Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

problematic errors


  • Please log in to reply

#1
blargh

blargh

    New Member

  • Member
  • Pip
  • 5 posts
1. I get a data execution prevention: explorer.exe error click ok and explorer shuts down. (start bar icons etc)

2. (some times) I get a buffer overflow (I think thats what it is) error for explorer and the effect is the same as 1 if you click ok.

3. I noticed some pop-ups so I started windows defender and it wouldn't update properly. So I went on to the microsoft website and downloaded the newest version and while
attempting to install it I get this error: The windows installer service could not be accessed (I get the same error for all .exe s requiring the "Windows Installer Service")

please help I'm going insane crazy.gif

log:

Logfile of HijackThis v1.99.1
Scan saved at 4:30:17 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

(log out of date see post below)

Edited by blargh, 19 June 2007 - 06:18 PM.

  • 0

Advertisements


#2
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello blargh, and welcome to Geeks to Go!. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
  • 0

#3
blargh

blargh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
update: found another anti-virus program heres what my log looks like now (still having problems)

Logfile of HijackThis v1.99.1
Scan saved at 8:14:40 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Matt\MYDOCU~1\SSEMBL~1\dexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WarpSpeeder\BSTrayicon.exe
C:\Program Files\WarpSpeeder\WarpSpdr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\WinPop" > nul
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Usah] "C:\DOCUME~1\Matt\MYDOCU~1\SSEMBL~1\dexplore.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158785074352
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Edited by blargh, 19 June 2007 - 06:16 PM.

  • 0

#4
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello, blargh.
________________________________________________________________________________
Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is NOT available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: Updating Java SE Runtime Environment (JRE)
Your Java is out of date. Older versions have vulnerabilities that malware can and are using to infect systems. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them.
Please follow these steps to remove older version Java components:
1. Close all programs - especially your web browser - so that you have nothing open and are at your Desktop.
2. Go to Start > Control Panel > Add/Remove Programs and check any item with Java Runtime Environment (JRE or J2SE) in the name.
3. Click the Remove or Change/Remove button next to these items to remove all Java versions.
4. Once all Java components are removed, reboot your computer.

Once rebooted, download and install the latest version of Java Runtime Environment (JRE) 6u1 by following these steps:
1. Go to http://java.sun.com/...loads/index.jsp.
2. Scroll down to where it says "Java Runtime Environment (JRE) 6u1 … The Java SE Runtime Environment (JRE) allows end-users to run Java applications.".
3. Click the Download button to the right.
4. Review the License Agreement and then select the radio button labelled "Accept License Agreement".
The page will refresh.
5. Click on the link to download the Windows Offline Installation and save the file to your Desktop.
6. From your Desktop, double-click the jre-6u1-windows-i586-p.exe file to install the newest version.

Step #2: Temporarily disabling Windows Defender's real-time protection
You have Windows Defender running on your machine and that is good. However, Windows Defender's real-time protection can interfere with the changes you will make on your system, so please follow these instructions to temporarily disable Windows Defender's real-time protection:
1. Open Windows Defender.
2. Click Tools, and then click General Settings.
3. Scroll down to Real-time protection options and uncheck the checkbox labelled "Turn on real-time protection (recommended)".
4. Click Save.
5. Close Windows Defender.

You can re-enable Windows Defender real-time protection once your system is clean by reversing these steps. I will let you know.

Step #3: Renaming HijackThis.exe
Navigate to C:\Program Files\HijackThis.exe using My Computer or Windows Explorer and right-click on the HijackThis.exe file. Select the Rename option from the right-click menu and rename HijackThis.exe to fluffybunny.exe and press Enter.

Step #4: Creating an uninstall list using HijackThis
We need to use HijackThis to create an uninstall list. Please provide me an uninstall list by performing these steps:
1. Open HijackThis (by double-clicking fluffybunny.exe).
2. Click once on the Config... button.
3. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
4. Click on the Open Uninstall Manager... button. You'll see a list of currently installed programs.
5. Click on the Save list... button and specify where you would like to save the uninstall list.
6. Click Save.
Notepad will open up with the contents of that file.
7. Copy and paste the contents of that Notepad file (uninstall_list.txt) as a reply to this topic.

Step #5: HijackThis scan
Scan with HijackThis (fluffybunny.exe) again and post a new HijackThis log.
________________________________________________________________________________
So in your next reply, please post the entire contents of:
- the created uninstall list (uninstall_list.txt)
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.
  • 0

#5
blargh

blargh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
forgive me if I am wrong but due to problems with windows installer service (see #3 in my first post) I'm pretty sure I won't be able to run jre-6u1-windows-i586-p.exe as it most likely requires the windows installer service. (will wait for your feedback before I take any action)

Edited by blargh, 20 June 2007 - 05:24 PM.

  • 0

#6
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello again, blargh.

forgive me if I am wrong but due to problems with windows installer service (see #3 in my first post) I'm pretty sure I won't be able to run jre-6u1-windows-i586-p.exe as it most likely requires the windows installer service.

There could be several causes for the error message you get.
The Windows Installer service may be disabled on your machine.
1. Go to Start > Run.
2. In the Open: field type services.msc and press the OK button.
3. When the WinXP Services utility starts up, click the Extended tab on the bottom and scroll down the list to find the Windows Installer service.
4. When you find the service, double-click on it.
5. In the Properties window > General tab that opens, check the value in the Startup type: field. If it is currently set to Disabled, then this is the problem. Change it by selecting Manual from the drop-down menu.
6. Click the Apply button, followed by clicking the OK button.
7. Close the Services window.
8. Reboot your computer if you changed the startup type.

If this did not resolve the issue, unregister and then reregister the Windows Installer. To do so, follow these steps:
1. Log on to your computer as an administrator. (IMPORTANT)
2. Go to Start > Run.
3. In the Open: field type cmd and press the Enter key on your keyboard.
A Windows Command Prompt window will come up on the screen.
4. At the Command Prompt, type msiexec /unregister and press Enter.
NOTE: Even if you do this correctly, it may look like nothing occurs.
5. Type msiexec /regserver and press Enter.
NOTE: Even if you do this correctly, it may look like nothing occurs.
6. Reboot the computer to make the changes take effect.

If this neither resolved the issue, try reinstalling the Windows Installer. To do so:
1. Copy the entire contents inside the CODE box below into Notepad. Then click File > Save and save as rename.bat (save as type: All files) to the Desktop.
@echo off
attrib -r -s -h C:\WINDOWS\system32\dllcache
cd C:\WINDOWS\system32
ren msi.dll msi.old
ren msiexec.exe msiexec.old
ren msihnd.dll msihnd.old
exit
WARNING: The above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
2. Go to the Desktop and double-click rename.bat. A DOS box flashes up quick and then disappears. This is normal.
3. Reboot the computer.
4. Update the Windows Installer files on your hard drive to the latest version. To do so, download and install Windows Installer 3.1 from the Microsoft Download Center: Download details: Windows Installer 3.1 Redistributable.
________________________________________________________________________________
See if you do not get the error message anymore when running the Windows Installer. If one of the methods described above resolved the Windows Installer issue, then please continue with the steps provided in my previous post. If the methods above did NOT resolve your issue, tell me before proceeding.
  • 0

#7
blargh

blargh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
thanks for the info however I am going on vacation for a week and will not be able to continue this untill I get back.
  • 0

#8
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
No problem at all. Take your time and enjoy your holiday! :whistling: I'm looking forward to your reply when you get back.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP