Annoying Windows Explorer Message!

Discussion in 'privacy problems' started by MurlocBounty, Jun 21, 2005.

Thread Status:
Not open for further replies.
  1. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    Blueeyes,

    curious, do you think that running the command I posted yesterday helped resolve most of the problems you were having? or was it something else?
     
  2. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    another way to investigate those pesky winsock items is to use microsoftantispyware,

    Advanced Tools->
    System Explorer->
    pick on Winsock LSP's.

    Look for items with Red X & investigate by selecting each one and read info on left pane. or send to spynet at bottom of screen.

    hope this helps also.
     
  3. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Hi ravin, its hard to say whether the winsock command helped or not, as the error messages had stopped at that point. But should the problem raise its ugly head again, I'll certainly come back to your post to try. I'm a big fan of simple solutions, having had experienced them before. But this issue had me stumped, being more complex than I realised.

    At your suggestion, I looked into the MS anti spyware, but had no entries with a red x. Thanks for that tip anyway, as I didn't know of those facilities with the program. It just 'does its thing' daily, and dont take much notice otherwise. Thanks again. :)
     
  4. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    your welcome.

    sorry about some spelling errors etc. only get minutes to read and respond to some as network administration keeps me hopping.
     
  5. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Well, it seems I was permaturely optimistic. The error messages are back, and not stopping. So far, 81 today. Back to square one........
     
  6. G-Force

    G-Force Guest

    Back so soon? :D I'm not surprised.

    In the week or so's absence when you added em's accessing "My Computer," you just know I didn't see this thread as solved. Since then blueyes I've continued to compile additional information, my thinking to provide instructions for a date search ... one I'm figuring will give clues as to exactly what files were altered when you received that update from WinMX.

    I've also investigated issues concerning ntvdm.exe and will try my best to formulate a course of action. In the meantime I'd like you to determine through trial and error which of your programs activate this file. At next boot .... before going online .... keep Taskmanager open (if you can), after each program you'd normally start maximize and check, note which one trigger's it. If you know there will be X amount of em's to encounter, maybe you could surf minimal until they finish before attempting my suggestion. Otherwise, export the registry file referenced here for safety before temporarily disabling error popup's ....

    xxxx://www.winguides.com/registry/display.php/816/

    In addition I have for you some SP2 pages and thing's you should know about the "Guest" account.
    Keep in mind with any file-sharing application come it's inherent risk's.

    Again, time to organize my reading's .... "we'll get this yet blueyes!" ;)


    GF
     
  7. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Hello again G-Force. Well, you almost read my mind. My next question was going to be - Would it do any harm to disable this component of the error messaging? I mean to say, apart from this issue, my comp is running smoothly, no viruses - just the continual error messages on the screen.

    Excuse me for being cynical regarding this issue, (as well as being completely frustrated) but...., I'm not doing anything different from last week when the errors stopped - for no apparent reason. Now - for no apparent reason, they start up again. The same happened months ago, they just stopped, then returned after a months absense?

    I have also researched this issue on MS help pages. Just when I think I'm getting close, I find that someone has a similar issue, but with a completely different .dll file - and nowhere near the severity that I'm experiencing.

    Re; your question for taskmanager and programs causing this message. There are no programs that I'm aware of thats causing the errors. I say that because, on start up the error messages appear as soon as the desktop appears. I dont have time to 'dialup' without being interupted by a message. I've also booted up in safe mode, and the messages are there too. I also tried the system configuration utility to uncheck some of the start up programs, but that doesn't work either - as explained in my post #70.

    I hope I've answered your questions. Thanks again. :doubt:
     
  8. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Well, the G was starting to get lonely so .... :D

    Blueyes, that error edit should only remove what you have to deal with on the screen, just first go into Services (runbox .... services.msc) and make sure the Event Log (not Error Reporting) service is started and running. From here .... I presume everyone does this a little different, I'd dig down in the registry to ....

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

    .... keep the windows folder highlighted > rt clk (cursor on folder) > select "export" > select location to save with the *.reg extension, then name it say .... error-popups-enabled.

    I usually live edit here but still export the given folder. For novices or peep's I'm unsure of, I would suggest editing the line in Notepad. So, that same file we exported/saved looks something like this ....
    .... the line to modify in bold.

    If we open that file again (rt clk, edit), we can safely adjust the value to 2 (no popups).
    Then going to "file" > save as > all files (important!) > name it error-popups-disable > merge to apply ....
    Setup as such, a quick means of enabling/disabling error display if these files are kept handy. You won't alway's want this disabled as it's neither a solution nor will allow knowing what is when the time comes. Remember, you'll still be able to view what error's are being logged in the Event Viewer. ;)

    ************************

    If you recall me inquiring about HJT a few replies back, that's because within the program come integrated two useful utilities .... a small process viewer that displays both file path and loaded dll's .... plus a startuplist tool. Paul has been generous enough to keep various versions of HJT here on the server, you may download the latest if you wish here, although version 1.99.0 will suffice for our purpose.

