Memory Object Scan Problem

Discussion in 'Trojan Defence Suite' started by blaster1, Aug 14, 2004.

Thread Status:
Not open for further replies.
  1. blaster1

    blaster1 Guest

    XP Home, 2.0 GHz, 512MB memory. The problem started after the problems with the TDS3 server updates was fixed (time reference). After an autoupdate and I reload TDS3, it would stop at the memory object scan. I would reboot the system and TDS3 would load OK during bootup. Now it has started to stall 100%. All other configuration selections work OK. If memory object scan is turned off, programs loads OK. With memory object scan on, program begins to load and when it gets to memory object scan it slows down. Then all free memory (298 MB) is consumed within a few seconds, while page memory increases. Program becomes unresponsive and I have to quit it. I have uninstalled and reinstalled TDS3, reinstalled VB6 files, completed TDS3 and NOD32 scans in safe mode. Have also unselected option to start on boot up and start by start up folder instead. No change. Have even tried running in safe mode under Admin (least number of programs running) but it still stalled. In addition ran Microsoft memory check program, everything OK.

    Thank you for helping in advance.

    Hijackthis log:

    Logfile of HijackThis v1.98.1
    Scan saved at 9:29:03 AM, on 14/08/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    I:\PROGRA~1\CachemanXP\CachemanXP.exe
    D:\WINDOWS\System32\imapi.exe
    i:\Program Files\Eset\nod32krn.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\system32\fxssvc.exe
    I:\Program Files\Raxco\PerfectDisk\PDSched.exe
    I:\Program Files\Eset\nod32kui.exe
    I:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    I:\Program Files\Logitech\iTouch\iTouch.exe
    i:\Program Files\Logitech\MouseWare\system\em_exec.exe
    I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    I:\PROGRA~1\PASSWO~1\PwAgent.exe
    I:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    I:\Program Files\FirstLine\Spybot - Search & Destroy\TeaTimer.exe
    I:\Program Files\PTSync\PTSync.exe
    I:\Program Files\UltraTv\QuickTV.exe
    I:\Program Files\SpywareGuard\sgmain.exe
    I:\Program Files\stickies\stickies.exe
    I:\Program Files\SpywareGuard\sgbhp.exe
    I:\Program Files\FirstLine\TDS3\tds-3.exe
    D:\WINDOWS\msagent\AgentSvr.exe
    K:\Zipped\Hijackthis\hijackthis1981\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com # This is TDS3 site
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - i:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\FirstLine\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - i:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
    O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - i:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
    O4 - HKLM\..\Run: [nod32kui] "i:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [WinPatrol] "i:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] i:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [PasswordAgent] I:\PROGRA~1\PASSWO~1\PwAgent.exe /minimize
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] I:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] i:\Program Files\FirstLine\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: QuickTV.lnk = I:\Program Files\UltraTv\QuickTV.exe
    O4 - Startup: SpywareGuard.lnk = I:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Stickies.lnk = I:\Program Files\stickies\stickies.exe
    O4 - Global Startup: Karen's Time Sync.lnk = I:\Program Files\PTSync\PTSync.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download using LeechGet - file://i:\Program Files\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://i:\Program Files\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: Parse with LeechGet - file://i:\Program Files\LeechGet 2004\\Parser.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
    O15 - Trusted Zone: http://*.windowsupdate.com
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Please try the SP6 update from here
    http://tds.diamondcs.com.au/index.php?page=files

    TDS shouldnt be set to load with Windows, if you want it to load automatically please create a shortcut in your Start Menu > Programs > StartUp folder to ensure it is one of the last programs loaded

    Log looks clean at a quick look
     
  3. blaster1

    blaster1 Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    1
    Thanks Gavin,

    I had already changed TDS3 to start via the startup folder as per forum suggestions. I then re-loaded VB6 SP - no luck. I then downloaded the SP individual files on your web page and loaded them in safe mode. Still memory object scan would not work. Then cleared the page file on shutdown. No change. Then cleared the prefetch, again no luck. But, I started to think about the VB6 SP files again. What other programs are needing VB6 files to run ?

    It was "Time Sync" by Karen's Power Tools. Its autoload option was turned on. There was a conflict between the two programs. The memory object scan would not run when Time Sync was loaded. I turned autoload off and unloaded the Time Sync program. Now TDS3 memory object scan works! I can still use Time Sync in manual mode, after TDS3 has finished loading. Still don't know why TDS3 didn't run properly in safe mode without Time Sync and other programs not loaded. Maybe it was a combination of turning off Time Sync and refreshing the VB6 SP files. I will drop a note to Karen's Power Tools about this conflict.

    Thanks again
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Very interesting..

    I would suggest you install the SP6 update again since those are the latest available runtime files. I'll have to find some time to update that files page too.. thanks for helping !

    PS I think we will change the object scan somewhat when we rebuild it and this problem should go away
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.