Avast conflict causing Windows Explorer crashes?

Hi. I installed Avast 4 Home a few days ago, and I LOVE WebShield! But that same day, Windows Explorer started crashing on my system. (“Windows Explorer has encountered a problem and must shut down…”) I’ve uninstalled Avast, and reinstalled AVG, but the problem persisted. Then, through reading this forum and doing some checking, I discovered that not only in the Avast screensaver still selectable (although I can’t find the file, itself), but aswBoot.exe and aswRdr.sys were still on my computer, too. I’ve deleted aswBoot.exe, as another thread on this forum has indicated it was safe to do so, but have left aswRdr.sys in place until I get confirmation that it, too, is safe to delete. Windows Explorer still crashes.

A little background: I’ve been using Windows XP for all of two months. The computer I bought came with Norton Internet Security installed. When it gave me problems, I switched to AVG, then the recent WMF exploit prompted me to switch to Avast. I uninstalled each AV program, and restarted, before installing another, but I did so through Add/Remove Programs and looking for leftover folders in Programs and in Application Data, not through editing the registry (which sounds fairly intimidating) or through any special removal tools (which I’ve only become aware of since my Windows Explorer problem began). Is there any possibility that leftover bits of Norton or AVG could have conflicted with Avast and produced these crashes? My system ran very smoothly before Avast was installed, and I’m at a loss for any other way that the problem could have started.

I really don’t want to have to resort to system restore. I’ve emailed Avast support, but haven’t heard back yet. Any advice you could provide would be appreciated.

So, it does not seem to be avast related…

How do you uninstall avast? Through Control Panel > Add/Remove programs?

In fact, I see no reason to change from AVG to avast just because WMF exploit…
Well, you seem to change of antivirus very often and files / registry keys could have been left behind.
Did you have Norton Antivirus or only the firewall (NIS)?
AVG should bring no problem on uninstalling (anyway, some registry will be left behind). NAV is problematic: http://www.claymania.com/av-uninstall.html.
See: http://forum.avast.com/index.php?topic=12169.0
Manual Removal NAV 2004
Manual Removal NAV 2003 or earlier
Manual Removal NAV 2005

Norton gets into absolutly everywhere and may have left some remnants when you uninstalled it.

A link worth looking at which is a program removal tool, which can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

Thanks! I’ve run SymNRT with no problems, opened My Computer and navigated through my Programs folder a bit without crashing. I’m hoping it fixed the problem.

Tech: I uninstalled Avast through Control Panel>Add Remove Programs, then deleted the folder that was left behind in the Programs folder. After I realized that it didn’t solve the problem, I tried to run Avast’s uninstall tool, but it asked me to locate the Avast folder, and since I’d already deleted it, I couldn’t do that. (In my defense, I’ve run Mac OS 9 for the past five years. Deleting applications under that system was a lot less complicated than it seems to be on Windows XP.)

I’m not certain, at this point, if I had Norton AV or just the firewall. I do know that NIS was there. I replaced it at the suggestion of the tech guy from my ISP, because I was having trouble connecting to the internet. I removed whatever I could find in Programs and in Application Data that said Norton or Symantec, first through Add/Remove Programs, then by looking through the folders.

As an aside, I switched to Avast from AVG after reading about how Avast missed only one variant of the WMF exploit, while AVG missed 59. It seemed like a really good idea, at the time, and I’d like to try it again, if I can get this problem cleared up.

Last question: Is it safe to manually delete aswRdr.sys from c\windows\system32\drivers?

If you have removed avast, then manually deleting aswRdr.sys wouldn’t hurt. However, removing a file from a windows system folder would likely result in a copy of it being saved by system restore.

Leaving it there and reinstalling avast (now you have run the NAV removal tool) should also be OK.

Create an empty folder and redirect it to there.
The folder and the registry keys will be deleted.

Check these registry keys and post the contents here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers\VDD

Can you first search your registry and see if you have any key related or redirected to aswRdr.sys ?

Searching the registry for aswRdr.sys returned nothing.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VitraulDeviceDrivers\VDD and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\VurtualDeviceDrivers\VDD both say the same thing: REG_MULTI_SZ. (Assuming that I did this correctly, and that that is what you’re looking for.)

I created an empty folder and pointed aswclear to it, then restarted after it finished. I still have aswRdr.sys in c:\windows\system32\drivers, however. I plan to manually delete that, restart again, and see if that finally fixes it. (Windows Explorer crashed again after my last post.)

Even if this doesn’t correct the problem, I appreciate the help.

No, I was asking about the content, drivers, of the VDD value. Look at the picture.
Do you have Symantec\S32EVNT1.DLL listed there?

Do not delete, better move the file to your desktop just to be sure.

Are you using a third-party app? I’ve right-clicked, double-clicked, and hunted through the menu with VDD selected, and I can’t get a window like that to come up in RegEdit. I’ve also spent hours Googling to try to find out how to do it, but I haven’t found much there, either. Here’s what I can tell you: In the window with VirtualDeviceDrivers highlighted on the left, the right pane looks like this:

[tr][td]Name[/td][td]Value[/td][td]Data[/td][/tr]
[tr]td[/td][td]REG_SZ[/td][td](value not set)[/td][/tr]
[tr][td]VDD[/td][td]REG_MULTI_SZ[/td][td][/td][/tr]

This applies in both CurrentControlSet and ControlSet001. I browsed through the Software subkey while I had RegEdit open, and noticed that the Data columns in some of those subkeys looked more like the information you asked for (C:\ addresses). The data fields for the VDDs are blank. In any case, I’m hoping this answers the question.