    For next boot blueyes, wrap that regedit then open HJT. On the main screen you'll find a "Miscellaneous Tools" section, upon opening you're presented the integrated Startuplist. Run it! A logfile will be created in the same folder you ran the program, open then please copy/paste the lines directly below running processes only.

    ************************

    Not what I asked .... :)
    "There are no programs that I'm aware of thats causing the errors."

    In post seventy you told me ....
    "There were no items of dwwin.exe or ntvdm.exe in the start up list."

    .... and I believe you. I'm asking when ntvdm.exe display's in Taskmanager? You'll know when by checking there each time you open one of your daily programs, whether it be WinMX, DivXPlayer, etc .... I'm trying to target the responsible application, the one which needs ntvdm.exe to execute.

    I also figure dwwin.exe (the Error Reporting Service) has done all it can for you at this point, stop and set this to disabled in services to avoid wasting needless resourse usage (they have all the error report's they'll ever need from you) ....

    xxxx://www.blackviper.com/WinXP/service411.htm

    ************************

    Getting late here blueyes, too late to cover that date search I spoke of in my last reply but should get you up to speed before the weekend, OK. It just may prove enlightening.


    GF
     
    Last edited: Sep 8, 2005
  9. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Hi GlobalForce, I checked out the winguides.com page and altered the registry value to 2, to disable the error popups, but they still continue, although not as nearly as severe as yesterday.

    I also downloaded ewido scan and ran a panda scan, both of which cleaned up a few infections (17/13). Which may or may not have helped the situation for today.

    I visited the 'Services - local' and found that the error reporting service was already disabled.

    As we are about to have a thunderstorm(s) forecast for the next 24 hours, I will continue with the HJT and ntvdm.exe on my next log on.
     
  10. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Just before I log off -

    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\WinMX\WinMX.exe
    C:\Program Files\MXMoni128Eb\MXMoni128Eb\MXMoniE.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis.exe

    --------------------------------------------------
     
  11. Me /GF

    Me /GF Guest

    Hi blueyes,

    When you have time could you please forward exactly how are these error's (red x's) for msvcrt and user32
    are detailed in the Application's category of Event Viewer (runbox - eventvwr.msc)?

    You can hit the copy to clipboard button and paste here (user32 when available) ....
    "But they still continue ...." is the Event Log Service started and running?

    ************************

    Curious George here blueyes :D .... would you per chance be using IE, active controls enabled while online?
    Not intentionally an OT question but ....

    BTW .... if I'm ever slow to respond blueyes,
    just know I'm constantly updating the information gathering process en'route towards a resolution. ;)

    Thank's too for the nice word's from last week! :)


    GF
     
  12. Me /GF

    Me /GF Guest

    Here blueyes, run that date search I touched on to determine which files may have been modified when you received that update from WinMX last week.

    Open "Search" > in the left column select 'change preferences' > change files and folders search behavior > select advanced, then OK.

    Back on the main search window, enter *.dll for file name > look in: select 'browse' > find then highlight your WinMX program folder > When was it modified? Specify dates .... set this up according to post seventy-one, one full day back in the 'from' field, one full day ahead in the 'to' field > enter 'Don't remember' for size.

    For the final category .... "More advanced options" (file type I presume would be a data-base file, but make no selection here for now) > select the first three .... 'Search system folders' (for if you date search local drives at a later time),
    'Search hidden files and folders,' and 'Search subfolders.' Run the search.

    In results, if you can .... note the files found by posting a screenshot under "Manage Attachments" in your user control panel.

    If you need help ... ;)


    GF
     
  13. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Hi G-Force, I'm referring back to your previous post re the event viewer/application log. I cant copy/paste because the relevant buttons are greyed out so have to type it in;

    Event type; Error
    Event source; Application error
    Event category; None
    Event ID; 1000
    Date; 10/09/2005
    Time; 9:52:29pm
    User; N/A
    Description; Faulting application explorer.exe, version 6.0.2900.2180, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x00037631
    For more information, see help and support centre at http://go.microsoft.com/fwlink/events.asp.

    and also

    Event type; Error
    Event source; Application error
    Event category; None
    Event ID; 1000
    Date; 6/09/2005
    Time; 10:37:41 pm
    User; N/A
    Description; Faulting application explorer.exe, version 6.0.2900.2180, faulting module user32.dll, version 5.1.2600.2622, fault address 0x00011086.
    For more information.....etc

    I hope I've put in all the relevant info that you need..... hoping you dont need the data below that info as well. :eek:

    "Is the event log service started and running?" I'm not sure how to tell that, but believe it is, yes. There are 2182 events in the application log, dating back to 4th Sept. So I think there has always been that number in there, and old events are being replaced with current.

