Wormguard & Regrun

Discussion in 'WormGuard' started by Caratacus, Sep 12, 2003.

Thread Status:
Not open for further replies.
  1. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    Installed Wormguard trial on Windows XP pro. As soon as activated Regrun/Watchdog reported EAccessViolation and will not run. Is this a known issue?

    Regards

    Paul
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Welcome Caratacus
    Which of the two doesn't run, WG or RegRun?
    First time i hear this.
    Is there no option to choose to let it run anyway?
    Both programs go very deep into your system; did you disable all AV/AT and registry protection during installing WG? After you can enable them again.
    RegRun has to know WG is a new tool on the system which is allowed to check files and WG has to know RR is there to protect the registry.
    Hope a RegRun user can jump in here to tell exactlhy which options to use.
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Wormguard and RegRun work perfectly together. There should be no issue.

    wizard
     
  4. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    I've had Regrun going for a three weeks, no problems. Installed Wormguard today, with Nod Amon disabled, rebooted. Regrun icon came as usual to taskbar. Right click now produces 'EAccessViolation" message, Windows offers to notify Microsoft, Reg run closes down. When I disable Wormguard, Regrun works as normal. Enable Wormguard and it all happens again the same.
     
  5. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Strange, real strange. Also from my understanding how both programs work there shouldn't be any reason for conflicts. o_O

    wizard
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I wonder if it would help to uninstall both, first install WG and reboot and after RegRun, maybe reboot again and see if this solves the problem.
    WG has not the habit to overwrite existing files, but this way you can be sure all is properly registered again too, and RegRun will look at an existing situation.
    You could also open WG and put RegRun in the exclusion list and see if that solves it.

    You could like to look if maybe some system file or other parts needs repaired, try to look with this LSPfix anyway just to make sure: unzip and look, it will tell you if there is something to fix which can be done with this same tool.
    http://www.cexx.org/lspfix.zip
    Nice little tool, free, doesn't harm either.

    Please let us know how it goes.
     
  7. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    Before I read your replies I already uninstalled WG, rebooted, disabled Nod as before but this time also exited RRun. Installed WG, rebooted, enabled WG, & now RR runs fine. If it falls over again I'll let you know, but so far no probs.

    Thanks for the prompt help: much appreciated. Hopefully I can evaluate WG now.
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Aha, i missed the fact you had not closed RegRun at the install of WG too! Glad you worked it out, as i think all should be fine now.
    Thanks for telling and keep us informed if there are new questions!
     
  9. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    It's happening again, the same as described above, after 1/2 an hour of working ok. As soon as I uninstall WG RegRun watchdog works ok again. Installing WG is the only thing that has changes on my machinw prior to this problem. I am running XP pro on pentium 4.

    When I get time I will uninstall RR and reninstall WG and see what happens, but at the moment they are not playing together nicely for me.
     
  10. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    OK, here's an update. I have uninstalled RR, rebooted, and installed WG while Amon was disabled, then rebooted.

    I didn't mention this before but part of the symptoms from the first installation of WG was that my mouse started misbehaving. The cursor jumps around the screen especially when the screen is being redrawn. I'm using a Microsoft wireless optical wheel mouse (and wireless keyboard). This is *not* a problem when WG is not installed, but *immediately* becomes a problem on WG installation.

    For that reason alone I can't keep WG on my machine. I hope the problem is fixed in WG4 because I would really like to use this program.

    Nevertheless I will reinstall RR in a few hours to see how it coexists with WG. I will report back.
     
  11. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    I've reinstalled RR. As before, access violations PLUS the messed-up mouse mentioned above.

    So I unstalled WW: RR working fine now.

    To fix mouse I had to (as 1st time round) reinstall Intellipoint software. So WG must corrupt that somehow.

    *sigh!* ....Maybe WG4...
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Both behaviors are strange to me, many intelli/cordless mice around and RR and XP home or pro with WG, so i wonder.............
    Is the mouse misbehaving more often?
    Had you Word up or another program accepting voice commands? Did closing Word or another voice recognition program help to test it out?
    I don't run XP, can imagine in the control panel could be in the speech control a place to either close voice recognition or maybe change some settings for the sensitivity.
     
  13. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    Hi Jooske! No, the mouse normally runs fine & has never otherwise misbehaved. The computer was built only 8 weeks ago so there's not a lot of software on it.

    Looking at the control panel I see that there is a speech properties panel. I never have nor would use this feature. Are you suggesting that it might interfere with WG?

    I don't want to spend your or my time trying to fix this: I'll just have to live without WG (for a while at least). I'm posting now really becuase I guess that Diamond CS and Greatis should be aware that it's a possible issue - well, it's a definite issue on my machine.

    Paul
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    XP has by definition the SAPI5 speech / voice control / voice recognition (VR) build in. So Word and several other programs, maybe Windows as a whole could use VR. Have a look in that speech control center if there are setting to configure.

    A wireless mouse wil act if a program asks so; there have been several users in general who either stopped the VR or changed for a cord mouse and their problems were over. Imagine: Word is open, waiting for dictation, you make some noice and it tries to display your words; somehow the mouse reacts on that too.
    I don't have this equipment, so i can't test and describe from own experience.

    Why it shows up with WG i really can't even imagine, as it has never been shown before and it should not interfere with WG at all, it never did either.

    I'm in the dark at the moment. You tried the different orders of installing with and without RR or WG first and after the other with the same results, you tried to exclude RR from WG which after several minutes again gave problems, so it's hard to say what more to try.
    When you run dr.Watson, does that give any indications?
    I found surprising analyses with that which were sometimes even helpful.
     
  15. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hello all,

    Just another comment that i have used WG with both RR and intellipoint on both win xp home and pro for a while and never had any problems. They all have lived side by side on my system for quite some time with no conflict....

    Regards,
    Kent
     
  16. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks Kent,
    maybe there are some settings to look at especially?
     
  17. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    The thing that comes to my mind is some other install conflict from some other software that has chnged some common file and driver that is common to WG, RR, and intellipoint.... This is the only thought that comes to mind at the moment for me....

    HTH....

    Regards,
    Kent
     
  18. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    Here is installed software if it helps. Asterisked progs run at startup:

    --------[ AIDA32 (c) 1995-2003 Tamas Miklos ]---------------------------------------------------------------------------

    Version AIDA32 v3.78.6
    Author tamas.miklos@aida32.hu
    Homepage http://www.aida32.hu
    Report Type Quick Report
    Computer LEVIATHAN (Paul's pc)
    Generator Stevens
    Operating System Microsoft Windows XP Professional 5.1.2600 (WinXP Retail)
    Date 2003-09-20
    Time 11:46


    --------[ Installed Programs ]------------------------------------------------------------------------------------------

