I have a question about the resident protection in Avast. I just installed this today, and after reading thru the posts I was able to get it installed (XML fix, uninstalled AVG), and all seems to be working great except for the Resident Protection. I have repaired, uninstalled, reinstalled, and still cant get the Resident Protection to stay on–it just stays ‘disabled’ under On-Access, or shows 'inactive’under Avast. I found a similar post with the same problem, but they were running 98 and said it fixed itself after a shutdown. Mine will not. I am running:
WinXP Pro SP2
P4-2.4Ghz/1GB RAM
Avast 4.1.418

If I press Start under the ‘Simple’ version of On-Access, it does nothing. If I use the ‘advanced’ version of On-Access, I press Start under ‘Standard Shield’ and it tells me that the task could not be completed. Then, when I run the main Avast program, when I turn the Resident Scanner/Resident Protection to either standard or high, when I restart this is always back to “disabled.” Whats going on with this?

Basically, Im trying to make sure I have the real-time protection enabled, but from what I can see, it just refuses to stay on. I understand the concept of the subsystems, but shouldnt the standard protection still be enabled for the file system? Kind of like the Resident Shield for AVG or Norton—comparable to those. No matter how many times I try to start/enable it, it just goes back to either ‘inactive’ or ‘disabled.’ I will attach a pic of the way they remain disabled even after all the things Ive tried. Thanks for taking a look. Any help is appreciated!

See if a repair fixes the problem. Looks like you havn’t installed all sproviders.

control panel > programs > add/remove > avast > change/repair

make sure the providers are installed.

If that fails, try a complete uninstall of Avast using the uninstall util from the website, reboot and reïnstall.

Horatio, if Eddy’s solution don’t solve your problem (as it should… :'() you can try uninstall avast and install again (booting between these operations…). The error message seems that you did not install the resident shild correctly…

Did you ‘disable’ AVG or uninstall it?

Thanks for the replies! I have done a repair twice, and uninstalled/reinstalled twice also—once with the util. And AVG was completely uninstalled before I even installed Avast—I checked the control panel to make sure it wasnt left on list. Even without setting up the other providers (PM, Email, etc) the standard shield should still be running resident. Dunno if I missed a step or something, from what Ive read in the documentation it should be running in mem now.

Hi,

please

• post a hijackthis-Logfile for diagnosis here
• report the results of Onlinescanners Trend & RAV

→ Links & details for the above: read the link" VirusRemoval" below in my sig

Thanks for the reply! Im in a bit of a hurry, so Ill post these for now, and will check your link and update the info later tonight or tomorrow.

Trend-Micro says “Congratulations, No infections” etc., and here is the log file from HiJack This:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trektoday.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/245ebd09140e71b53f05/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093345923409
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Thanks for the help everyone!

Ok I have an idea what happened here (maybe):

After doing the “Generate VRDB” last night, when I turned on my PC today the Resident Shield is now working fine.

Is it necessary to do the VRDB before the RS will work? Thats the way it seems to me right now, but I cant find that anywhere in the docs. Strange.

This one looks suspicious to me:
C:\WINDOWS\System32\MsPMSPSv.exe

mspmspsv.exe is a process which normally comes with a specific update of Windows Media player. It allows for the SDMI protocol (Secure Digital Music Initiative) to be used during dealing with music media. This is a non-essential process. Disabling or enabling this is down to user preference

Haven’t had the time to look at the entire log.

Horatio, through the link in my signature you can download a HJT log analyzer and there is also a link to a online analyzer. Use them both and fix anything that is reported as nasty/bad.

Thanks guys! I will prolly disable that process—no need for it. And it looks like I have all but one of the programs listed on that site in your sig Ed, so Ill start double checking now. Thanks again!

Just one other item you could clean up, Horatio – that first O9-Extra Button item that’s marked “no name” and “no file” almost has to be an orphan, left behind by something that didn’t quite uninstall completely and cleanly. Almost certainly harmless but useless.

I’m no expert on HJT or the registry, but that entry could probably come out safely. If you want to just leave it, or wait to see if a real expert cares to comment on it, that’s fine too, no harm done.

Best,
Mike