Post reply

Name:
Email:
Subject:
Message icon:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: maanas
« on: 29. November 2013., 17:44:51 »

to Pez,

ok. Actually, I also don't know how lucky leep installed in system. I saw this in Hijack log,then I immediately  uninstalled it. But after this, still problem was there in system. And now finally fixed by "sfc /scannow" and antivirus scan. Thanks again.  :D
Posted by: Pez
« on: 29. November 2013., 09:14:54 »

No you misunderstood me.

I did not say that their would be a problem with WinTVR I sad that if it was more and less that only app you had on the computer then It could be to consider a reinstallation of the system the fastest solution.  ;)

What I instead was talking about that can be something to consider is it is necessary to have installed in the system was the Lucky Leap that I found in the Hijack log.

C:\Program Files\lucky leap\updateluckyleap.exe
C:\Program Files\lucky leap\bin\utilluckyleap.exe

This with the reason described below.
Lucky Leep:
http://greatis.com/appdata/d/u/utilluckyleap.exe.htm

But nice that the "sfc /scannow" could fix the problem than it probably was some corruption in your explorer.exe file. that got fixed with the inbuilt system restore capability in XP.
Posted by: maanas
« on: 28. November 2013., 18:04:53 »

@ devnullius

Thanks for the help. I have not done anything at my level.I just gave respect to each resolution given by you,pez and  jheysen for my query. And f I will be really grateful for that.

@ Pez
I don't think so that problem arises due to WinTvr. Becoz I am using WinTVR since 2008 and have not faced any problem due to this.
I did sfc /scannow . Also I did Norton scan in safe mode. After this the error message not shown at the time of shutdown. I think problem has been solved.
Thanks for the help.
Posted by: Pez
« on: 28. November 2013., 09:43:03 »

Quote from: devnullius on 28. November 2013., 08:04:06
Ok, you have chosen!

Devvie is out :)

Good luck!

@ devnullius way are you so aggressive in your comment her?

He have done both what you have suggested and what we have suggested so we don't know what chose he have done.

About a virus you can't regret that it could be a virus because their is so many virus out their that have fishy way to work and if it is not a good written virus or perhaps written for a earlier or later OS their can show up in very unexpected ways.
Even you are on that way in your comment that run the combofix.

Regarding memory fault their can also be that I have seen in my day very confusing behaviours of memory fault.

We just try to lookout for different reason that can coshed this problem we don't try to exclude any possible fault before we have checked for it.

@ maanas how match specials configuration or how match work is it to do a reinstall of the system? If you just have this system on the computer with the WinTVR you probably get up and running faster with a clean reinstall. If the problem then persist their is 100% that it is a damage HW or compability problem with some patches or software. But you don not probably get a answer what was wrong.

A other way to continue the fault searching is to continue with what have been written her before.
in the Command prompt run as devnullius wrote:
sfc /scannow

then, from safe mode when possible, run combofix
http://www.combofix.org/

You can also do a antivirus scan in the Safe mode be shore that you have the definition files for the antivirus updated to the latest date.


If this dose not work.
Then you also can do a half restore of the system files if you want to try that. To do that and restore all system files to the original. Do a cold boot of your system on the Windows XP original CD. Chose to repair the system and chose to rewrite the system files. After that do a reboot when asked for it and then you need to apply all patches in the system again. But at least you know you have fresh system files.

I have just take a fast look at you HijackThis
This is some I would look at first in the running processes.

C:\Program Files\lucky leap\updateluckyleap.exe
C:\Program Files\lucky leap\bin\utilluckyleap.exe

Lucky Leep:
http://greatis.com/appdata/d/u/utilluckyleap.exe.htm
Posted by: devnullius
« on: 28. November 2013., 08:04:06 »

Ok, you have chosen!

Devvie is out :)

Good luck!
Posted by: maanas
« on: 28. November 2013., 05:44:56 »

Thanks devnullius,jheysen, Pez.

I tired chkdsk c: /f /v /x /r first (in cmd.exe prompt). But still problem persist.