    Re; your last post to run a date search, it would be impossible at this stage to do that because of the error messages (still constant). Am unable to keep that page on for longer than 15 seconds before the next error message appears, to block all progress work.

    I currently have the taskmanager open, and there is no ntvdm.exe in the process window. I have a full tray of running programs at the moment; 62x MS error reporting, event viewer, clipboard, notepad, winmx, mxmonitor, task manager and this page. I have also started up (1 at a time), DivX player, WMP 9, Nero, outlook express, msn messenger and adobe reader and still no ntvdm.exe showing up in the task manager. o_O

    In answer to curious George's question, I am using IE, but not sure if the active controls are enabled. Could you advise me on that please? :oops:

    G-Force, I would never accuse you of being slow to respond! I'm in awe of you :D
     
  14. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Hi G-Force, I completed the task you set in post #87 (search), followed all steps, but there were no results found.

    I've also discovered today that I can 'drag and drop' the error message. So it is now in the bottom RH of my screen, taking up about 1 square inch - very liberating :D . So at least I have my full screen back (almost) and dont have to spend all day clicking them off!
     
  15. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hi there! <- In the words of my good friend :D


    Dare I say a shred of sunlight aside from having to finaggle that darn Windoz search.
    Drop n' Drag ... who'd a thought? :rolleyes:


    ".... hoping you dont need the data below that info as well." No, that's fine. What your typing skills have provided should be quite sufficient blueyes, thanks! :D Considering this hasn't been previously addressed, I wanted to get it out in the open. We'll pass on that date search for the moment, info will still be there after we sort this out.

    You may view Services from any number of locations, the easiest for most in Control Panel > Administrative Tools > Services. Here and the commandline for alterations, the services tab running msconfig (diagnostic), and the Software Environment running msinfo32.

    I will assume for s's & g's the majority of key services are up and running .... obviously the Event Log Service after posting your last reply. What I'd really like is for you to tell me WMI (Windows Management Instrumentation) is alive and well .... very important service for practical purposes, near the bottom.

    ************************

    "I have a full tray of running programs at the moment .... and still no ntvdm.exe!" Correct me if I'm mistaken, but you recently had Zone Alarm installed, correct (vsmon.exe/zlclient.exe, post sixty-one)? I see you switched to Sygate (smc.exe ref HJT's startup). I'll mention it here cause ZA is one of those tricky firewalls to uninstall, as explained here ....

    xxxx://www.outpostfirewall.com/forum/showthread.php?t=7187

    You'll note a recommended registry cleaner, go with it if you need - manual removal of ZA items in program files and the windows directory mandatory. For temp and prefetch I would suggest a reliable little program that's served me well in it's simplicity, thoroughness, and ease of configuration (download link/tutorial) ....

    xxxx://www.stevengould.org/software/cleanup/

    xxxx://www.bleepingcomputer.com/forums/tutorial93.html


    I did BTW happen to cross compare post's sixty-one and eighty-five noting ntvdm was running alongside dwwin.exe, DivX Player.exe, wmiprvse.exe, vsmon.exe, and zlclient.exe .... none of which are running in your posted startuplist, though I've ruled out wmiprvse by trial and error on my system. Hmmmm ......

    ************************

    Could you advise me on that please? You questioned my question! :D Let me try .... as we each develop our own surf habit's .... where we go, what we do, what interest's us .... we discover sooner or later we're part of this ever evolving environment called the World Wide Web. Through reading or posting in other forums .... you may have been advised against using security flawed IE as your main browser because of it's close integration within window's ... allowing a sort of "pipeline" effect to the operating system. While true for the most part, understanding how websites and active content enabled in IE mix out on the web now becomes your first line of defense. As for myself, it's the only browser I have any experience with.

    My advice for anyone continuing to use IE, carefully read through this page sometime ....

    xxxx://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

    ************************

    Oh, before I forget .... the file size and version of msvcrt.dll from this location ....

    C:\Windows\ServicePackFiles\I386

    Is it's file extension depicted like .dll or .dl_ ?

