is frozen.

I make the hijack dump tonight, but the system should be as clean as possible since i have not much running and i could not recall installing anything in that time.. except maybe the starforce driver becouse of a new game...

bests, dready

Offline valuelurker

  • Newbie
  • *
  • Posts: 5
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #5 on: January 09, 2006, 06:08:15 PM »
Logfile of HijackThis v1.99.1
Scan saved at 11:07:38 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Documents and Settings\Scott Koser\Local Settings\Temporary Internet Files\Content.IE5\ON9ZAMJX\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csimac.blogspot.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeX
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\SCOTTK~1\LOCALS~1\Temp\2005122914538_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www2.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Offline Dready

  • Newbie
  • *
  • Posts: 19
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #6 on: January 09, 2006, 06:08:42 PM »
Hi, here is my hijackthis log.

Bests, Dready

Logfile of HijackThis v1.99.1
Scan saved at 17:57:21, on 09.01.2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files (x86)\GetRight\getright.exe
C:\Program Files (x86)\Razer\razerhid.exe
C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files (x86)\Razer\razerofa.exe
D:\Download\Applications\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [Microsoft LSASS Network File] C:\WINDOWS\SysWow64\KLSASS.exe
O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\razerhid.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files (x86)\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~3\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129936856713
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129963893765
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Offline valuelurker

  • Newbie
  • *
  • Posts: 5
Re: Hijack this Log File
« Reply #7 on: January 09, 2006, 06:09:20 PM »
With Avast Pro 4.0 uninstalled, had to be able to use laptop.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11709
    • AVAST Software
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #8 on: January 09, 2006, 07:39:38 PM »
Btw, you still emphasize that it's avast 4.0 (which would be very old) - isn't it rather avast! 4.6?

Offline valuelurker

  • Newbie
  • *
  • Posts: 5
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #9 on: January 09, 2006, 08:39:14 PM »
Btw, you still emphasize that it's avast 4.0 (which would be very old) - isn't it rather avast! 4.6?

Yes, that is my bad, thanks for catching that.  It's a fresh download of the pro version over the last weekend.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #10 on: January 09, 2006, 10:20:45 PM »
Hmm, I didn't find anything suspicious in either of the logs... ???

Probably the only really reliable way to find out what's going on is to generate a dump of the system at the moment the problem happens (i.e. the machine is frozen).

But it's not exactly trivial.

Instructions are here: http://forum.avast.com/index.php?topic=2850.msg20171#msg20171


I'm sorry for the troubles. ;)
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Dready

  • Newbie
  • *
  • Posts: 19
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #11 on: January 10, 2006, 09:00:40 AM »
sounds good, i will try that tonight.

bests, dready

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #12 on: January 10, 2006, 09:14:38 AM »
Thanks. When you have the dump, please ZIP it (give the ZIP file a unique name - e.g. your name) and upload it to ftp://cat.asw.cz/incoming.

Please note that you won't have READ access to the ftp site, just write, so you won't see the contents of the directory as well as the file you have just uploaded.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Dready

  • Newbie
  • *
  • Posts: 19
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #13 on: January 10, 2006, 11:30:52 PM »
Hi!

Sorry, but it did not work. Maybe it is becouse of Windows XP 64? Or something is stopping so the system is not able to read the Keyboard Input...

bests,

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11709
    • AVAST Software
Re: Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x
« Reply #14 on: January 11, 2006, 12:01:19 AM »
It works even on WinXP x64.
One thing that Vlk didn't emphasize, however, is that initiating the memory dump doesn't work with USB keyboard - it has to be PS/2 (or DIN ;D). Could it be the case?