close

Privacy guaranteed - Your email is not shared with anyone.

Error messages...

Discussion in 'Tech Talk' started by AC37, Aug 28, 2005.

  1. AC37

    AC37 SystemicAnomaly

    Joined:
    Dec 12, 2000
    Messages:
    4,483
    Likes Received:
    267
    Location:
    Provo, UT
    I've been looking at wiping and reinstalling everything on my HD due to a malware/virus problem I mentioned in a previous thread, but recently I've been getting error messages that make me wonder if the problem is actually some kind of RAM problem instead. I've been getting error messages upon closing Windows Media Player (never during usage or opening), message as follows:

    -------------------------------------------------------

    wmplayer.exe - Application Error

    The instruction at "0x77f5215e" referenced memory at "0x00160004". The memory could not be "written".

    --------------------------------------------------------

    I've been getting more and more of these error messages with various programs that reference a memory address that almost always start with "0x". That includes McAfee ActiveShield, which will not initialize on startup _ever_ as it is supposed to (0x Memory error message). A few days ago when I attempted to reinstall Windows, I got another error message referencing an "0x" memory address that prevented the reinstall, leaving me stuck with the half-working OS (XP) I am posting through right now. These messages seemed to start occuring about the same time I noticed I had the persistent virus/malware I mentioned before. Can anyone give me a definitive answer on this? Is this a hardware issue, something caused by a virus/malware, or even possibly my half-functioning anti-virus software? And how can I start over with a reinstall if one of these "0x" error messages is preventing me from doing so? ^8 TIA.
     
  2. pyblood

    pyblood

    Joined:
    Dec 22, 2003
    Messages:
    499
    Likes Received:
    0
    Location:
    Mississippi
    Those errors are pretty hard to track down. They can be caused by faulty RAM or malware/viruses. Which version of Windows Media Player do you have?

    I would download AVG and Spybot. See if you have any viruses or spyware. If you have another PC, see if you can swap out the RAM.
     

  3. AC37

    AC37 SystemicAnomaly

    Joined:
    Dec 12, 2000
    Messages:
    4,483
    Likes Received:
    267
    Location:
    Provo, UT
    So these messages can be caused by viruses/malware. That's good to know, I'm hoping it's not faulty hardware. In this case the messages started about the same time the malware/virus problem started, so I think there's a good chance it's that, not the hardware. I've got a brand new, never formatted HD I can drop in and see if that works.

    I am using version 9.0.

    I do have another computer, but unfortunately the RAM isn't compatible to the best of my knowledge. I have tried a number of virus programs including the ones you mention, and the malware keeps coming back. At least I have something I can try now. :)
     
  4. pyblood

    pyblood

    Joined:
    Dec 22, 2003
    Messages:
    499
    Likes Received:
    0
    Location:
    Mississippi
    Go to start select run and type msconfig. I am willing to be that there’s something in your start-up that reinstalling the malware after you remove it. Tell us which items are check. There’s no need to list the things that are under “command” or “location.” Usually the listings under” startup items” give us enough info.

    Better yet. Get this program:
    http://www.download.com/HijackThis/3000-8022_4-10227353.html

    Run it and post your log here.

    You’ll need to disable system restore, because there’s a good chance that there are some traces in your restore points.

    What about upgrading to WMP 10?
     
  5. AC37

    AC37 SystemicAnomaly

    Joined:
    Dec 12, 2000
    Messages:
    4,483
    Likes Received:
    267
    Location:
    Provo, UT
    Ok, here's the HijackThis logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:15:44 PM, on 8/29/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\smtqfpz.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - blank (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - blank (file missing)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O15 - Trusted IP range: 206.161.125.149
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...t.com/cgi-bin/beta/vet_install_popup.pl?2&4&&
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MARKETING48.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.79.downloads.esta..._68.0.76.79_2778&=&req=1110461976123OneCC.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - AppInit_DLLs: pb2cj5ijr3l1ln.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
    O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\gpi32.dll (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  6. AC37

    AC37 SystemicAnomaly

    Joined:
    Dec 12, 2000
    Messages:
    4,483
    Likes Received:
    267
    Location:
    Provo, UT
    I am seeing a few things in MSConfig that shouldn't be there. I've disabled some spyware items in here before, so there's actually quite a few listed too that are disabled from running that I don't know how to delete. Here is the one that was running and looked suspicious when I checked:

    C:\Windows\Dinst.exe

    Other than that, just my firewall (Zonealarm) and McAfee stuff.
     
  7. Washington D.C.

    Washington D.C.

    Joined:
    Oct 13, 2003
    Messages:
    5,218
    Likes Received:
    1
    Location:
    Woestyn Kusdorp
    Manual ABetterInternet.Aurora removal instructions:
    Attention! Before taking the following actions, please make your system and registry backup in case you make an error.
    End running tasks http://www.spyware-removal-guideline.com/manual-spyware-removal-help :
    adbltzun.exe
    aurora.exe
    aurora-wise1.exe
    systemroot+\nail.exe
    poller.exe
    Unregister DLLs http://www.spyware-removal-guideline.com/manual-spyware-removal-help
    :
    aurorahandler.dll
    DrPMon.dll
    Clean registry entries http://www.spyware-removal-guideline.com/manual-spyware-removal-help
    :
    HKEY_CLASSES_ROOT\aurorahandlerdll.aurorahandlerdllobj
    HKEY_CLASSES_ROOT\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}
    HKEY_CLASSES_ROOT\interface\{544b6a3f-4024-4403-9661-69b8410be505}\iaurorahandlerdllobj
    HKEY_CLASSES_ROOT\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\1.1
    HKEY_CURRENT_USER\software\aurora
    HKEY_CURRENT_USER\software\aurorahandler
    Remove files http://www.spyware-removal-guideline.com/manual-spyware-removal-help
    ):
    adbltzun.exe
    aurora.exe
    aurorahandler.dll
    aurora-wise1.exe
    systemroot+\nail.exe
    DrPMon.dll
    poller.exe
    thnall1ac.html
    svcproc.exe
    IDDJHJM.ini



    here is the best spyware removal tool


    http://www.ewido.net/en/download/



    Another good one but this one requires getting updates after the first time it runs.

    Download free version here

    http://www.h-desk.com/new/Download.12.0.html


    Then run Ccleaner

    http://www.ccleaner.com

    both clean up and registry cleaner


    Best antivirus


    AntiVir PersonalEdition Classic



    http://www.free-av.com/

    Defrag hard drive after installing these programs
     
  8. Washington D.C.

    Washington D.C.

    Joined:
    Oct 13, 2003
    Messages:
    5,218
    Likes Received:
    1
    Location:
    Woestyn Kusdorp
    Todays SpyBot update now says it removes that one.