    Ace Utilities 2.1 1.5 MB
    Ad-aware 6 Personal 6.0 2.3 MB
    Adobe Acrobat 5.0 5.0 12.6 MB
    Adobe Download Manager 1.2 (Remove Only) Unknown
    Adobe Reader 6.0 6.0 43.5 MB
    AdSubtract PRO 4.4 MB
    Ahead NeroMediaPlayer Unknown
    AxCrypt (remove only) (shell) 652.0 KB
    Chimp Notes Pro 860.0 KB
    ClipMate 6.1 4.0 MB
    CloneCD 5.4 MB
    CLOX 2000 684.0 KB
    Copernic Agent Professional 9.7 MB
    Dave's Quick Search Deskbar (remove only) 332.0 KB
    DiamondCS TDS ExecProt Module Unknown
    DiamondCS TDS-3 5.6 MB
    Diskeeper Professional Edition 8.0.459 11.0 MB
    DocCommander 1.2 (v1.20.11) 412.0 KB
    DU Meter 1.5 MB
    Enable S3 for USB Device 20.0 KB
    EPSON PhotoQuicker3.2 26.5 MB
    *EPSON Printer Software Unknown
    EPSON TWAIN 5 936.0 KB
    Eraser (shell) 5.7 3.1 MB
    ESC61 Problem Solver 920.0 KB
    * FinePrint Unknown
    Forté Agent 9.6 MB
    GPSoftware Directory Opus 1004.0 KB
    Icon Clock - 5.4 628.0 KB
    Image Resizer Powertoy for Windows XP 1.00.0001 37.0 KB
    Intel(R) PRO Network Adapters and Drivers 2.9 MB
    Intel(R) PROSet 6.05.2001 14.8 MB
    IntelliComplete (remove only) 2.9 MB
    Internet Explorer Q822925 1.3 MB
    Java 2 Runtime Environment, SE v1.4.1_01 1.7 MB
    Java Web Start 1.8 MB
    JGsoft EditPad Pro 4.5.5 1.6 MB
    jv16 PowerTools 1.4 2.4 MB
    LanTalk XP Uninstall 2.8 1.2 MB
    *LiveReg (Symantec Corporation) 2.2.5.1678 2.0 MB
    *LiveUpdate 1.80 (Symantec Corporation) 1.80.19.0 4.8 MB
    LunarPhase V2.62 3.5 MB
    Macquarie Dictionary Speller 1.00.0000 364.0 KB
    * MaDdoG PaneKiller 872.0 KB
    Mailbag Assistant (Remove only) 3.5 3.2 MB
    Microsoft Baseline Security Analyzer 1.1.1 2.9 MB
    * Microsoft IntelliPoint 5.0 5.00.174.0 Unknown
    Microsoft IntelliType Pro 2.2 2.20.447.0 6.5 MB
    Microsoft Office Sounds 1.0.0.0 576.0 KB
    Microsoft Office XP Media Content 10.0.2619.0 88.0 MB
    Microsoft Office XP Professional with FrontPage 10.0.4330.0 504.8 MB
    Nero - Burning Rom 5.5.9 50.2 MB
    NOD32 Antivirus System 16.9 MB
    * Norton Internet Security 6.0.2.0 25.5 MB
    NoteTab Pro (Remove only) 4.95 3.6 MB
    Opera 20.7 MB
    Outlook Express Update Q330994 Unknown
    Powermarks 3.5 7.0 MB
    Quick View Plus 27.4 MB
    ReadyToPrint Organizer 3.1 MB
    Realtek AC'97 Audio 1.3 MB
    * RegRun Security Suite Gold 6.9 MB
    RegScrubXP 3.2 784.0 KB
    RegSupreme 1.0 460.0 KB
    Second Copy 2000 4.5 MB
    SocketWatch 512.0 KB
    Spybot - Search & Destroy 1.2 1.2 10.1 MB
    * SpywareBlaster v2.6 2.6 1.4 MB
    The Bat! 6.5 MB
    Tweak UI Unknown
    UltimaShell (remove only) 2.7 MB
    Universal Biorhythms 2.02.1 2.02.1 1.4 MB
    Visual Day Planner 7.8 MB
    WebFldrs XP 9.50.6513 Unknown
    Window Washer 5 2.1 MB
    Windows XP Hotfix - KB821557 20030611.134342 Unknown
    Windows XP Hotfix - KB823559 20030701.220428 Unknown
    Windows XP Hotfix - KB823980 20030705.121219 Unknown
    Windows XP Hotfix - KB824105 20030724.164839 Unknown
    Windows XP Hotfix - KB824146 20030825.150526 Unknown
    Windows XP Hotfix (SP2) [See Q329048 for more information] Unknown
    Windows XP Hotfix (SP2) [See Q329115 for more information] Unknown
    Windows XP Hotfix (SP2) [See Q329390 for more information] Unknown
    Windows XP Hotfix (SP2) [See Q329834 for more information] Unknown
    Windows XP Hotfix (SP2) Q328310 20021122.122733 Unknown
    Windows XP Hotfix (SP2) Q329170 20030102.120145 Unknown
    Windows XP Hotfix (SP2) Q329441 20021114.125038 Unknown
    Windows XP Hotfix (SP2) Q331953 20021107.174736 Unknown
    Windows XP Hotfix (SP2) Q810565 20021127.115011 Unknown
    Windows XP Hotfix (SP2) Q810577 20021118.135247 Unknown
    Windows XP Hotfix (SP2) Q810833 20021203.201545 Unknown
    Windows XP Hotfix (SP2) Q811493 20030424.101451 Unknown
    Windows XP Hotfix (SP2) Q814033 20030131.164620 Unknown
    Windows XP Hotfix (SP2) Q815021 20030501.165608 Unknown
    Windows XP Hotfix (SP2) Q817287 20030325.164011 Unknown
    Windows XP Hotfix (SP2) Q817606 20030331.103753 Unknown
    Windows XP Hotfix (SP2) Q819696 20030513.102848 Unknown
    WinFast(R) Display Driver 4.2 MB
    WordWeb 2.2 9.0 MB
     
  19. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You might like to get the AutoStartViewer from the free tools at the www.diamondcs.com.au site under products, check all available options and save the output to a txt log and post that here, we might see more as it gives the registry keys with that too.

