Moderators Andavari Posted October 18, 2005 Moderators Share Posted October 18, 2005 Has anyone else had any shutdown and restart issues with Microsoft AntiSpyware Beta 1 installed and resident with its Real-time protection. I've noticed that my system is taking longer to shutdown and restart if the Real-time protection system tray icon is loaded, manually closing it however resolves the issue with gcasServ.exe. It's also the first time I've seen WinXP display a message about a program not responding during shutdown and restart. Link to comment Share on other sites More sharing options...
DJpailo Posted October 18, 2005 Share Posted October 18, 2005 its beta, so its probably a bug.. http://www.lavasoftusa.com http://wiki.lunarsof.../PC_Maintenance Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 18, 2005 Author Moderators Share Posted October 18, 2005 Lol that's a no b.s. kind of answer. Straight to the point. Link to comment Share on other sites More sharing options...
Tarun Posted October 18, 2005 Share Posted October 18, 2005 What else do you typically run? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 18, 2005 Author Moderators Share Posted October 18, 2005 I suppose you'd need a HJT log for a proper analysis, am I right? Link to comment Share on other sites More sharing options...
Tarun Posted October 18, 2005 Share Posted October 18, 2005 That's up to you really. I've recently noticed my machine takes a bit longer to shutdown/reboot too, though I don't run the MSAS Real-Time agent. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 19, 2005 Author Moderators Share Posted October 19, 2005 Well I suppose it wouldn't hurt to verify my new install is clean. Logfile of HijackThis v1.99.1 Scan saved at 1:21:20 AM, on 10/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Push The Freakin Button\PTFB.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\CookieCop\CookieCop.exe C:\Program Files\Opera\Opera.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = %userprofile%\My Documents\ie_homepage.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = CookieCop:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dell.com; *.microsoft.com;<local> O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Microsoft AntiSpyware Real-Time Protection] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Microsoft IntelliType Pro (Wireless Keyboard)] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Microsoft IntelliPoint (Wireless Mouse)] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [broadcom Modem Messaging Applet] BCMSMMSG.exe O4 - Startup: Push The Freakin Button.lnk = C:\Program Files\Push The Freakin Button\PTFB.exe O4 - Startup: WinRAR SFX History Cleaner.lnk = C:\WINDOWS\regedit.exe O4 - Startup: WinRescue.lnk = C:\Program Files\WinRescueXP\RescueXP.exe O4 - Global Startup: CookieCop.lnk = C:\Program Files\CookieCop\CookieCop.exe O4 - Global Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126938267031 O17 - HKLM\System\CCS\Services\Tcpip\..\{C071DFBC-449B-44C0-B8F4-9210B12BC3B2}: NameServer = 67.134.110.5 67.134.110.2 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to comment Share on other sites More sharing options...
Tarun Posted October 19, 2005 Share Posted October 19, 2005 Clean, as expected. Link to comment Share on other sites More sharing options...
Ultimate Predator Posted October 19, 2005 Share Posted October 19, 2005 I have noticed nothing to be honest, though I have quite a few startup programs including this, so I probably wouldn't have noticed. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted October 20, 2005 Moderators Share Posted October 20, 2005 I can varify that MSAS causes a machine to boot slower even the real time protection is shut down. I don't use it anymore because of this reason. I would still let novice pc users get it though. But for me I don't want anything that will slow down my boot up. I haven't ever seen the error message that your getting though andavari. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 20, 2005 Author Moderators Share Posted October 20, 2005 I haven't ever seen the error message that your getting though andavari. <{POST_SNAPBACK}> It's like an old relic from the Win9x days (or an OS flashback), that would commonly have various programs that wouldn't allow a system to shutdown without forcing the program to exit. I've only seen it twice within the last month, and it's no problem to click the End Now button to force it to exit, but like I said it's only occurred twice. Link to comment Share on other sites More sharing options...
Ultimate Predator Posted October 20, 2005 Share Posted October 20, 2005 Actually, on occasions my PC does require me to hit end now. Could be it. When my PC gets fixed I'm doing a complete work-through on my PC for what should or shouldn't be there, I might get rid of it considering it is only a Beta program. What do you think? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 20, 2005 Author Moderators Share Posted October 20, 2005 When my PC gets fixed I'm doing a complete work-through on my PC for what should or shouldn't be there, I might get rid of it considering it is only a Beta program. What do you think? <{POST_SNAPBACK}> I will personally continue to use MSAS as long as it remains freeware. The reason I'll continue using it is because on my previous XP install I ignored what I thought were two constant false positives: An MSIE restricted website registry key, and a VISE uninstaller .exe file. I'm now thinking MSAS was correct in finding two infections. Now after the fresh XP install MSAS didn't detect anything even though I'm using the same software, drivers, etc., except for the OEM installed crapware like AOL, Music Match Jukebox, etc. Although it hasn't found anything as of yet on this fresh install, I won't so blindly ignore something it finds in the future just because other programs such as Ad-Aware, Ewido, and Spybot S&D don't. Link to comment Share on other sites More sharing options...
Ultimate Predator Posted October 20, 2005 Share Posted October 20, 2005 Just found out today some interesting facts; don't use real scanning for Microsoft antispyware, can cause installation problems with some programs, and apperantly don't use a Reg Cleaner of any sought, including that of CCleaner (came from a proffesional). Link to comment Share on other sites More sharing options...
Tarun Posted October 20, 2005 Share Posted October 20, 2005 Just found out today some interesting facts; don't use real scanning for Microsoft antispyware, can cause installation problems with some programs, and apperantly don't use a Reg Cleaner of any sought, including that of CCleaner (came from a proffesional). <{POST_SNAPBACK}> Install problems? False. No harm in registry cleaning as long as you're careful and make backups. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 21, 2005 Author Moderators Share Posted October 21, 2005 Just found out today some interesting facts; don't use real scanning for Microsoft antispyware, can cause installation problems with some programs, and apperantly don't use a Reg Cleaner of any sought, including that of CCleaner (came from a proffesional). <{POST_SNAPBACK}> Sound's like some "professional" has been telling you some b.s. The only install "problem" would be the detection of adware/spyware infested programs that should have been scanned in the first place. Of course MSAS or any other good antispyware program with real-time protection is going to halt something when it's detected, it isn't called real-time protection for nothing. Install problems? False. No harm in registry cleaning as long as you're careful and make backups. <{POST_SNAPBACK}> Agreed! Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 22, 2005 Author Moderators Share Posted October 22, 2005 Well I just discovered two reasons why MSAS may cause system shutdown/restart problems, since the real-time protection is sometimes very slow to notice a change in system security settings: 1. Inputting restricted sites into MSIE. 2. Inputting restricted sites into the HOSTS file. It however seems like more of a problem when inputting sites into the HOSTS file to block. I've waited a number of minutes (up to thirty) before MSAS even notifies that an addition/change was made in the HOSTS file, and if attempting to system shutdown/restart before the notification is displayed it may or will cause an issue during shutdown/restart. Link to comment Share on other sites More sharing options...
Ultimate Predator Posted October 23, 2005 Share Posted October 23, 2005 No, on MS Antispyware it can stop files being installed on the PC. Look, all I know is the guy disabled MS Antispyware real time and tried installing EZ Antivirus, and thus it worked. I agree about the issues though, I've never had a problem with them. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now