    That I may be another day or two, or three blueyes .... I'm not quite sure if we'll need this or not but please create a folder on your 'C' drive naming it dllsafe (c:\dllsafe), then download and save this file there while I force the learning curve! :eek:

    xxxx://www.dlldump.com/download-dll-files_new.php/dllfiles/M/MSVCRT.DLL/7.0.2600.2180/download.html7.0.2600.2180

    ************************

    As for those greyed out buttons .... you are trying to keep me busy, aren't you? :D
    I'll get back on this. *wink*

    Enjoy the rest of your weekend blueyes!


    GF
     
    Last edited by a moderator: Jan 24, 2006
  16. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Why do I get this feeling it's a biggie? :eek: :D :p
     
  17. Me /GF

    Me /GF Guest

    Gotta vent all this research sometime! :D

    GF
     
  18. blueyes

    blueyes Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    38
    Location:
    Australia
    Hi G-force, I have to admit I'm still clueless as to the active controls in IE. I believe your original question asked if I was using IE, active controls enabled. What I need to know is where do I go to find that out? I've looked in Tools> internet options, cant find it there.

    I have found that it is required on the OS for downloads such as pandascan, which I experienced recently. That may possibly have been an active X control. I have no understanding of this component :oops:

    I have had limited experience with Firefox, but not a good one. Was advised to download it after a small (and easliy fixed) problem with IE. It was taking in excess of 25 seconds to load every page - even for dialup, thats slow! What may be great for some users, is not necessarily universal. So Firefox is not longer.

    I uninstalled ZoneAlarm and replaced it with sygate. I did a hard drive and registry seach, to delete any left-over files. I have a habit of doing that after uninstalling. There are no problems with sygate.

    WMI started and on automatic.

    C:\Windows\ServicePackFiles\i386, shows msvcrt.dll. Thought it would be worth mentioning that there is also a msvcrt40.dll

    I have had problems with the stevengould site in the past. Attempted to download the scan there, twice unsuccessfully. It appeared to be fully downloaded, but on trying to run it, received a message that the program was many ,000 bytes short.

    I have my dllsafe folder ready to go.

    Enjoy your weekend too, and remember to breathe ;)
     
  19. Me /GF

    Me /GF Guest

    Hold that thought a sec ....
     
  20. Me /GF

    Me /GF Guest

    Then again, for later .... ;)
     
  21. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    OT and not my forte blueyes, some terminology whilst I prepare for the real issue at hand ....


    "Active Content"

    http://www.spywarewarrior.com/uiuc/btw/browser-sec-intro.htm#active


    "What I need to know is where do I go to find that out?" Same link as previous post, quarter way's down.

    "Switch to the Security Tab" <- IE Tools > IOpt's > Sec tab > Custom Level to access setting's.

    http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm


    "I have no understanding of this component ActiveX." Allow me to direct your attention to the well spoken Alec,
    and one extremely informative character from Springfield (linked on site so no worries) ....

    Alec - "Does ActiveX need to have access to the Internet?"

    Alec again, boy he's good! ;) - "The pros & cons of alternative browsers."

    Sire :D - "Keylogger question?"

    Three more courtesy Security Jedi, P2K :D - "Porn Dialers question...someone please respond!"

    I hope these bring you up to speed blueyes?

    ************************
    *DEEP BREATH* ;)

    Concerning Gould's site you probably tried downloading the executable file and had problems with either sp2's new DEP (Data Execution Prevention) feature or stiff browser security. Try downloading the zip to your desktop, opening the folder, running the exe then specifying the installation directory if your interested. Technical details on DEP here ...

    xxxx://support.microsoft.com/kb/875352

    Layman's practical use here (be careful with this till you understand what your allowing) ....

    xxxx://www.updatexp.com/data-execution-prevention.html

    .... link near bottom - "How to tell Data Execution Prevention to ignore the software you want to use!"

    ************************

    "Thought it would be worth mentioning that there is also a msvcrt40.dll"
    .... including several other's which make up your C++ libraries!

    OK now, you told me how msvcrt show's but forgot to include the size and version .... what's the scoop? :p
    On the same note could you also provide version numbers from the Adobe, Java, Nero, + all three WinSxS folder's, omit size.

    .... and remember to breathe. ;) When? :D


    GF


    PS - Satisfy my curiosity again blueyes .... besides the built in Administrator's account and your user,
    are there any other's that you've recently logged onto where these em's aren't surfacing?
    I know what you're thinking but make no assumption's.

    Let me bring something else out in the open from my habit of backtracking ....
    If you can recall blueyes, was this the startup tab you made adjustment's from? Another tab?
    Also, were the em's different than what you now receive, or?

    *Late Edit* - Your version's of DivX Player, MSN Messenger, and WinMX .... all the latest?


    Please answer all as best you can. :)
    *Inhale* ....
     
    Last edited by a moderator: Jan 24, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.