    Generally spoken i heard many problems caused by the hotfixes, but which one caused which problems...... ?
     
  20. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    Jooske,

    I reinstalled WG again & this time I put RR watchdog.exe in the allowed list (I hadn't done this on previous occasions). Then I uninstalled Intellipoint & reinstalled it. It's been working OK for an hour or so. Here's hoping.

    Here's what Autostartviewer says:

    DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Stevens@LEVIATHAN, 09-20-2003
    c:\windows\system32\autoexec.nt
    C:\WINDOWS\system32\mscdexnt.exe
    C:\WINDOWS\system32\redir.exe
    C:\WINDOWS\system32\dosx.exe
    c:\windows\system32\config.nt
    C:\WINDOWS\system32\himem.sys
    c:\windows\system.ini [drivers]
    timer=timer.drv
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    c:\windows\system.ini [boot]\scrnsave.exe
    C:\WINDOWS\System32\ssstars.scr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    C:\WINDOWS\Explorer.exe
    HKCU\Control Panel\Desktop\scrnsave.exe
    C:\WINDOWS\System32\ssstars.scr
    HKCR\vbsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PRONoMgr.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan
    C:\WINDOWS\SOUNDMAN.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
    C:\WINDOWS\System32\\NeroCheck.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
    RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
    nwiz.exe /install
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IntelliType
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui
    C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CloneCDElbyCDFL
    C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FinePrint Dispatcher v5
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PrinTray
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ccApp
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy
    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IntelliPoint
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter
    RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Regrun2
    C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
    C:\WINDOWS\System32\CTFMON.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\System32\webcheck.dll
    C:\WINDOWS\System32\stobject.dll
    C:\WINDOWS\System32\upnpui.dll
    C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~LEVIATHAN Stevens.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\2 Copernic Daily ~LEVIATHAN Stevens.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\3 Copernic Weekly ~LEVIATHAN Stevens.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\4 Copernic Monthly ~LEVIATHAN Stevens.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\Documents and Settings\Stevens\Start Menu\Programs\Startup\PaneKiller.lnk
    C:\Program Files\MaDdoG\PaneKiller\PaneKill.exe
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    C:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    C:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    C:\WINDOWS\system32\imon.dll
    C:\WINDOWS\system32\mswsock.dll
    C:\WINDOWS\system32\rsvpsp.dll
    HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
    C:\WINDOWS\system32\JAVASUP.VXD
    HKLM\System\CurrentControlSet\Services\VxD\VGARTD\
    vgartd.vxd
     
  21. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Caratacus,

    What do you mean by "allowed list"?

    Regards,
    Kent
     
  22. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    On the Wormaguard Control panel it says "Blocked/Allowed files' & has a button for editing each. I pressed "Allowed List Editor" and added watchdog.exe & regruncenter.exe.

    However that doesn't seem to have fixed it. Again after 1/2 - 1 hour working ok it has started access-violation warnings agai when I try to run RR center by right clicking th RR icon in taskbar. Windows offers to report and RRWatchdog closes down when you exit RRCenter.

    Dr Watson says there are no problems.

    o_O
     
  23. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Caractus,

    Could you tell some more about if and how you have configured RegRun > security > antireplacement as well as File Protection?

    regards.

    paul
     
  24. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    Paul,

    RegRun is set to default values. I have not changed the settings that automatically install. So Security is set to "Medium Level" with Antireplacement on but no target set in the Antireplacement panel. File Replacement is off as per the default.

    Caratacus
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Does it always happen after 1/2 hour or half an hour doing nothing, or at starting or closing a special task/program, anything to find out if there could be a special process causing the problem.
     
Thread Status:
Not open for further replies.