Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help working out why avg crashed,need to know if a virus is repsonsible


  • Please log in to reply
6 replies to this topic

#1 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:38 AM

Posted 11 November 2014 - 05:11 PM

Need help identifying cause of crash of avg antivirus, want to know what happened and find out whether this crash was triggered by some sort of malware.

My OS is windows 8 (not 8.1) 64 bit, my main browsers are chrome and firefox but IE is installed though never used, my antivirus is AVG free but i scan regularly with all the products mentioned below.

Shortly after turning on my computer today avg crashed in a nasty and unexplained fashion. I had just opened google chrome and was running a manual scan with MBAM when it happened. Whilst i was checking emails and browsing a news site avg popped up in the bottom right corner saying that "identity protection" was not active, the icon for avg had dissappeared from the taskbar entirely. I opened avg as a program from the shortcut(the shortcut had moved places from one spot on the dsktop to a different one) on my desktop to restart the program. When i did this it loaded up to show orange "this isn't active" warnings over all of it's components. I tried manually clicking "update" within avg but it could not make the connection even though i ws online at that time. I then yanked out the ethernet cable to disconnect from the internet, avg shortly afterwards changed it's display to showing that (as it had reported earlier) only the identity protection was inactive, rather than everything being inactive. It requested a restart which i did after letting MBAM finish and perfroming a quick run of rkill, tdsskiller, minitoolbox and MBAR. i alos searched windows explorer for all files modified or created on this day and scanned them with avg (it's scanner seemingly still working)and with mbam. After restarting i scanned with eset online scanner and a version (about a wekk old) of kaspersky virus removal tool. These latest two have yet to complete. Minitoolbox returned a wealth of information about the crash of avg, it listed things that referred to avg processes failing at the same time and date. The minitoolbox log is attached. i need to know

A: what caused the crash

B: was it malware of viruses causing the crash, it seems unlikely but i want to be absolutely certain

C: how many scans (with different programs) are enough to be sure of whether a virus caused it

other information i know about the event is:
there seemed to be several msiexec.exe processes running at the time, there were two webpages open in chrome at the time (gmail and a bbc page),the mbam scan too much longer than usual (20 minutes as opposed to 10),MBAM's scan nor rkill,nor tdsskiller, nor minitoolbox, nor MBAR, nor security check found any viruses (results from exet and kaspersky yet to come), shortly after the crash when i opened task manager i could not see any new names of processes that i had not seen in the past, some of avg's files had changed (some sort of update) in the minutes between logging on and the crash occuring, when the crash happened the first sign was an avg system tray pop-up saying identity protectipn was not active, the second sign was that avg had dissappeared from the system tray, a second mbam scan a little longer after the crash only took the usual 10 minutes rather than the longer time observed immediately after the crash, no new startup items have appeared within CCleaner's list of startup entries, no old items have dissappeared from there either, internet connection remained connected until i pulled out the cable, i noticed that the desktop icon for avg had moved (the time it moved was around 20:22 according to the date modified i could see when right clicking the shortcut to view it's properties)from it's usual spot where i placed the icon on the desktop to the far bottom left corner( i have no clue what caused this and how it might be related to the crash), at some point shortly after logon today windows detected new updates which i have yet to install(i have it set to "let me decide when to download")(windows checking for it's updates might have put some extra load on the computers memory or something and affected the crash, i don't know if it is related but i thought it worth adding every detail i can about what my system was doing when AVG crashed), after the restart AVG identity protection was running again (it is now) startup was slightly slower than usual, a new button has appeared in the centre of the AVG interface saying "fix performance" (i know that running this performance tool is not a good idea so will not be clicking that new button).

logs and results below

MBAM(malwarebytes antimalware): no infections, nothing out of ordinary

rkill: no infections, nothing out of ordinary

MBAR(malwarebytes antirootkit): no infections found

ESET online scanner: yet to finish

kaspersky virus removal tool (version from 8th november ish): yet to start, obviously it and eset aren't running at the same time, i'm waiting for ESET to end before i start this one

tdsskiller:nothing out of ordinary, It finds some unsigned files but thye have always been there since this computer was brand new and i am confident that the unsigned files are legitimate ones and not viruses

security check: no signs of invection, finds nothing out of ordinary

AVG: i used it for a "whole computer scan" after the crash when "identity protection" was still down and before the restart, it detected nothing out of the ordinary, no viruses and 138 information messages about locked files(which it usually does)

minitoolbox: shown in full below, this was run after disconnecting, has details of crash which you might be able to interpret, i have put the bits that i think are most relevant in red


