Avg Antispyware Guard.exe

Discussion in 'ewido anti-spyware forum' started by mph, Dec 21, 2007.

Thread Status:
Not open for further replies.
  1. mph

    mph Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    3
    hello everyone

    i have windows xp home on each of 2 partitions and avg antispyware 7.5.1.43 on both xp installations

    on the 1st partition,for the last 5 or 6 days after startup,guard.exe becomes hyperactive for about 20-25 seconds,guard.exe cpu usage high and memory usage 15,000k.in services when i click on the service there are no options to stop and restart the service,task manager cant end it: access is denied.uninstalled and re-installed avg antispyware,next startup guard.exe was quiet but since then hyper again

    on the other partition guard.exe is ok,immediately after startup,guard.exe cpu usage 0, memory usage less than 1,000k,inservices there are options to stop and start the service,and task manager can end it




    procexp.exe 2720 1.54 Sysinternals Process Explorer Sysinternals


    any help appreciated
     

    Attached Files:

    • log.txt
      File size:
      8.4 KB
      Views:
      26
    Last edited by a moderator: Dec 21, 2007
  2. support.grisoft

    support.grisoft Grisoft Team

    Joined:
    Oct 27, 2007
    Posts:
    30
    Hi,

    as we have not come across such problem in general, then our recommendations at this time may be the following:

    1/Please check if there are any differencies between the two XP systems. Especially it could be related to some different applications installed. For this we would like to ask to post the HJT output here (maybe it would help to compare output from both so pls name it accordingly).

    2/Are these two systems used for different kind of work, like one for internet only and the second for not online activities for example?

    3/Is there any other active process taking higher amount of memory/processor time when the problem occurs?

    Thank you for any further information you can provide.

    Michal Macoun
    AVG Second Level Support
    __________________
    AVG Technical Support
    website: http://www.grisoft.com
    mailto: technicalsupport@grisoft.com
     
  3. mph

    mph Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    3
    Hi, thank you for replying.

    the odd issue with guard.exe now seems to have been resolved,though it's still a mystery as to what caused it

    the xp installation on C: is my main system,from time to time i do a hijackthis scan and compare it to the previous logs so i can tell if there is anything new

    i use the xp installation on F: for trying software thats new to me,and sometimes connect to the internet on F:

    when i did a hijackthis scan on F: there were some unwanted things and some things i wasn't sure about.i removed them,then i booted up on C: to check if any processes were very active at the same time as guard.exe [ i'm fairly sure that no other process was very active at the same time as guard.exe during the past week],and there was a lot less activity by guard.exe

    it seemed that removing the unwanted things with hijackthis had solved it,to check on that i booted back to F: and restored the items that had been removed,then started up C:,but guard,exe was still the same as it had been with the items removed;a lot less activity than there had been during the previous week,guard.exe memory usage is now 1,300k,and when i click on the avg antispyware service in services there are now options to stop and restart the service.

    i've removed the items again with hijackthis

    in short,now when guard.exe appears in the task manager [refresh rate set at normal] after startup,the cpu usage figures are for example 44,68,22,0,remaining at 0. do those figures sound ok?



    here are the logs:

    on F:


    Logfile of HijackThis v1.99.1
    Scan saved at 23:47:57, on 21/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Documents and Settings\owner2\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UIWatcher] F:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - F:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

    ------------------------------------------------------------------


    i removed these:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040

    ---------------------------------------------------------------------


    on C:


    Logfile of HijackThis v1.99.1
    Scan saved at 18:03:51, on 21/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\D-Link\DSL-200\dslstat.exe
    C:\Program Files\D-Link\DSL-200\dslagent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.exe
    C:\Program Files\Downloaded\hijackthis\HijackThis.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

    ----------------------------------------------------------------------


    thank you
     
  4. support.grisoft

    support.grisoft Grisoft Team

    Joined:
    Oct 27, 2007
    Posts:
    30
    Hi,

    as I see you are using one antivirus and three anti-spyware products together on system "C". There could be a conflict between them. Generally the use of more than one anti-virus/anti-spyware system under the same operating system is NOT recommended because of possible conflict in their main parts, usually in the resident scanning system. It could, unfortunately, cause unexpected failures to your system.

    You mentioned that the problem seems to be solved now - in case the problem reappears again, please try to uninstall other anti-spyware products from your computer.

    Thank you.

    Karel Stavik
    AVG Second Level Support
     
  5. mph

    mph Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    3
    Thank you Karel

    I'll probably disable the counterspy service and manually start it when I want to do a scan.
     
Thread Status:
Not open for further replies.