can't install the nod32 antivirus rolled back at finishing

It's not NOD32 that is causing this problem, nor is it that their installer is failing, it's actually a problem within windows, probably a stuck registry key too deep to bother to look for.You will likely have success installing another antivirus program though, unless this problem within windows has an effect on that one as well.

This is usually a fool proof way to fix that, but like I said there is more you can do, but usually too deep to bother.

should be done in this order:

1. disable user account control and reboot.
2. run reset permissions.bat ( right click it and run as admin ) with subinacl in place in system32 folder and reboot.
3. run the eset uninstaller from safe mode.
4. delete INFCACHE.1 from the \windows\INF folder and reboot.
5. install the program.


Also, is your system possibly infected with a virus, are you installing to a clean system ?

You might want to try running malwarebytes' anti-malware ( google ) and see what comes up.Mabe a virus is preventing you from installing successfully.

 

I'm not an employee of Eset, if I was though, that statement would cut very deep.I'm just a volunteer.

I am a bit slow these days, took me a while to realize why your getting thousands of errors from subinacl.Right click reset permissions.bat and select run as administrator, even though your logged in as an admin, try that, and give this one more go, following that and the directions in post #26


edit again...........

I just started messing with windows vista not too long ago, and I disabled UAC right off the bat.I thought UAC was more HIPS than it actually is, but not the case, so....... you only have to right click reset permissions.bat and run as admin if your UAC is on and active, and you don't need to turn off UAC to complete these steps, you can leave UAC on, just make sure you right click and run as admin the .BAT file.

 

Make steps described here: http://kb.eset.com/esetkb/index?page=content&id=SOLN406

Post here logs: install.log and c:\windows\setupapi.log (for WinXP) or c:\windows\inf\setupapi.dev.log and setupapi.app.log (for Vista).

 

I did what you said but don't know how to post the log without making the post the longest in history. I couldn't attach it since the file size was too large.

 

I gave it another shot today, done as you said. One error occurred during the process, it was when the .bat file was running (I think it was finishing) when it said that subinacle had stop working...I just ignored it and continued with the rest, but, unfortunately, it still wouldn't install correctly.

btw, I really appreciate all your effort!

 

Maybe you can paste the contents of the logs in a PM to me or to someone @ Eset.

 

I just tried, but it was too long there as well.

 

You've been PM'd, should be able to sort this out quickly.

 

Ok, I pulled relevant info from all 3 logs.In the one log it says the only problem was the eamon service could not be installed, but in another log eamon and ehdrv the service installs get errors and the windows installer itself reports 1603 exit error code whice is fatal error.

>>> [SetupInstallServicesFromInfSectionEx - DefaultInstall.Services]
>>> Section start 2009/10/22 00:42:36.406
cmd: C:\Windows\system32\MsiExec.exe -Embedding 40B20E9F8E6DA3D6D77422BA71335C42 M Global\MSI0000
inf: {Install Inf Section [DefaultInstall.Services]}
inf: AddService=eamon,,EAMON.Service (eamon.inf line 25)
inf: ServiceType=2 (eamon.inf line 45)
inf: StartType=3 (eamon.inf line 46)
inf: ErrorControl=1 (eamon.inf line 47)
inf: ServiceBinary=C:\Windows\system32\DRIVERS\eamon.sys (eamon.inf line 44)
inf: DisplayName=eamon (eamon.inf line 42)
inf: LoadOrderGroup="FSFilter Anti-Virus" (eamon.inf line 4
inf: Description="Eset file on-access scanner" (eamon.inf line 43)
!!! dvi: Add Service: Failed to create service 'eamon'.
!!! inf: {Install Inf Section [DefaultInstall.Services] exit(0x00000005)}
!!! dvi: Error while installing services.
<<< Section end 2009/10/22 00:42:36.531
<<< [Exit status: FAILURE(0x00000005)]