MiniToolBox by Farbar Version: 21-07-2014

Ran by (removed for privacy)(administrator) on 11-11-2014 at 20:45:34

Running from "D:\Users\(removed for privacy)\Downloads\antivirus and security installers and exes"

Microsoft Windows 8 (X64)

Boot Mode: Normal

***************************************************************************


========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Qualcomm Atheros AR946x Wireless Network Adapter = WiFi 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 15" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : (removed for privacy)
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : (removed for privacy)
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter #2
Physical Address. . . . . . . . . : (removed for privacy)
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : (removed for privacy)
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : (removed for privacy)
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...12 d9 62 1d 2f c0 ......Microsoft Wi-Fi Direct Virtual Adapter #2
20...c0 d9 62 1d 2f c0 ......Qualcomm Atheros AR946x Wireless Network Adapter #2
12...70 54 d2 8d e8 f3 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/11/2014 08:42:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/11/2014 08:24:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5557, time stamp: 0x5409c8db
Faulting module name: avguiadvx.dll, version: 15.0.0.5557, time stamp: 0x5440253f
Exception code: 0xc0000005
Fault offset: 0x000c7c0a
Faulting process ID: 0x35c
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report ID: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (11/09/2014 10:26:29 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14ac

Start Time: 01cffc6bd3914cd7

Termination Time: 0

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id: 6c746d92-685f-11e4-be83-7054d28de8f3

Faulting package full name:

Faulting package-relative application ID:

Error: (11/09/2014 05:46:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/09/2014 05:46:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/09/2014 04:59:28 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 124c

Start Time: 01cffc3b8c39bd32

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: c2b36c87-6831-11e4-be83-7054d28de8f3

Faulting package full name:

Faulting package-relative application ID:

Error: (11/09/2014 04:25:07 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1714

Start Time: 01cffc2ad8dbf6f3

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: f3a69f8c-682c-11e4-be83-7054d28de8f3

Faulting package full name:

Faulting package-relative application ID:

Error: (11/08/2014 03:25:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/08/2014 03:24:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/07/2014 11:43:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (11/11/2014 08:23:42 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:32 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:30 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:30 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:29 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:28 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:26 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:25 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:24 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/11/2014 08:23:23 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661


Microsoft Office Sessions:
=========================
Error: (11/11/2014 08:42:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\antivirus and security installers and exes\esetsmartinstaller_enu.exe

Error: (11/11/2014 08:24:09 PM) (Source: Application Error)(User: )
Description: avgui.exe15.0.0.55575409c8dbavguiadvx.dll15.0.0.55575440253fc0000005000c7c0a35c01cffded05af66c7C:\Program Files (x86)\AVG\AVG2015\avgui.exeC:\Program Files (x86)\AVG\AVG2015\avguiadvx.dllb0a13ee1-69e0-11e4-be83-7054d28de8f3

Error: (11/09/2014 10:26:29 PM) (Source: Application Hang)(User: )
Description: NOTEPAD.EXE6.2.9200.1638414ac01cffc6bd3914cd70C:\Windows\system32\NOTEPAD.EXE6c746d92-685f-11e4-be83-7054d28de8f3

Error: (11/09/2014 05:46:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\antivirus and security installers and exes\esetsmartinstaller_enu.exe

Error: (11/09/2014 05:46:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(rempved for privacy)\Downloads\antivirus and security installers and exes\esetsmartinstaller_enu.exe

Error: (11/09/2014 04:59:28 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628124c01cffc3b8c39bd320C:\Windows\Explorer.EXEc2b36c87-6831-11e4-be83-7054d28de8f3

Error: (11/09/2014 04:25:07 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628171401cffc2ad8dbf6f30C:\Windows\Explorer.EXEf3a69f8c-682c-11e4-be83-7054d28de8f3

Error: (11/08/2014 03:25:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\Nuance\naturallyspeaking12\Program\dragon_support_packager.exe