Here is I am providing log created by Hijackthis;


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:11 AM, on 11/28/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\lucky leap\updateluckyleap.exe
C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\Program Files\lucky leap\bin\utilluckyleap.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Application\WinTV3\Remote.exe
C:\Program Files\Application\WinTV3\Schedule.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.1.0.18
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.1.0.18
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: lucky leap - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files\lucky leap\luckyleapbho.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [WinTVR3 Control] C:\Program Files\Application\WinTV3\Remote.exe
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\Application\WinTV3\Schedule.exe"
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: []  (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED54A679-BB5F-42C5-8E6A-C84DF98E6C7A}: NameServer = 8.8.8.8 208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
O23 - Service: Update lucky leap - Unknown owner - C:\Program Files\lucky leap\updateluckyleap.exe
O23 - Service: Util lucky leap - Unknown owner - C:\Program Files\lucky leap\bin\utilluckyleap.exe

--
End of file - 6019 bytes
 ( Replying very late, coz I am busy with my exams)
Posted by: devnullius
« on: 27. November 2013., 22:32:17 »

Rookie mistake - ram test ;p

If his errors are ONLY at shutdown, it is not a ram problem. It could be a hardware problem but I bet that MS RamCheck will not show any problems.

With RAM errors you'd expect (random) blue screens. There are no blue screen, just something nasty getting a hold on explorer. Bug? Virus? Step by step. But after combofix your extra antivirus rounds should not be done (yet). I think :)

Besides, I don't think this guy is coming back any time soon :>

Karma!

devnullius
Posted by: jheysen
« on: 27. November 2013., 21:55:01 »

It's standard approach to these error, I would recommend him to run memtest86+ too :p
Posted by: devnullius
« on: 27. November 2013., 18:43:57 »

You guys with your antivirus shit...

It's not a virus ;p

Sigh :)
Posted by: jheysen
« on: 27. November 2013., 15:33:32 »

Maybe you can also run HijackThis and give us the log, so we can see if there's some fishy dll hooked.
Posted by: Pez
« on: 27. November 2013., 10:13:11 »

Ad devnullius sad run in the command promt the command:

chkdsk c: /v /x /r

and reboot.

If this worked OK without any fault then look at if it can bee a explorer.exe related virus in your system.

"Process name: Windows Explorer

Product: Windows

Company: Microsoft

File: explorer.exe

Security Rating: 1


This is the user shell, which we see as the familiar taskbar, desktop, and other user interface features. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on other applications. 

Note: The explorer.exe file is located in the folder C:\Windows. In other cases, explorer.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.

Virus with same file name:
 W32.MyDoom.B - Symantec Corporation

Click to Run a Free Scan for explorer.exe related errors"

Source: http://www.neuber.com/taskmanager/process/explorer.exe.html


check also out this:
W32.Bofra@mm Removal Tool

Windows XP explorer.exe hangs when reboot
Posted by: devnullius
« on: 26. November 2013., 15:11:35 »

chkdsk c: /f /v /x /r first (in cmd.exe prompt)

reboot

then, again, from cmd.exe: sfc /scannow

then, from safe mode when possible, run combofix

repost
Posted by: maanas
« on: 26. November 2013., 09:51:30 »

Hi,
  Since two days,When I was trying to shutdown pc, then I got Explorer.EXE - Application error:the instruction at "0x0404ceb0" referenced memory at ''0x0404ceb0". The memory could be written. Click OK to terminate the program.

System details are: Windows XP SP3, Core2DUO, Ram- 1GB, Hard Disk- 160GB,I am using Norton Antivirus 2014 from 3 months. And Also have Iolo Sytem mechanic 12.0.0.57 Paid version.

Can you plz suggest me solution on this?
( Still I am using XP SP3. Because, I am using internal TV tuner card to watch the TV. So its software(WinTVR 2004.12.29.0) only runs on XP only and not on the Windows 7 or 8 )   ;)   :D
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising