Out of Ideas

[Chiana]

Hi Everyone,

I'm an ex-member of the "Error Occurred while Scanning operating Memory" club. To be a member you need to be able to reproduce the following on your pc:

Error Occurred while scanning operating memory. System memory cannot be scanned (the kernel service is not running or an error occurred while loading nod32m1.vxd)

Marcos mentioned in one of the threads this would be resolved in the new version. Well, I'm happy to report that error is gone, but replaced with something even better in v2.5.

I'm now forming a new organisation, with a very long and impressive title:

The "Unable to Run on Demand Scanner, In Depth Analysis or Scan Local Disks modules" Assoc.

Here's a summary:

This is a clean installation, WinXP Pro, SP2.


NOD32 antivirus system information
Virus signature database version: 1.1100 (2005051
Dated: Wednesday, 18 May 2005
Virus signature database build: 5616

Information on other scanner support parts
Advanced heuristics module version: 1.013 (20050303)
Advanced heuristics module build: 1078
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.030 (20050419)
Archive support module build version: 1117

Information about installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.50.16
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.50.16
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.50.16

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1024 MB
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (3000 MHz)

What actually happens when I try to run any of the scans is the scanning window appears and then vanishes within seconds. My greatest success is with the in-depth analysis scan window which manages to stay on screen long enough for me to see that it reports scanning memory then vanishes the way of the other modules.

The old version of NOD was uninstalled by quitting the program, uninstalling via the uninstall utility, deleting the Eset folder and restarting. Downloaded the new version, installed. I have uninstalled and reinstalled 3 times (guess 3 times lucky just doesn't work for me), have also tried downloading v2.5 again in case it was a corruption issue.

My next option is to pull my hair out - bald would not be a good look for me!

HELP!!!! Calling all resident white knights - Blackspear, Happy Bytes, Marcos to name a few!

Thank you to all that aid in my quest to exorcise whatever is haunting this pc!

[Firecat]

I am bumping this thread so the knights can take notice

[NOD32 user]

...can you right click a folder, scan with NOD32?
Does that work?
If it does I'd be interested to hear what happens if you open My Computer,
right click on your C drive and let it run.
....or a command line scan. For example try Start --> Run and then copy and paste the following code

Code:

"C:\Program Files\Eset\nod32.exe" /local /adware /ah /all /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /pack+ /quarantine /scanboot+ /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /wrap+

If both of those fail and both fail to find any thing then I guess we'll have to keep waiting for another solution...

[Marcos]

Try the following:
- uninstall NOD32
- reboot the machine
- run setup.exe from the eset/install folder
- untick the "Use current settings" checkbox
- run the installation in Typical mode and finally reboot the machine

[Chiana]

Hi Everyone,

Sorry for the delay in replying - cable internet was down for 6 hours.

Quote:

I am bumping this thread so the knights can take notice

Thank you Firecat, have a bowl of milk on me!

Quote:

...can you right click a folder, scan with NOD32?

Tried that, good suggestion, but no luck. Up comes the scan box for 1 or 2 secs and there goes the scan box...

Quote:

....or a command line scan. For example try Start --> Run and then copy and paste the following code

Another great suggestion, here's an even more interesting response:

Quote:

Try the following:
- uninstall NOD32
- reboot the machine
- run setup.exe from the eset/install folder
- untick the "Use current settings" checkbox
- run the installation in Typical mode and finally reboot the machine

Hi Marcos,

I'll give your idea a shot and will be back with good news, (I hope).

Thank you all white knights for your suggestions and help. I'll be back!!

[Chiana]

Hi again,

First, the pic I pasted in the previous post somehow didn't end up in the location I intended. This is the error I received when I tried NOD32's suggestion of a command line scan.

Quote:

Try the following:
- uninstall NOD32
- reboot the machine
- run setup.exe from the eset/install folder
- untick the "Use current settings" checkbox
- run the installation in Typical mode and finally reboot the machine

Marcos,

Unhappily, this suggestion was also unsuccessful.

I am seriously thinking of shipping this pc to Eset so you can have a one to one chat with it. My kingdom for a solution!

Regards

Chiana

Fact 1:
You have to include the command line path in QUOTES (" blablabla ") because C:\Program SPACE Files\BlaBlaBla does include a space which is detected as delimiter!

