Out of Ideas

Discussion in 'NOD32 version 2 Forum' started by Chiana, May 19, 2005.

Thread Status:
Not open for further replies.
  1. Chiana
    Offline

    Chiana Registered Member

    Hi Everyone,

    I'm an ex-member of the "Error Occurred while Scanning operating Memory" club. To be a member you need to be able to reproduce the following on your pc:

    Error Occurred while scanning operating memory. System memory cannot be scanned (the kernel service is not running or an error occurred while loading nod32m1.vxd)

    Marcos mentioned in one of the threads this would be resolved in the new version. Well, I'm happy to report that error is gone, but replaced with something even better in v2.5.

    I'm now forming a new organisation, with a very long and impressive title:

    The "Unable to Run on Demand Scanner, In Depth Analysis or Scan Local Disks modules" Assoc.

    Here's a summary:

    This is a clean installation, WinXP Pro, SP2.


    NOD32 antivirus system information
    Virus signature database version: 1.1100 (2005051:cool:
    Dated: Wednesday, 18 May 2005
    Virus signature database build: 5616

    Information on other scanner support parts
    Advanced heuristics module version: 1.013 (20050303)
    Advanced heuristics module build: 1078
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.030 (20050419)
    Archive support module build version: 1117

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.50.16
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.50.16
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.50.16

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (3000 MHz)

    What actually happens when I try to run any of the scans is the scanning window appears and then vanishes within seconds. My greatest success is with the in-depth analysis scan window which manages to stay on screen long enough for me to see that it reports scanning memory then vanishes the way of the other modules.

    The old version of NOD was uninstalled by quitting the program, uninstalling via the uninstall utility, deleting the Eset folder and restarting. Downloaded the new version, installed. I have uninstalled and reinstalled 3 times (guess 3 times lucky just doesn't work for me), have also tried downloading v2.5 again in case it was a corruption issue.

    My next option is to pull my hair out - bald would not be a good look for me!

    HELP!!!! Calling all resident white knights - Blackspear, Happy Bytes, Marcos to name a few!

    Thank you to all that aid in my quest to exorcise whatever is haunting this pc! :eek: :rolleyes: :D :ninja:
  2. Firecat
    Offline

    Firecat Registered Member

    I am bumping this thread so the knights can take notice :)
  3. NOD32 user
    Offline

    NOD32 user Registered Member

    ...can you right click a folder, scan with NOD32?
    Does that work?
    If it does I'd be interested to hear what happens if you open My Computer,
    right click on your C drive and let it run.
    ....or a command line scan. For example try Start --> Run and then copy and paste the following code
    Code:
    "C:\Program Files\Eset\nod32.exe" /local /adware /ah /all /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /pack+ /quarantine /scanboot+ /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /wrap+
    If both of those fail and both fail to find any thing then I guess we'll have to keep waiting for another solution...:)
    Last edited: May 20, 2005
  4. Marcos
    Offline

    Marcos Eset Staff Account

    Try the following:
    - uninstall NOD32
    - reboot the machine
    - run setup.exe from the eset/install folder
    - untick the "Use current settings" checkbox
    - run the installation in Typical mode and finally reboot the machine
  5. Chiana
    Offline

    Chiana Registered Member

    Hi Everyone,

    Sorry for the delay in replying - cable internet was down for 6 hours.

    Thank you Firecat, have a bowl of milk on me! ;)

    Tried that, good suggestion, but no luck. Up comes the scan box for 1 or 2 secs and there goes the scan box...

    Another great suggestion, here's an even more interesting response:



    Hi Marcos,

    I'll give your idea a shot and will be back with good news, (I hope). ;)

    Thank you all white knights for your suggestions and help. I'll be back!!

    Attached Files:

  6. Chiana
    Offline

    Chiana Registered Member

    Hi again,

    First, the pic I pasted in the previous post somehow didn't end up in the location I intended. This is the error I received when I tried NOD32's suggestion of a command line scan.

    Marcos,

    Unhappily, this suggestion was also unsuccessful. :'(

    I am seriously thinking of shipping this pc to Eset so you can have a one to one chat with it. My kingdom for a solution! :(

    Regards

    Chiana
  7. Happy Bytes
    Offline

    Happy Bytes Guest

    Fact 1:
    You have to include the command line path in QUOTES (" blablabla ") because C:\Program SPACE Files\BlaBlaBla does include a space which is detected as delimiter! :D

    Fact 2: Disable ALL POSSIBLE SETTINGS like Heuristics, Archiv Scanning, Runtime etc - DISABLE ALL IN THE SETUP ! And i mean REALLY ALL...

