Error messages... [Archive] - Glock Talk

PDA

View Full Version : Error messages...


AC37
08-28-2005, 02:22
I've been looking at wiping and reinstalling everything on my HD due to a malware/virus problem I mentioned in a previous thread, but recently I've been getting error messages that make me wonder if the problem is actually some kind of RAM problem instead. I've been getting error messages upon closing Windows Media Player (never during usage or opening), message as follows:

-------------------------------------------------------

wmplayer.exe - Application Error

The instruction at "0x77f5215e" referenced memory at "0x00160004". The memory could not be "written".

--------------------------------------------------------

I've been getting more and more of these error messages with various programs that reference a memory address that almost always start with "0x". That includes McAfee ActiveShield, which will not initialize on startup _ever_ as it is supposed to (0x Memory error message). A few days ago when I attempted to reinstall Windows, I got another error message referencing an "0x" memory address that prevented the reinstall, leaving me stuck with the half-working OS (XP) I am posting through right now. These messages seemed to start occuring about the same time I noticed I had the persistent virus/malware I mentioned before. Can anyone give me a definitive answer on this? Is this a hardware issue, something caused by a virus/malware, or even possibly my half-functioning anti-virus software? And how can I start over with a reinstall if one of these "0x" error messages is preventing me from doing so? ^8 TIA.

pyblood
08-29-2005, 07:22
Those errors are pretty hard to track down. They can be caused by faulty RAM or malware/viruses. Which version of Windows Media Player do you have?

I would download AVG and Spybot. See if you have any viruses or spyware. If you have another PC, see if you can swap out the RAM.

AC37
08-29-2005, 13:11
Originally posted by pyblood
Those errors are pretty hard to track down. They can be caused by faulty RAM or malware/viruses. Which version of Windows Media Player do you have?

I would download AVG and Spybot. See if you have any viruses or spyware. If you have another PC, see if you can swap out the RAM.

So these messages can be caused by viruses/malware. That's good to know, I'm hoping it's not faulty hardware. In this case the messages started about the same time the malware/virus problem started, so I think there's a good chance it's that, not the hardware. I've got a brand new, never formatted HD I can drop in and see if that works.

I am using version 9.0.

I do have another computer, but unfortunately the RAM isn't compatible to the best of my knowledge. I have tried a number of virus programs including the ones you mention, and the malware keeps coming back. At least I have something I can try now. :)

pyblood
08-29-2005, 15:21
Go to start select run and type msconfig. I am willing to be that there’s something in your start-up that reinstalling the malware after you remove it. Tell us which items are check. There’s no need to list the things that are under “command” or “location.” Usually the listings under” startup items” give us enough info.

Better yet. Get this program:
http://www.download.com/HijackThis/3000-8022_4-10227353.html

Run it and post your log here.

You’ll need to disable system restore, because there’s a good chance that there are some traces in your restore points.

What about upgrading to WMP 10?

AC37
08-29-2005, 16:15
Ok, here's the HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:44 PM, on 8/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\smtqfpz.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - blank (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?2&4&&
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MARKETING48.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.79.downloads.estara.com./as/OneCCDM.php?template=6311&sessionid=1465340590_68.0.76.79_2778&=&req=1110461976123OneCC.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - AppInit_DLLs: pb2cj5ijr3l1ln.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\gpi32.dll (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

AC37
08-29-2005, 16:20
I am seeing a few things in MSConfig that shouldn't be there. I've disabled some spyware items in here before, so there's actually quite a few listed too that are disabled from running that I don't know how to delete. Here is the one that was running and looked suspicious when I checked:

C:\Windows\Dinst.exe

Other than that, just my firewall (Zonealarm) and McAfee stuff.

Washington,D.C.
08-29-2005, 16:46
Manual ABetterInternet.Aurora removal instructions:
Attention! Before taking the following actions, please make your system and registry backup in case you make an error.
End running tasks http://www.spyware-removal-guideline.com/manual-spyware-removal-help :
adbltzun.exe
aurora.exe
aurora-wise1.exe
systemroot+\nail.exe
poller.exe
Unregister DLLs http://www.spyware-removal-guideline.com/manual-spyware-removal-help
:
aurorahandler.dll
DrPMon.dll
Clean registry entries http://www.spyware-removal-guideline.com/manual-spyware-removal-help
:
HKEY_CLASSES_ROOT\aurorahandlerdll.aurorahandlerdllobj
HKEY_CLASSES_ROOT\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}
HKEY_CLASSES_ROOT\interface\{544b6a3f-4024-4403-9661-69b8410be505}\iaurorahandlerdllobj
HKEY_CLASSES_ROOT\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\1.1
HKEY_CURRENT_USER\software\aurora
HKEY_CURRENT_USER\software\aurorahandler
Remove files http://www.spyware-removal-guideline.com/manual-spyware-removal-help
):
adbltzun.exe
aurora.exe
aurorahandler.dll
aurora-wise1.exe
systemroot+\nail.exe
DrPMon.dll
poller.exe
thnall1ac.html
svcproc.exe
IDDJHJM.ini



here is the best spyware removal tool


http://www.ewido.net/en/download/



Another good one but this one requires getting updates after the first time it runs.

Download free version here

http://www.h-desk.com/new/Download.12.0.html


Then run Ccleaner

http://www.ccleaner.com

both clean up and registry cleaner


Best antivirus


AntiVir PersonalEdition Classic



http://www.free-av.com/

Defrag hard drive after installing these programs

Washington,D.C.
08-30-2005, 10:27
http://www.kephyr.com/spywarescanner/library/ceres/index.phtml

Washington,D.C.
09-02-2005, 09:23
Todays SpyBot update now says it removes that one.