Error: (11/08/2014 03:24:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/07/2014 11:43:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\antivirus and security installers and exes\esetsmartinstaller_enu.exe



=========================== Installed Programs ============================
(no changes here, all the same as it was in the past)

========================= Devices: ================================

Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3979.3 MB
Available physical RAM: 2252.96 MB
Total Pagefile: 6443.3 MB
Available Pagefile: 2630.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.16 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:197.9 GB) (Free:151.52 GB) NTFS
2 Drive d: () (Fixed) (Total:218.69 GB) (Free:160.94 GB) NTFS

========================= Users: ========================================

User accounts for \\(removed for privacy)

Administrator Guest (removed for privacy)

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

23-10-2014 20:33:16 Scheduled Checkpoint
30-10-2014 17:29:47 Windows Update
06-11-2014 20:42:15 Scheduled Checkpoint

**** End of log ****


I guess event viewer logs might be helpful for you here, tell me how i can get them and which times/dates you need and i will happily provide. I can also provide the other logs but they don't say much.
Thanks

my apologies for spelling error in title, i didn't notice it until i had already posted this thread

UPDATE: eset has finished, it found 1 thing a "Win32/Bundled.Toolbar.Google.D Potentially unsafe application" within the installer exe file for CCleaner. I left the installer exe file lying around in my downloads folder after first installing CCleaner, i didn't know it had a bundled google toolbar within it but given that this is not exactly a threat the eset scan can be considered as having come up clean. Kaspersky will have to wait until tomorrow, it is very late where i am.

Thanks

Edited by rp88, 11 November 2014 - 06:54 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 11 November 2014 - 09:07 PM

Have you tried a complete un and Re install of AVG?

In case the uninstallation fails, please use the AVG Remover tool
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:38 AM

Posted 12 November 2014 - 11:13 AM

It has a function within control panel--> programs and features--> avg--> change which "repairs" it. I will try runnign that but i think it is working alright now. What i want to know is the cause of the crash. I am scanning with kaspersky now, i will tell you what it finds.


Have "repaired" avg, using the method i mentioned. upon performing the "repair" avg seemed to lose all it's recent definitions which then had to be updated back up to date. It all appears to be functioing fine now. Kaspersky yet to finish. Could use advice on diagnosing cause of the orignal avg crash, also i have a general question about virus scanning:
Is running a scan with, avg (my antivirus), then mbam, then mbar, then rkill, then tdsskiller, then security check, then minitoolbox, then ESET online scanner, then finally with a fairly recent version of kaspersky virus removal tool(currently i'm using one from the 8th november (ish), in future i would use one for that date and keep using the same one any time needed for a couple of weeks before getting a more recent version) enough to detect any and every virus and if those all come up clean is that proof that the system is not infected at all?

Edited by rp88, 12 November 2014 - 02:17 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 rp88

rp88
  • Topic Starter

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:38 AM

Posted 12 November 2014 - 05:53 PM

Kaspersky has finished, it detected nothing.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 12 November 2014 - 08:26 PM

Ask that part in Anti-Virus and Anti-Malware Software
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 rp88

rp88
  • Topic Starter

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:38 AM

Posted 13 November 2014 - 12:36 PM

Avg crashed again today, very similar type of crash. I logged on, plugged in the ethernet cable and used the button in avg to try and manually update. Had a crash of the same type. Avg started by saying one of it's components was inactive, then the whole program closed itself and dissappeared from the taskbar, i disconnected, i opened avg from it's desktop icon, it said every part was not functioning. It also said that there was only 1 "report" in it's "archives" where there are usually 170 ish. I restarted and it loaded up as usual, i tried updating again and this time it seemed to work. The number of reports had gone back to 170. Guessing this crash has same cause as last one, need to work out why. If my antivirus is shutting itself down something is clearly very wrong.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 rp88

rp88
  • Topic Starter

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:38 AM

Posted 15 November 2014 - 01:36 PM

Can anyone give advice on determining whether the cause of these two crashes was something malicious(or worrying in some other way) or whether it was just two runs of random bad luck. I haven't had a third like it, yet, but one might happen.
Thanks

Edited by rp88, 15 November 2014 - 01:37 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users