*******************************************************************************************


>>> [SetupCopyOEMInf - C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf]
>>> Section start 2009/10/27 15:53:49.476
cmd: C:\Windows\system32\MsiExec.exe -Embedding 4F710356851BCFD72AD0DF8647C2ED43 M Global\MSI0000
inf: Opened INF: 'C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf' ([strings] <src = normal>)
inf: Opened INF: 'C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf' ([strings] <src = normal>)
<<< Section end 2009/10/27 15:53:49.517
<<< [Exit status: FAILURE(0x00000002)]


>>> [SetupCopyOEMInf - C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf]
>>> Section start 2009/10/27 15:53:49.706
cmd: C:\Windows\system32\MsiExec.exe -Embedding 4F710356851BCFD72AD0DF8647C2ED43 M Global\MSI0000
inf: Opened INF: 'C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf' ([strings] <src = normal>)
inf: Opened INF: 'C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf' ([strings] <src = normal>)
<<< Section end 2009/10/27 15:53:49.728
<<< [Exit status: FAILURE(0x00000002)]



*******************************************************************************************



=== Logging stopped: 2009-10-27 16:04:44 ===
MSI (c) (68:04) [16:04:44:736]: Note: 1: 1708
MSI (c) (68:04) [16:04:44:738]: Product: ESET NOD32 Antivirus -- Installation failed.

MSI (c) (68:04) [16:04:44:740]: Windows Installer installed the product. Product Name: ESET NOD32 Antivirus. Product Version: 4.0.314.0. Product Language: 1033. Installation success or error status: 1603.


Only thing I can see to try, since it tried to install is to look for the eamon, ehdrv and epfwwfpr key here:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

In the windows registry by typing " regedit " in the run box from the start menu and if those key exist, to delete them and also search your folder:

\Windows\System32\drivers\

for eamon, ehdrv and epfwwfpr files and if they exist to delete them, then reboot and try again.


This is a problem with windows, if it sees these things here, it won't recopy them ( in certain cases ) and the driver / service installation fails.It's almost like having a stuck registry key, so in that case deleting the entries from the services section of the registry and the files associated with those services should solve the problem.


Any of the Eset support guys here have any input ?

 

Also Avil, the fact that subinacl stopped prematurely is worrysome, you got a dialog box that said subinacl was not responding and forced you to exit ?

Are you using the windows firewall or a 3rd party firewall ?

Have you tried to run a full scan of Malwarebytes' anti-malware ( free download, google it ) to see if you have a virus present ? I have seen alot slip by symantec, which is what you had previously.You should run malwarebytes and make sure your installing to a clean system.Don't forget to update malwarebytes before attempting to run a scan.

 

I would also be tempted to download Nortons uninstaller to make sure that's gone properly.
Plus I'd use esets uninstaller as well.
and malware anti-malware twitched I would also be tempted to use combofix from www.bleepingcomputer.com

 

Norton leftovers would not affect a NOD32 install.

Eset's uninstaller might not have been able to remove a stuck registry key or something else windows thinks is still there, which is locking it from making a new copy.

Thats getting too carried away IMO, just malwarebytes should do.

 

It seemes you are trying to install old version 4.0.314. First of all try the latest one: 4.0.467. You can download it from ESET website.

If log file is very big, you can split it to more files and post it here. From install.log there is important section where is written: "return value 3". But ccomputertek didn't past it here.

Section from setupapi.log implies that there was problem to create eamon service, result was error 5 = Access denied. It can be helpfull to create ProcMon log (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) while running eset installation process. To make it smaller, set filter for process msiexec.exe. You can start to capture before last "Next" in wizard, when installation process itself proceeds. ProcMon's log file can be several tenths of MB big, so you need to upload it where possible.

 

She email them to me, I have since deleted the emails, but may be able to redownload the attachment sent.The log files were very large yes, perhaps deleting them and then recreating them with only the eset install procedure shown would have had a much smaller size, there were alot of redundant entries relating to other install and setup routines.I will try to get you the other info you said is missing from the install log.... trencan.

 

Regarding the subinacl, yes, it said it had stopped working...This has not happend before.

