You are not logged in.

Thursday, April 24th 2014, 7:19pm

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "Thomas6" started this thread

Date of registration:
Mar 29th 2010

  • Send private message

1

Saturday, April 24th 2010, 8:11pm

avscan.exe gives error at end of scan with XP SP3

At the end of a scheduled scan AV10 asks for permission to deal with some malware in emails. I give it the OK and then I get an error from windows:

avscan.exe - Application Error
The instruction at "0x7c90100b" refernced memory at "0x007200c5". The memory could not be "read".
Click on OK to terminate the program
Click on CANCEL to debug the program

So I click on Cancel.

The system partially froze... the Start button menu was missing names for many of its icons. The system was generally unresponsive. The Start button failed to respond after two uses (the last one was to display the shutdown buttons). Ctrl-Alt-Del failed to do anything. I eventually had to use the hardware reset button.

After re-boot, I checked some logs. The application log showed that about every 10 seconds, this error appeared:

Quoted

Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.
This error has not appeared since the time I had disabled the AV10 firewall. This was the first scan I did after installing the firewall again! Memory leak? Let's check the system log...

Here's what the system log says was going at that time. These are each about 2 minutes apart with no other messages between them:
Error: The server was unable to allocate from the system nonpaged pool because the pool was empty.
Error: The Message Queuing service terminated unexpectedly. It has done this 1 time(s).
Error: The browser was unable to update the service status bits. The data is the error.
Error: The server was unable to allocate from the system nonpaged pool because the pool was empty.
Then repeated that one several times... then:
Information: Application popup: avscan.exe - Application Error : The instruction at "0x7c90100b" referenced memory at "0x007200c5". The memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program

Error: The server was unable to allocate from the system nonpaged pool because the pool was empty.

Then I re-booted.

I am using the latest versions:
Product 10.0.0.542
Search Engine 8.02.01.224
Luke Filewalker 10.00.03.00
Firewall 10.01.16.06
FW Filter #1 10.01.09.06
FW Filter #2 10.01.10.06

"Follow symbolic links" is un-checked in the scan settings.

Is it possible that the Firewall is causing an error in the AV Scan?

2

Sunday, April 25th 2010, 2:18pm

Quoted

Is it possible that the Firewall is causing an error in the AV Scan?
Hello Thomas6 ,
Please , post here a HJT log , for to verify if there's some hypothetical problem or some hypothetical incompatibility ( too with your Firewall ) , for my personal opinion , Many thanks .
Best regards

  • "Thomas6" started this thread

Date of registration:
Mar 29th 2010

  • Send private message

3

Sunday, April 25th 2010, 9:19pm

Ok, here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:15 PM, on 25/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LOGITECH\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Tom\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\default.17k\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\default.17k\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .jps: C:\PROGRA~1\INTERN~1\PLUGINS\npdc32.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB
O16 - DPF: PlaceWare Console: CC2K-4-3-1-0-1-o6r3v0 - http://www27.placeware.com/etc/pwb/test/lib/cc-full.cab
O16 - DPF: PlaceWare Console: PWS-CC2K-4-0-2-1-2-k4r1l0 - http://www27.placeware.com/etc/pwb/test/lib/cc-full.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142552254248
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe

--
End of file - 11255 bytes

4

Tuesday, April 27th 2010, 7:36am

Hi Thomas6 ,
Please , you have a complete Back-up ( Example : Acronis , Norton Ghost etc. ) precedind at the installation of the your Avira ? Many thanks .
Best regards

  • "Thomas6" started this thread

Date of registration:
Mar 29th 2010

  • Send private message

5

Wednesday, April 28th 2010, 11:08am

Yes, I do. However, the interesting thing is that I decided to investigate my own question, posed in my previous post:

Quoted

Is it possible that the Firewall is causing an error in the AV Scan?
I un-installed the Firewall and re-did the scan. Guess what! Everything worked just fine. It detected the same virus warnings, etc., allowed me to fix them, then terminated without incident.

It seems very likely to me that the AV Firewall is causing the problem in the scan.

  • "Thomas6" started this thread

Date of registration:
Mar 29th 2010

  • Send private message

6

Monday, May 3rd 2010, 10:27pm

Firewall consuming memory during and after scan?

@Dontbug
Yes, I am also experiencing huge memory consumption that seems to only occur when the AV Firewall is installed. When I un-install the firewall and run the av scan, everything works fine! Install the firewall and run the scan and I get big problems on XP SP3, and now I even notice it on Vista. I have to reboot Vista after a virus scan in order to gain back my memory.

The BSODs my be solved, but this memory usage by the firewall is still causing many problems!

  • "Thomas6" started this thread

Date of registration:
Mar 29th 2010

  • Send private message

7

Monday, May 17th 2010, 6:42pm

XP SP3 won't run smoothly with AV10 Firewall

The only way I can keep my XP SP3 systems trouble free with AV10 is to un-install the Avira Firewall module and use the Windows firewall. Otherwise I get all kinds of system problems, like memory consumption and BSODs.

However, if I don't have the AV Firewall installed, everything is stable. But, this is APSS and I paid for the Firewall. I should be able to use the firewall! This has been going on since AV10 came out at the end of March! We need a fix for this problem soon!

8

Monday, May 17th 2010, 7:13pm

Quoted

Everything worked just fine
I'm very pleased for you :thumbup: Thomas6 .

Quoted

But, this is APSS and I paid for the Firewall. I should be able to use the firewall! This has been going on since AV10 came out at the end of March! We need a fix for this problem soon!
Fair enough , I think that go resolved the problem internally ( perhaps with a updating ) , at soon bye .
Kind regards

This post has been edited 1 times, last edit by "CARON67" (May 17th 2010, 7:17pm)