Fact 2: Disable ALL POSSIBLE SETTINGS like Heuristics, Archiv Scanning, Runtime etc - DISABLE ALL IN THE SETUP ! And i mean REALLY ALL...

Then try again and report here

[BlueZannetti]

Quote:

Originally Posted by Chiana

Another great suggestion, here's an even more interesting response:

Chiana,

That screen shot is strange. The command line looks like it is being truncated at the first space. Assuming you entered the command line properly, this indicates a problem outside of NOD32. Either a system issue, or something intercepting the command line arguments and truncating them.

Blue

PS - as HB notes above, you need the quotes to avoid a valid truncation of the command line

[Marcos]

Be sure you put the speech marks at the right location, or try the following syntax:
C:\Progra~1\Eset\nod32.exe /local /adware /ah /all /arch+ /clean /cleanmode

[Chiana]

Quote:

Fact 1:You have to include the command line path in QUOTES (" blablabla ") because C:\Program SPACE Files\BlaBlaBla does include a space which is detected as delimiter!

Fact 2: Disable ALL POSSIBLE SETTINGS like Heuristics, Archiv Scanning, Runtime etc - DISABLE ALL IN THE SETUP ! And i mean REALLY ALL...

Hi Happy Bytes,

Fact 1: Score a point to HB...stupid me left the quotes off the end of the command line path. One more point to add to my list of dumb things I've done.
Fact 2: Disabled all settings as requested - no good.

Marcos and Blue Zanetti - Quick pickup on the quotes missing, but HB beat you to it.

And after attempting a command line scan, with the quotes, the scan box appears for a moment and vanishes in the blink of an eye?

Heck of a problem, any more takers?

yes... copy nod32.exe into your root folder, rename it to happy.exe and copy it back into the nod program folder. than start happy.exe (that's actually NOT a joke - just do it... )

[Chiana]

Hi HB,

Ran happy.exe and Wormguard did its job:

Will disable WG and report back.

Rgds

Chiana

[Chiana]

Ran happy.exe without Wormguard protection and NOD32 scan box did its appearing/disappearing act.

Chiana

[BlueZannetti]

Quote:

Originally Posted by Chiana

Marcos and Blue Zanetti - Quick pickup on the quotes missing, but HB beat you to it.

Not the first time, definitely won't be the last either - of course, I'm still working on my first coffee of the AM

Blue

[BlueZannetti]

Chiana,

Could you post a screen shot of the processes that are currently running? I'd recommend using ProcessExplorer with image path and command line columns enabled.

Blue

[Chiana]

Quote:

Not the first time, definitely won't be the last either - of course, I'm still working on my first coffee of the AM

And it's getting late here, brain is not working 100%, getting tired. Thinking of taking a drink as well, but not coffee

Chiana

[Chiana]

Hi Blue Zanetti,

Here you go. Had to play around until I reduced the file to an acceptable size.

kill devldr32.exe
Stop... just saw Creative Installed. Dont kill

Post a hijackthis log.... this screenshot does not include all visible areas...

[BlueZannetti]

Also, what's off screen in the shot you provided? Could you post a second one paged to the bottom?

Blue

[Chiana]

Page 2:

[Chiana]

HJT log as requested:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:50 PM, on 20/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_4.09_windows_intelx86.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AccountLogon\AccountLogon.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_4.09_windows_intelx86.exe
C:\DOCUME~1\Irene\LOCALS~1\Temp\Rar$EX00.000\procexp.exe
C:\Documents and Settings\Irene\My Documents\HijackThis1.99.1.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://CCS:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ieCom Class - {C6CEAC32-D45C-11D4-94AF-0050BABD5FD6} - C:\Program Files\URL Organizer\UrlOrgIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [AccountLogon] C:\Program Files\AccountLogon\AccountLogon.exe /regserver
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-irene.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-irene.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-irene.html (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cometcomputers.com.au
O17 - HKLM\Software\..\Telephony: DomainName = cometcomputers.com.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cometcomputers.com.au
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Firecat]

I am bumping this thread again, so everyone can take notice

[Chiana]

Good stuff Firecat,

Careful, you may get a reputation as official forum bumper.

Rgds

Chiana

[puff-m-d]

I see nothing bad in your HJT log. You have a few resource hogs you may want to get rid of unless you really need them but other than that your log looks clean to me.

The resource hogs I see are:
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
(Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.)

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )