Security Services Failed to Start After Bootup

I booted the computer, logged on with an administrator account, “succesfully” uninstalled Norton AntiVirus 2002 using the standared uninstall routine followed by the Rnav2003 removal tool from Symantec, which they claim completely removes NAV 2002. (According to numerous forum posts, nothing short of a hard drive format completely removes it.) After rebooting, I then installed Avast! 4. The setup routine did flag NAV as still present, but I elected to continue. The installation proceeded smoothly, and I restarted the computer.

I worked with the computer for ten or twelve hours with no problems, including: configuring Avast! 4, performing a thorough disk scan, performing a virus database update, allowing the VRDB to be generated, surfing the Internet, and using each of Avast!'s features. During the course, I restarted the machine a few times, always logging on with the same administrator account. At this point, I shut the system down. The next day, I fired up the system and logged on with a limited account; Outpost and SurfinGuard Pro failed to start. Also, no programs could be run through their shortcuts except Windows Explorer, which opened a blank window then hanged. Eventually the task bar became unresponsive, and the Task Manager couldn’t be started even with the 3-finger salute. The mouse and keyboard remained functional though. The only option available was to force a shutdown by pressing and holding the power button.

I forced a shutdown and twice booted the system, first logging on with an administrator account and then with a limited account. The problem recurred both times. Throughout, Windows reported no errors, and examination of the application, security, and system logs revealed nothing relevant or useful. At this juncture, I started Windows in Safe Mode, stopped and disabled the avast! Antivirus and avast! iAVS4 Control Service services, and then rebooted normally. After logging on with an administrator account, Outpost and SurfinGuard Pro started, and the computer behaved normally. Norton Disk Doctor and Norton WinDoctor gave it a clean bill of health. I started the Avast! services and set them for automatic startup. I reconfigured the On-Access Scanner to disable the Show detailed info on performed action options for the Internet Mail and Standard Shield providers (enabling them was the last change that I’d made before the trouble ensued). I again rebooted twice, logging on with each type of user account; the system continued to function normally with the options disabled.

Can anyone help me catch a clue :wink: or suggest a better work-around?

System Configuration:

Intel Celeron @ 2.0 GHz; 256 MB DDR RAM; 60 GB hard drive, two partitions (NTFS bootable partition, FAT32 recovery partition); HP CD-writer/DVD (40x/8x/x8/16x)
HP v70s 17" monitor; HP PS/2 mouse and keyboard; HP Deskjet 3320 printer; HP Scanjet 3500c flatbed scanner

Windows XP Home Edition Version 2002 SP1 with all critical and security updates applied, and DirectX 8.1

Agnitum Outpost Firewall free edition version 1.0.1817.1645; Avast! 4 version 4.0.235; Finjan Software SurfinGuard Pro Version 5.70 (Build 281); Script Sentry v2.7.1; Spybot Search & Destroy 1.2
Internet Explorer 6.0 SP1 with all updates applied; Outlook Express 6.0 SP1 (version 6.00.2800.1123 with all updates applied
Norton SystemWorks 5.0 (2002)

Phoenix BIOS - core version 4.06, BIOS revision 3.11 09/25/02; Intel i845G chipset, Intel Extreme Graphics, updated with current graphics driver; Lucent WinModem - 56k v.92, updated with current modem driver; Realtek RTL8139 Family PCI Fast Ethernet integrated NIC

Stand-alone machine with NIC disabled, two modem connections (only one actively used) each with TCP/IP enabled and NetBIOS over TCP/IP, File and Printer Sharing, and Client for Microsoft Networks disabled

I replied regarding security services failing!

Thanx for your prompt reply. I knew that 2 active on-access virus scanners is a no-no, but until you mentioned it I never thought of SurfinGuard Pro in that way. I got used to thinking of it as just monitoring ActiveX controls and embedded JS/VBS scripts while I’m browsing a web site. :o It seems so obvious now how short-sighted that was. :-* You’ve made a very good point. I’ll try to duplicate the problem with it disabled.

Please let us know what happened.

Good luck!!! :wink:

@mir,

To follow up on your suggestion, I did some more testing. I re-enabled the “Show detailed info on performed action” options in the on-access scanner’s two running providers (duplicating the original conditions) and rebooted. The problem was reproduced. I repeated the test with with SurfinGuard Pro set up to run at startup but with its monitoring capabilities disabled. NO JOY, the problem recurred. I repeated the test once again with it deleted from the startup sequence – still no joy. Finally, I restored SurfinGuard Pro’s normal operation and disabled the verbosity options and repeated – problem gone. Whatever the cause, it’s not related to SurfinGuard Pro.

Examination of the application log revealed these entries:


Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 8/17/2003
Time: 12:35:35 PM
User: N/A
Computer: SYSTEM1
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Data:
0000: 57 52 54 57 52 54 49 43 WRTWRTIC
0008: 32 31 31 33 00 00 00 00 2113…
0010: 57 52 54 57 52 54 49 43 WRTWRTIC
0018: 32 30 37 38 00 00 00 00 2078…


Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 8/17/2003
Time: 12:35:35 PM
User: N/A
Computer: SYSTEM1
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. …


These entries were logged for each of the failed tests, and they also were logged on 8/11/03, when the problem first occurred. They have corresponding entries in the boot log, made when Windows starts in Safe Mode.

Having ruled out SurfinGuard Pro, I remembered that Outpost starts before SurfinGuard Pro during the logon startup sequence, apparently pointing to a conflict between it and Avast!. When Outpost starts, the on-access scanner normally queries me for permission to let the firewall open for writing both (or perhaps just one, I don’t recall) of the files “driver.cmd” and “driver_event.cmd.” When the aforementioned scanner options are enabled, I don’t get this query. At this point, I assume that only the Standard Shield provider option is actually relevant. So here’s my theory. When the provider is configured both for verbose output and to deny blocked operations, during the startup sequence either it hangs trying to prompt me, or more likely, it cannot query me and denies access to Outpost. If the former, the firewall is blocked waiting to update its files; if the latter, it cannot graciously handle the inability to do so. In either case, the logon startup sequence doesn’t complete normally, resulting in the system instability observed.

So, what’s the upshot. I can live without the verbose output from Avast!, but I can’t live without the firewall :P. I’ve disabled the Standard Shield option.

;D Muchos gracias to all who took the time to read my post and/or respond – Hornus. ;D

Dear Hornus,

My my, what a survey and what a pitty it didn’t solve the problem really.
I’m very sorry, but I’m not capable to advise in any other way regarding this matter.

I hope you’ll find someone who’s more into this matter.

Good luck and take care.

@mir

I’m very sorry, but I’m not capable to advise in any other way regarding this matter.

@amir,

You were very helpful. It was your suggestion that got me to research the problem further. As a result, I at least came up with working theory about what was happening. That’s given me a huge amount of satisfaction in itself.

Thanx again. :smiley:

I agree with @mir. Also I suggest that the security access for the folders could not be well done (remember you have a NTFS system…). The limited accounts on XP usually have this behavior with some applications.
Sorry I cannot help you more… :cry:

If it helps, see the troubleshoting of NAV x avast! in http://www.avast.com/forum/index.php?board=1;action=display;threadid=259;start=0