Thanks for the heads-up on not deleting aswRdr.

just curious … installed latest DivX / Xvid at same time ? :slight_smile:

Neither, unless both codecs come with Irfanview, which I’m currently suspicious of (along with Microsoft AntiSpyware, the Royale theme, and one wallpaper that doesn’t show in the wallpaper-changing preview thingie) due to both the timing of this whole mess and my increasingly-painful lack of tech-savvy.

Please, go there and delete the value if it is blank.
Maybe it’s not blank… Two groups of zeros… I’m not sure, just a guess…

Check all related Windows Registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\VirtualDeviceDrivers\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\VirtualDeviceDrivers\VDD

[b]How to NOT solve the problem: http://forum.avast.com/index.php?topic=259.msg3478#msg3478[/b]

[b]How to SOLVE it: http://forum.avast.com/index.php?topic=738.msg3628#msg3628[/b]

I was introducing my 1st post here in avast! forums with a similar problem:
http://forum.avast.com/index.php?topic=707.msg3417#msg3417

Last thing, I use Registrar Lite (http://www.resplendence.com/reglite) :slight_smile:

Here’s what exported from RegEdit:

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
Class Name:
Last Write Time: 1/5/2006 - 4:20 PM
Value 0
Name: VDD
Type: REG_MULTI_SZ
Data:

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers
Class Name:
Last Write Time: 1/5/2006 - 4:20 PM
Value 0
Name: VDD
Type: REG_MULTI_SZ
Data:

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\VirtualDeviceDrivers
Class Name:
Last Write Time: 1/5/2006 - 4:20 PM
Value 0
Name: VDD
Type: REG_MULTI_SZ
Data:

Apparently, I have no ControlSet002 or 004. 1/5/2006 was the day that I switched back from Avast to AVG. So… Delete them? Or try another method to make sure they don’t have the string, 0, 0, string, 0, string, 0, 0 problem?

Most probably the three keys are empty as the first one should be from Symantec avoiding the last ones to be added.
In your case you have nothing… really don’t seem to be the problem.

Are you sure you’re using the last avast version to install? 4.6.744

Three posts that could help:

Yes. I downloaded (from the Avast website) on January 4th, and the last revision was December 20th.

I haven’t had a crash since 11:59 yesterday morning, and it’s 8:30am, now. Maybe cleaning up from both NIS and Avast installations fixed it? I want to wait a couple of days to be sure (since the problem has been intermittent), then try to re-install Avast. Thanks to you guys, if the problem re-occurs after re-installation, I know how to properly uninstall.

Tech: Thanks for prodding me to peek at the registry. I’m prone to installing and uninstalling a lot of programs, so I’m sure the registry is something I need to look at from time to time.

If you get another crash, please post some more details about the problem (from the error window - at least the faulting module and address).

In my error logs, the first problem was Avast-related:

“Faulting application ashsimp2.exe, version 4.6.739.0, faulting module unknown,
version 0.0.0.0, fault address 0x64b861df.”

The next one was at Fault bucket 253480604.

Most of the crashes that happened after that were in explorer.exe:

“Faulting application explorer.exe, version 6.0.2900.2180, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x000111de.” (The .dll on these varies, but ntdll.dll is the most frequent one.)

When trying to debug the Windows Explorer crashes, I would also get these:

“Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.”

And there was also one at Fault bucket 00733296.

Eventually, errors like this started coming up:

“Acrobat IE Helper: Expolrer.EXE - Application Error: The instruction at “0x5ad94d42” referenced memory at “0x3443464d.” The memory could not be read.”

I gave up on small fixes yesterday. I tried system restore, and rolled it back to the day before the problems started. Explorer still crashed, so last night, I called HP tech support. They had me run scannow, which also didn’t correct it, then chkdsk. They said that if chkdsk didn’t fix it, the next step is re-installing the system. At this point, I’m just waiting to see if the problem persists.

Did you install any other antivirus or security program in your computer?
PrevX, ProcessGuard, WinPatrol, etc.?

Is this a typo or it’s really expolrer.exe and not explorer.exe.
Expolrer.exe: http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=expolrer.exe

Re: Security programs: The system came with NIS. I switched to AVG the next day. I’ve used Spybot Search & Destroy for a few weeks (on-demand only; no TeaTimer), and added the Microsoft AntiSpyware Beta a few days before switching from AVG to Avast. I’m using the firewall that came with XP. I haven’t worked up to installing anything that seems too complicated.

Re: Expolrer.exe: Yeah, that’s a typo. (Those, I’m good at.) It should say explorer.exe.

Please, go to folder \windows\minidump and send the newest (recent) .mdmp files for analysis.
Better if you can compress (zip) them and add some information about the BSOD and the link for this thread. :wink:

Send an email to any of these addresses:
vlk (at) avast.com
rypacek (at) asw.cz

Please, show a link to this thread.