Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: protoss on February 03, 2010, 07:59:47 AM
-
It happened after I installed a game from internet [but cannot be played].. I never had any problem like this before. here's the evntviewer report:
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 03/02/2010
Time: 21:43:32
User: N/A
Computer: STARFLEET
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x100011d1.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 31 30 30 fset 100
0050: 30 31 31 64 31 011d1
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 03/02/2010
Time: 21:46:42
User: N/A
Computer: STARFLEET
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Do I need to post the three logs? I don't know if it's a malware issues since my avast didn't detect anything suspicious.
-
Why do you say it's DEP? Forgive me if I'm missing something obvious.
-
Well it's what it says from the error report window that closed winexplorer. i'm not implying that it's definitely a malware just from that info - it could be registry issues or something u know...
-
Well, you can disable DEP and then see if the game works. But first you should run a complete system scan with both your AV and MalwareBytes
-
Will do that soon after I offline. just for additional info:
I have uninstalled the game, so I don't care about playing that game anymore - let's just focus on resolving the mess it caused. Coz it asked to install adobe air before install the game, and then adobe air asked whether to let the game installer run with unrestricted access. I think I learned my mistake well and got rid of the game soon after this incident.
-
What was the game and where did the DLoad come from ? ?
-
I have two suspicious game..
the one I mentioned before are flashgames [H.A.L.C. 2 , Dildo Heroine] but they need adobeair installed before installing the main game - then it asked to restart. I got 'em from my friend so I don't know where he DL 'em.
and the other one is empire earth 2 - it's highly compressed games from http://www.dl4all.com/games/32775-empire-earth-ii-pc-game-highly-compressedby.html
but failed to launch after ran setupreg and all..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 02/02/2010
Time: 19:34:04
User: N/A
Computer: STARFLEET
Description:
Faulting application ee2.exe, version 1.0.0.0, faulting module ee2.exe, version 1.0.0.0, fault address 0x005b4d5d.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 65 32 ure ee2
0018: 2e 65 78 65 20 31 2e 30 .exe 1.0
0020: 2e 30 2e 30 20 69 6e 20 .0.0 in
0028: 65 65 32 2e 65 78 65 20 ee2.exe
0030: 31 2e 30 2e 30 2e 30 20 1.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 35 62 34 64 t 005b4d
0048: 35 64 0d 0a 5d..
-
If you want your machine running properly you may want to steer clear of the warez out there...
-
copy that mate.. this is the malwarebytes logs [surprise me a lot] after i scan with malwarebytes & avast interrupts sometimes when a virus detected:
Malwarebytes' Anti-Malware 1.44
Database version: 3684
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
04/02/2010 0:38:22
mbam-log-2010-02-04 (00-38-17).txt
Scan type: Full Scan (C:\|)
Objects scanned: 210940
Time elapsed: 1 hour(s), 4 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Documents and Settings\JOHN\Application Data\Microsoft\tlbh11.dll (Trojan.BHO) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\tloaderbho.tlobject (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e48fbe09-9a92-4daa-8d55-40718a85ec82} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{96b00514-3c5d-4ba7-9be1-09345c3d9c26} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{be92034e-5c96-49cc-95ae-43ba8f5793c6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be92034e-5c96-49cc-95ae-43ba8f5793c6} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be92034e-5c96-49cc-95ae-43ba8f5793c6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\tloaderbho.tlobject.1 (Trojan.BHO) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\JOHN\Application Data\Microsoft\tlbh11.dll (Trojan.BHO) -> No action taken.
C:\Installer\UltimateWebshotsConverter-1.6.6-setup.exe (Trojan.Dropper) -> No action taken.
C:\Installer\Game\FFF-ReflexV2.exe (Trojan.Backdoor) -> No action taken.
C:\System Volume Information\_restore{8053B54E-01C9-4C85-882A-0C92928BFC5F}\RP26\A0006115.exe (Malware.Tool) -> No action taken.
-
You should read this over and then post your logs in the virus and spyware area....
http://www.computerhope.com/forum/index.php/topic,46313.0.html