Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows programmes not working properly [CLOSED]


  • This topic is locked This topic is locked

#1
tomatoketchupandmustard

tomatoketchupandmustard

    New Member

  • Member
  • Pip
  • 5 posts
I have had this problem for a while: Some programmes do not work properly, especially, Internet Explorer, and sometimes other programmes too.

Seconds after opening a programme, I get an abrupt message saying, " [program] has encountered an error and needs to close ... we are sorry for any inconvinience caused"... I have to click OK, and the programme closes. Sometimes, the programme just closes anyway, while I am using it, without any error message. It seems like 'something' is closing the programme prematurely. A virus?

I am running IE now, in limited capacity, by right-clicking on the programme and clicking on "run-as" and then running it as the 'current user' and checking the box, "protect my computer and data from unauthorized program activity'. If i check that box, this makes the program work okay, but gives me VERY limited use of IE, no-popups, no links, no videos. I also can't get into sites where I input information, eg e-mail and signing into ebay etc.

Generally also, I cannot open files sometimes, and hyperlinks don't work too.

Below is a logfile of a HIjackThis scan I ran - means nothing to me, but it might make sense to anyone who knows.

Logfile of HijackThis v1.99.1
Scan saved at 09:03:51, on 26/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\me!\Desktop\hijackthis\HijackThis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O23 - Service: Advanced Direct Remailer (AdvancedDirectRemailer) - Tweak Marketing Inc. - C:\Program Files\Explorer\Adr.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Does anyone know what could be wrong?? Please let me know!

Cheers.

Edited by tomatoketchupandmustard, 25 November 2005 - 07:52 PM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
tomatoketchupandmustard

tomatoketchupandmustard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks Buckeye! I had the latest updates, but I think they must have gotten undone in a system restore. I had to go way back recently coz of malware. :tazz: Anyway,

I managed to download service pack 1a, but the setup and installation process does not complete because it says that the file wininet.dll is in use. I have closed all programmes and cannot pinpoint which programme is using the file. A google search on the filename suggests that it is a disguised name for a virus. Anything I could do to get rid of it? That could be the problem, or at least, it would put us some way through once the service pack is installed.

Thanks!
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's give this a try.

Please download SmitRem
  • Save the file to your desktop.
  • Right click on the file and extract it to it's own folder on the desktop.


Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.



Once in Safe mode, follow these steps:
  • Open the smitRem folder, then double click the RunThis.bat file to start the tool.
  • Follow the prompts on screen.
  • Wait for the tool to complete and disk cleanup to finish.
  • The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Post the log file from Smitrem as well as a new hijackthis log.


Try to install SP1a again and let me know how it goes.
  • 0

#5
tomatoketchupandmustard

tomatoketchupandmustard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Things are now worse than before! :tazz: I downloaded Smitrem, and ran it in safe mode, and it managed to identify that wininet.dll was the problem and relplaced the file successfully. Then, when it started to do the disk cleanup, it showed progress for a while and then the HDD light stopped flashing and things stood still - I was told it could take upto 3 hours. I waited 6 hours and then rebooted after nothing happened.

Then the problems began. On reboot, I could not even start WINXP! :) Basically, it would load until the WINXP log in page, I would type in my password, and then it would just stop there, it would not freeze, as the sound came on, HDD light would stop flashing, things remain still forever, but the cursor moves.

Until yesterday, I could go straight into WINXP and surf despite the problems. I had a 'guest user' account which was not affected by all this with full surfing capability, and was using that. Now, I don't even have that option, because WINXP just won't start. The only way I can get into my computer now is through Safe Mode (without net access too). I am literally in a cybercafe writing this now. Please :) !!!

Any ideas on what I can do in safe mode/Dos? Thanks!
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You have a few good options here before it gets too technical.

First, if you can get into Safe mode you can access System Restore.
Click Start -> All Programs -> Accessories -> System Tools -> System Restore.
Follow the prompts there and restore your computer to an earlier time.


If for some reason that doesn't work out for you then your next best option is repair installation of Windows XP.
For this you will need your Windows XP disc. Follow the instructions here.
http://www.geekstogo...p?showtopic=138


One of those options should get you back to booting up normally and then we'll resume. Please post a new hijackthis log and the log from SmitRem which should be located at C:\smitfiles.txt
  • 0

#7
tomatoketchupandmustard

tomatoketchupandmustard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey buckeye,

Thanks for your reply, and the advice! I tried system resore to a date a couple of days back immediately after the failure - it didn't work, and the problem still persists. In the meantime, as I have gone back, I have also lost the smitfile download. I still can't get into WinXP. It looks like I will have to reinstall WinXP - I am having the original CD shipped over to me, which will take a couple of days. I guess we could take it from then on. Please keep looking at the posts to when I get back on track please.

Cheers!
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
No problem. I will keep your thread open. Just post back when you are able. I'm sure I'll be around. :tazz:
  • 0

#9
tomatoketchupandmustard

tomatoketchupandmustard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Cheers!! Speak to ya soon. :tazz:
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP