Boot Time Scan Problem

I’m trying to do a boot time scan on my Vista Home Premium PC. I have 1 HD, 2 partitions, both NTFS.

The message down below is what appears at the end of my aswBoot.log file.

I tried twice. According to my aswBoot.txt file, the first time 14443 folders were scanned and I had on archive scanning. The second time 14447 folders were scanned and archive scanning was not on. So, it appears as if it failed at around the same place both times.

I tried a windows on demand scan and that completed without any critical errors (there was some password zip and .7z files that I guess it couldn’t scan).

Any thoughts?

Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x770555E7Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0

Wow… a new problem… never read this before and I’m here quite a long time…
Hope the programmers could help.

I sure hope so.

I am running Avast 4.8, by the way.

Could you attach the file \Data\Log\aswBoot.log here?
If you go into avast! settings / Troubleshooting page and check the option “Disable raw disk access in avast! boot-time scan” (and run a boot-time scan again) - does it change anything?

Do I understand it correctly that the scan went fine up to some point where it crashed with the following message? Or the scan seemed to reach the end “successfully”, accumulating those errors on the way?

Here’s the full log.

I’ll schedule another scan this afternoon with the raw disk access disabled.

I’m not sure when the messages accumulated. I don’t think I’d have any way to know. I watched it for a while and I saw it get up to 20% or so with no errors at all. When I came back, it had booted into the OS. The time stamp on the log file was the same time stamp as on the report .txt file, so I think it would have written the final log entry at the same time it wrote the final amount of directories scanned. The time stamp seems like it would have been around the time it booted the OS.

I’ll let you know the results of the new boot scan, let me know if there’s anything else you can think of.

I am having a similar problem. About 60% through the boot scan, my system is going to sleep and can’t wake up. The only way is to turn off my system and then restart it. When it restarts, it can not do a proper boot and I have to restore the computer. Avast is then gone.

I have tried this 2 times now and the same happens, but a different points. How can I do a boot scan if this happens?

ata, doesn’t really sound like the same problem, can you please start your own thread?

With disable raw disk access checked, the bootscan appears to have completed successfully.

So what’s what mean then?

Is it safe to use it that way?

Anything else I can help so that you can fix the problem or is it something with my system?

Well, it gave as some info, but not enough to say where the problem really is, I’m afraid (let alone fix it).
Would you be willing to run some test programs / scans if I prepare some special executables? It is possible that the scanner crashes on a particular file or folder (though if you say the crash occurred even with archive scanning disabled, it limits the possibilities) - but we’d first need to find out where exactly it crashes (on what file), and then - if possible - why.

And yes, you can run the boot-time scanner without raw disk access… it will not be effective against some rootkits, but it should be OK otherwise (and rootkits should be dealt with by the embedded rootkit scanner in the rest of avast! scanners).

I guess I could. How would you like to get the files to me?

I’ll have to prepare them first (something with extensive logging of performed operations)… give me a day or two, please :wink:
I’d let you know by PM where to download and how to install/run it, OK?

Ok. I would prefer if whatever goes back to you is pretty clear, so I know what I’m sending (i.e. I need to be able to read the filenames, etc. that I’m sending to you).

Are you still working up something for me to test with?

Let me know.

Igor,

I’m not sure how to or if I can reply to your PM.

Anyhow, I ran the scan you sent and it completed without errors.

BUT, it says it only searched 14668 folders. That’s somewhat close to the number of files it searched when it failed (14443).

I was watching it, for the most part, and it did go all the way up to 100% and I see it made it onto the D drive, so it looks like it actually did finish.

I don’t recall how many folders it said it searched when I did a successful boottime scan with raw access disabled.

Here are the last few lines of the log:

CFileNtfs (1), this 001EBAD0, rec 0x4e, name “/Software/WLinstaller.exe”
CUFSD::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428], 0x0011EAF0
CFileSystemNtfs::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428]
CUFSD::IoControl returns status 0x0, written bytes 0xa0
CFileMFTRecord::ReadEx 0x4e not complete. Size 0x1bad70, Offset 0x0, ToRead 0x1c0000, Read 0x1bad70, AttributeList “no”, Compr “no”
*RAW:D:\Software\WLinstaller.exe /before
~CFileNtfs (0), this 001EBAD0, rec 0x4e, name “/Software/WLinstaller.exe”
*RAW:D:\Software\WLinstaller.exe /after
CFileNtfs (1), this 001EBAD0, rec 0x4f, name “/Software/XviD-1.1.3-28062007.exe”
CUFSD::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428], 0x0011EAF0
CFileSystemNtfs::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428]
CUFSD::IoControl returns status 0x0, written bytes 0xa0
CFileMFTRecord::ReadEx 0x4f not complete. Size 0x9ceec, Offset 0x0, ToRead 0xa0000, Read 0x9ceec, AttributeList “no”, Compr “no”
*RAW:D:\Software\XviD-1.1.3-28062007.exe /before
~CFileNtfs (0), this 001EBAD0, rec 0x4f, name “/Software/XviD-1.1.3-28062007.exe”
*RAW:D:\Software\XviD-1.1.3-28062007.exe /after
Pop level : 0, Vcn 0xffffffff
~CDirNtfs: (1), this 002495D8, rec 0x28
Pop level : 0, Vcn 0xffffffff

What next?

Please check the end of the aswBoot.log file - what are the last few lines?

I'm not sure how to or if I can reply to your PM.

lexluthor

Make 1 more post, them PM will work for you.

See above, I edited my post.

That’s the very end of the log?
Even though it seems like it mostly finished (is “Software” the last folder on your D: drive - alphabetically, and XviD-1.1.3-28062007.exe the last file inside of it?), the last line should say “CloseLog”…

Yes, that’s the end of the log.

The D: only has one folder, called Software. It’s only a 1GB partition.

There appears to be no “CloseLog” entry.

What next?

Well, I’ll build the real boot-time scanner (the logging version) to see if the problem can be simulated at least there…