    Then try again and report here :ninja:
  8. BlueZannetti
    Offline

    BlueZannetti Administrator

    Chiana,

    That screen shot is strange. The command line looks like it is being truncated at the first space. Assuming you entered the command line properly, this indicates a problem outside of NOD32. Either a system issue, or something intercepting the command line arguments and truncating them.

    Blue

    PS - as HB notes above, you need the quotes to avoid a valid truncation of the command line
  9. Marcos
    Offline

    Marcos Eset Staff Account

    Be sure you put the speech marks at the right location, or try the following syntax:
    C:\Progra~1\Eset\nod32.exe /local /adware /ah /all /arch+ /clean /cleanmode
  10. Chiana
    Offline

    Chiana Registered Member


    Hi Happy Bytes,

    Fact 1: Score a point to HB...stupid me left the quotes off the end of the command line path. One more point to add to my list of dumb things I've done.
    Fact 2: Disabled all settings as requested - no good.

    Marcos and Blue Zanetti - Quick pickup on the quotes missing, but HB beat you to it.

    And after attempting a command line scan, with the quotes, ;) :D the scan box appears for a moment and vanishes in the blink of an eye?

    Heck of a problem, any more takers?
  11. Happy Bytes
    Offline

    Happy Bytes Guest

    yes... copy nod32.exe into your root folder, rename it to happy.exe and copy it back into the nod program folder. than start happy.exe (that's actually NOT a joke - just do it... )
  12. Chiana
    Offline

    Chiana Registered Member

    Hi HB,

    Ran happy.exe and Wormguard did its job:

    Will disable WG and report back.

    Rgds

    Chiana

    Attached Files:

    • WG.jpg
      WG.jpg
      File size:
      50.4 KB
      Views:
      501
  13. Chiana
    Offline

    Chiana Registered Member

    Ran happy.exe without Wormguard protection and NOD32 scan box did its appearing/disappearing act. :ninja:

    Chiana
  14. BlueZannetti
    Offline

    BlueZannetti Administrator

    Not the first time, definitely won't be the last either - of course, I'm still working on my first coffee of the AM :)

    Blue
  15. BlueZannetti
    Offline

    BlueZannetti Administrator

    Chiana,

    Could you post a screen shot of the processes that are currently running? I'd recommend using ProcessExplorer with image path and command line columns enabled.

    Blue
  16. Chiana
    Offline

    Chiana Registered Member

    And it's getting late here, brain is not working 100%, getting tired. Thinking of taking a drink as well, but not coffee ;) :ninja: :D

    Chiana
  17. Chiana
    Offline

    Chiana Registered Member

    Hi Blue Zanetti,

    Here you go. Had to play around until I reduced the file to an acceptable size.

    Attached Files:

  18. Happy Bytes
    Offline

    Happy Bytes Guest

    kill devldr32.exe :D
    Stop... just saw Creative Installed. Dont kill :ninja:
  19. Happy Bytes
    Offline

    Happy Bytes Guest

    Post a hijackthis log.... this screenshot does not include all visible areas...
  20. BlueZannetti
    Offline

    BlueZannetti Administrator

    Also, what's off screen in the shot you provided? Could you post a second one paged to the bottom?

    Blue
  21. Chiana
    Offline

    Chiana Registered Member

    Page 2:

    Attached Files:

  22. Chiana
    Offline

    Chiana Registered Member

    HJT log as requested:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:06:50 PM, on 20/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\SpyBlocker Software\spyblocker.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_4.09_windows_intelx86.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AccountLogon\AccountLogon.exe
    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_4.09_windows_intelx86.exe
    C:\DOCUME~1\Irene\LOCALS~1\Temp\Rar$EX00.000\procexp.exe
    C:\Documents and Settings\Irene\My Documents\HijackThis1.99.1.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://CCS:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ieCom Class - {C6CEAC32-D45C-11D4-94AF-0050BABD5FD6} - C:\Program Files\URL Organizer\UrlOrgIE.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [AccountLogon] C:\Program Files\AccountLogon\AccountLogon.exe /regserver
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-irene.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-irene.html (HKCU)
    O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-irene.html (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cometcomputers.com.au
    O17 - HKLM\Software\..\Telephony: DomainName = cometcomputers.com.au
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cometcomputers.com.au
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  23. Firecat
    Offline

    Firecat Registered Member

    I am bumping this thread again, so everyone can take notice :)
  24. Chiana
    Offline

    Chiana Registered Member

    Good stuff Firecat,

    Careful, you may get a reputation as official forum bumper. :D :cool:

    Rgds

    Chiana
  25. puff-m-d
    Online

    puff-m-d Registered Member

    I see nothing bad in your HJT log. You have a few resource hogs you may want to get rid of unless you really need them but other than that your log looks clean to me.

    The resource hogs I see are:
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    (Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    (Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.)

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    (Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )
Thread Status:
Not open for further replies.