Using the windows firewall.

I ran the Malwarebytes ant-malware, it didn't find any threats. (But not a full one, I will do it as well).

 

When I removed Norton, I went into the registry and deleted the Norton folder as well as the Symantec folder. I don't know if it's relevant, but thought you should know. Did I mess up any reg. key there maybe?

 

No; the Norton/Symantec folders and registry keys have nothing to do with the ESET installation. It should be fine.

-Steve

 

To restrict only to eset install procedure was meant for "Process Monitor" log, not for setupapi log. Regarding large setupapi logs and install log, you can zip the files, it's pure text, should be much smaller.

 

I have it in a zip file, I can send it if anyone needs it.

 

MSI (s) (58:B [16:04:28:457]: Note: 1: 1406 2: Name 3: Software\ESET\ESET Security\CurrentVersion\Scheduler\1 4: 5
Error 1406. Could not write value Name to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System error . Verify that you have sufficient access to that key, or contact your support personnel.
MSI (s) (58:B [16:04:28:662]: Product: ESET NOD32 Antivirus -- Error 1406. Could not write value Name to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Like I said seems to be access, and also subinacl fails to reset access to admin and system account when ran.Try one more time to run reset permissions.BAT as right click and run as admin.

 

Action ended 16:04:42: ExecuteAction. Return value 3.
MSI (c) (68:04) [16:04:42:991]: Doing action: FatalError
Action 16:04:42: FatalError.
Action start 16:04:43: FatalError.
DEBUG: Error 2826: Control BottomLine on dialog FatalError extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalError, BottomLine, to the right
Action 16:04:43: FatalError. Dialog created

 

MSI (s) (58:B [16:04:37:785]: Note: 1: 1406 2: Name 3:
Software\ESET\ESETSecurity\CurrentVersion\Scheduler\1 4: 5
Error 1406. Could not write value Name to key \Software\ESET\ESET Security\CurrentVersion\Scheduler\1.
System error . Verify that you have sufficient access to that key, or contact your support personnel.
MSI (s) (58:B [16:04:38:878]: Product: ESET NOD32 Antivirus -- Error 1406. Could not write value Name to key\Software\ESET\ESET Security\CurrentVersion\Scheduler\1. System error . Verify that you have sufficientaccess to that key, or contact your support personnel.

Are you sure you want to cancel?
Action ended 16:04:40: InstallFinalize. Return value 3.
MSI (s) (58:B [16:04:40:273]: User policy value 'DisableRollback' is 0
MSI (s) (58:B [16:04:40:273]: Machine policy value 'DisableRollback' is 0
MSI (s) (58:B [16:04:40:286]: Executing op: Header(Signature=1397708873,Version=400,Timestamp=995852419,LangId=1033,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)

 

MSI (s) (58:B [16:04:42:675]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
MSI (s) (58:B [16:04:42:676]: Unlocking Server
MSI (s) (58:B [16:04:42:678]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
Action ended 16:04:42: INSTALL. Return value 3.
Property(S): DiskPrompt = [1]
Property(S): InstallMode = Typical
Property(S): UpgradeCode = {A233AA97-0D05-4E11-85D5-07F096D55073}
Property(S): EMsiInstallDrivers = {E2F78DDC-37FD-4F4D-8CA6-698D4F0A2BF8}
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwwfpr\
1

 

If Nortons hadn't come off cleanly and was still running in the back ground yes it could cause problems. Now it looks like avil has done some zapping which should be enough to kill it.

Lets see if the key is there.

go to start and type regedit.
open hkey_local_machine then software then eset then eset security then current version then scheduler and right click and check the permissions.

 

No, I mean it would not negatively affect your situation if you were to remove those files. He asked if it was possible that he messed up a registry key by doing this, and the answer is no. I always scrub the registry of Symantec entries and remove all straggling files after a Norton uninstall. I typically begin this process with the Symantec Removal Tool, actually, which automates the full removal fairly well.

-Steve