Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x

Offline Files in XP pro crashes, sys freeze with Avast Pro 4.x

Long story short, I am testing out (demo) Avast Pro 4.0 for my shop, looking to switch from Mcafee. All laptops networked to a server. We use XP Pro and synch to our server files to always have a virtual copy of the network on the go. Info here;en-us;307853&

Mcafee had the same kind of problems, but they figured it out. I am disappointed, and I a user and avast home 4.0 and like it.

Here is the situation, after the desktop loads up, everything just freezes. How do I know it is Avast? Safe mode boot, uninstall Avast Pro 4.0 and I am back in business. Only with no virus protection.

If anyone has a solution, ideas, etc, let me know.

Is this a clean installation or you have installed McAffee before in the same system?
Are you sure you’re able to use avast! Professional the way you described or, on contrary, you should have the ADNM version of avast?

Mcafee uninstalled before Avast Pro 4.0 installation.

Are you sure you’re able to use avast! Professional the way you described or, on contrary, you should have the ADNM version of avast?

Unsure as to the technical nature of the question. I am trying to replace one virus scanner with another. I am aware of a issue that virus scanners don’t like, offline files, at it seems to be an issue here in that the system hangs before the offline files can load up.

This very much sounds like a conflict with some other application running on the machine. Most usually this is another AV (maybe forgotten but still running on the background, or just incompletely uninstalled) but from time to time can also be some other software (especially low level software).

Could you please post e.g. output from HijackThis



I have a similar Problem but am unable to find the cause. I have Win XP64 and installed Avast in November. Everything worked fine until the week before christmas.

I figured out to change the services of avast to manual (from automatic). Now i am able to boot without freeze, but in the moment i activate them everything is frozen.

I make the hijack dump tonight, but the system should be as clean as possible since i have not much running and i could not recall installing anything in that time… except maybe the starforce driver becouse of a new game…

bests, dready

Logfile of HijackThis v1.99.1
Scan saved at 11:07:38 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Documents and Settings\Scott Koser\Local Settings\Temporary Internet Files\Content.IE5\ON9ZAMJX\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeX
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Cleanup] C:\DOCUME~1\SCOTTK~1\LOCALS~1\Temp\2005122914538_mcappins.exe /v=3 /cleanup
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [alarm.exe] “C:\Program Files\Chaos Software\Chaos 6\alarm.exe”
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) -
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Hi, here is my hijackthis log.

Bests, Dready

Logfile of HijackThis v1.99.1
Scan saved at 17:57:21, on 09.01.2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\Program Files (x86)\GetRight\getright.exe
C:\Program Files (x86)\Razer\razerhid.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files (x86)\Razer\razerofa.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll
O4 - HKLM..\Run: [Microsoft LSASS Network File] C:\WINDOWS\SysWow64\KLSASS.exe
O4 - HKLM..\Run: [razer] “C:\Program Files (x86)\Razer\razerhid.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files (x86)\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~3\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

With Avast Pro 4.0 uninstalled, had to be able to use laptop.

Btw, you still emphasize that it’s avast 4.0 (which would be very old) - isn’t it rather avast! 4.6?

Btw, you still emphasize that it’s avast 4.0 (which would be very old) - isn’t it rather avast! 4.6?

Yes, that is my bad, thanks for catching that. It’s a fresh download of the pro version over the last weekend.

Hmm, I didn’t find anything suspicious in either of the logs… ???

Probably the only really reliable way to find out what’s going on is to generate a dump of the system at the moment the problem happens (i.e. the machine is frozen).

But it’s not exactly trivial.

Instructions are here:

I’m sorry for the troubles. :wink:

sounds good, i will try that tonight.

bests, dready

Thanks. When you have the dump, please ZIP it (give the ZIP file a unique name - e.g. your name) and upload it to

Please note that you won’t have READ access to the ftp site, just write, so you won’t see the contents of the directory as well as the file you have just uploaded.



Sorry, but it did not work. Maybe it is becouse of Windows XP 64? Or something is stopping so the system is not able to read the Keyboard Input…


It works even on WinXP x64.
One thing that Vlk didn’t emphasize, however, is that initiating the memory dump doesn’t work with USB keyboard - it has to be PS/2 (or DIN ;D). Could it be the case?

Nope… i have a normal PS/2 since i don’t want to load another driver just to have my keyboard running ;D

I also tried another Testcase: I started the Service and went to sleep, in the morning i still was able to move the mouse over the avast icon and see how many providers are working… but as soon as i went to start->ControlPanel everything was frozen like before …

bests, dready

Strange… are you sure you pressed the right Ctrl… and that you didn’t e.g. put a trailing space after the registry value name (it happend to me…)?


Yes, i used the right one.
I started everything from scratch and now it worked (a little puzzeling)…

I am now uploading the file called … it has about 170 MB (zipped) will need another 40 Minutes.

Don’t know what went wrong on the first attempt.

bests, dready

ok its uploaded.

I’ll have a look at it asap.

Please note that I’m just about to leave for my winter vacation, going to spend the next 12 or so hours in my car. Hopefully, there’ll be some kind of connectivity at where I’m staying. If so, I expect to get back to you tomorrow (Sunday) as soon as I get back from the slopes.

Thanks :slight_smile: