This feature is still initializing...

Discussion in 'Malware Help (A Specialist Will Reply)' started by fung, Nov 22, 2005.

  1. fung

    fung Private E-2

    i have run ad-aware, and my PC-cillin won't work... it keeps saying

    'This feature is still initializing. Wait a few moments and try again later'

    and when i start up, it has a pop up saying

    'the application failed to initialize properly (0xc0000005) click ok to terminate the application'

    im no computer expert and this is driving me insane!

    i've used PC-cillin free online scan and it says i have no virus.

    i've tried uninstalling, and then reinstalling...

    what else can i do?

    plz help!

    Thanks in advance.
     
    fung, Nov 22, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If this does not happen with other applications, you may be better off discussing this in the Software Forum. But did you try running it after booting in safe mode.
     
    chaslang, Nov 22, 2005
    #2
  3. fung

    fung Private E-2

    Well actually... my spyware blaster says 'the spyware blaster database may be corrupted or missing'

    And i tried using safe mode but trend micro doesn't work there either.

    Should i use hijackthis?
     
    fung, Nov 23, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Standard cleaning must be performed first before using HijackThis.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Nov 23, 2005
    #4
  5. fung

    fung Private E-2

    Ok... i have done read and run me first but PC-cillin still doesn't work.

    Bitdefender results:

    Scan Info

    Scanned Files
    756502

    Infected Files
    3

    Virus Detected

    Trojan.Downloader.Small.YA
    1

    Trojan.Downloader.Istbar.BB
    1

    Dropped:Trojan.Syncroad.A
    1



    Panda Activescan


    Incident Status Location

    Adware:adware/block-checker Not desinfected C:\WINDOWS\SYSTEM32\ustart.exe
    Adware:adware/wupd Not desinfected C:\PROGRAM FILES\Windows ControlAd
    Adware:adware/keenvalue Not desinfected C:\PROGRAM FILES\COMMON FILES\SearchUpgrader
    Adware:Adware/WUpd Not desinfected C:\Documents and Settings\carol\Local Settings\Temporary Internet Files\Content.IE5\4TYNKDM3\enter[1].htm
    Adware:Adware/PopupTraffic Not desinfected C:\Documents and Settings\carol\Local Settings\Temporary Internet Files\Content.IE5\K9MB052N\1[1].js
    Adware:Adware/nCase Not desinfected C:\Documents and Settings\carol.CAROL-8E8A2EE0E\Local Settings\Temp\res16.tmp
    Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\carol.CAROL-8E8A2EE0E\Local Settings\Temporary Internet Files\Content.IE5\YFO7PAVU\ibar[1].js
    Adware:Adware/WUpd Not desinfected C:\Documents and Settings\carol.CAROL-8E8A2EE0E\Local Settings\Temporary Internet Files\Content.IE5\ZRT9TTHQ\bridge-c356[1].cab[MediaGatewayX.dll]
    Adware:Adware/nCase Not desinfected C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp
    Adware:Adware/PopupTraffic Not desinfected C:\Documents and Settings\carol.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\ODEFSHIV\1[1].js
    Spyware:Spyware/BetterInet Not desinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg
    Adware:Adware/LocalNRD Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP130\A0022687.inf
    Adware:Adware/Twain-Tech Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP130\A0022688.inf
    Adware:Adware/P2PNetworking Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024059.DLL
    Adware:Adware/P2PNetworking Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024060.cpl
    Adware:Adware/P2PNetworking Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024061.exe
    Spyware:Spyware/Altnet Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024068.dll
    Adware:Adware/Gator Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024093.dll
    Adware:Adware/Gator Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024097.exe
    Adware:Adware/Gator Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP134\A0024100.exe
    Adware:Adware/MyTotalSearch Not desinfected C:\System Volume Information\_restore{B5F317C3-2E54-4F22-8B59-20451F2446C9}\RP143\A0025769.DLL
    Virus:W32/Gaobot.ESY.worm Disinfected C:\System Volume Information\_restore{B8E5E8E4-C987-4A79-B753-82E69D74320E}\RP55\A0013670.exe
    Adware:Adware/Block-checker Not desinfected C:\WINDOWS\system32\navshext1.dll
    Adware:Adware/WUpd Not desinfected C:\WINDOWS\system32\shell32.exe
    Adware:Adware/EliteBar Not desinfected C:\WINDOWS\system32\username.exe
    Adware:Adware/IST.ISTBar Not desinfected C:\WINDOWS\system32\wudupdate.exe

    I booted into safe mode and used

    Ccleaner
    Ad-Aware SE
    Spybot Search & Destroy
    Microsoft Antispyware > but for some reason it wont work for me (is it supposed to look blank when it is scanning?)




    Anyway... here's the hijackthislog attachment

    Thanks.
     

    Attached Files:

    fung, Nov 24, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The first step of the READ & RUN ME is to disable System Restore. Based on the Pandascan it looks like it is still enabled. Are you sure you disabled it? Double check!

    Look in Add/Remove programs for the below and uninstall if found:
    Block Checker
    Windows ControlAd
    SearchUpgrader
    IstBar

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c8.cab

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:

    C:\WINDOWS\SYSTEM32\ustart.exe
    C:\PROGRAM FILES\Windows ControlAd <--- the whole folder
    C:\PROGRAM FILES\COMMON FILES\SearchUpgrader <--- the whole folder
    C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp
    C:\Program Files\Common Files\SearchUpgrader <--- the whole folder
    C:\WINDOWS\system32\navshext1.dll
    C:\WINDOWS\system32\shell32.exe
    C:\WINDOWS\system32\username.exe
    C:\WINDOWS\system32\wudupdate.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Nov 24, 2005
    #6
  7. fung

    fung Private E-2

    Here's the new hijackthis log.

    I booted into safe mode... and could only delete some files. Some weren't found.

    I used 'search.'

    These are the few i couldn't find:

    C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp
    C:\WINDOWS\system32\shell32.exe
    C:\WINDOWS\system32\username.exe
    C:\WINDOWS\system32\wudupdate.exe

    and

    C:\PROGRAM FILES\COMMON FILES\SearchUpgrader <--- the whole folder

    C:\Program Files\Common Files\SearchUpgrader <--- the whole folder

    is the same right? i could only find one...it was able to delete.

    The bad news is...PC-cillin still doesnt work and still has a popup at start up saying ''the application failed to initialize properly (0xc0000005) click ok to terminate the application'' >>> for PCCguide.exe

    Maybe i should do another trojan/adaware/Pandascan scan.

    I'll post the results later.

    Thankyou
     

    Attached Files:

    fung, Nov 25, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your current HJT log is clean.

    You did not answer my question about System Restore.

    Make sure it is disable before running a Pandascan.

    Also I would like you to run the following and post the log:

    Running Ewido Security Suite
     
    chaslang, Nov 25, 2005
    #8
  9. fung

    fung Private E-2

    Yes. im sure system restore now is definately off.
     
    fung, Nov 25, 2005
    #9
  10. fung

    fung Private E-2

    Results for both pandascan (activescan) and ewido
    (scan report)
     

    Attached Files:

    fung, Nov 25, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure why Panda is still locating system restore files if restore is disabled. Boot into safe mode and use Windows explorer to locate all the files in the PandaActive Scan log and delete them. Then reboot into normal mode and run a new scan. Let me know the results.
     
    chaslang, Nov 25, 2005
    #11
  12. fung

    fung Private E-2

    Im using pandascan now...

    and heres an attachment picture of the system restore window.
     
    fung, Nov 25, 2005
    #12
  13. fung

    fung Private E-2

    system restore gif:
     

    Attached Files:

    fung, Nov 25, 2005
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you where able to delete the files, then restore is disabled.

    Were you able to delete them?
     
    chaslang, Nov 25, 2005
    #14
  15. fung

    fung Private E-2

    i was able to delete the scan results, yes.
     

    Attached Files:

    fung, Nov 25, 2005
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Some of these items where in your previous log of the items I requested that you delete. The only new one is:

    C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp

    Did you miss deleting these? Try again. Also run CCleaner and make sure you allow it to clean the TIFs (that's Temporary Internet Folders). Also doublt check be cleaning it yourself from Internet Explorer, Tools, Internet Options, General tab, Delete Files button and select Delete all offline content too.
     
    chaslang, Nov 25, 2005
    #16
  17. fung

    fung Private E-2

    i've posted before about some of the files i couldn't find...and i just deleted C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp

    " These are the few i couldn't find:

    C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp
    C:\WINDOWS\system32\shell32.exe
    C:\WINDOWS\system32\username.exe
    C:\WINDOWS\system32\wudupdate.exe

    and

    C:\PROGRAM FILES\COMMON FILES\SearchUpgrader <--- the whole folder

    C:\Program Files\Common Files\SearchUpgrader <--- the whole folder

    is the same right? i could only find one...it was able to delete."

    Quote from before.

    Thanks.
     
    fung, Nov 26, 2005
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're contradicting yourself here. You said you deleted resD7.tmp already.

    But the other files I'm referring to are the ones in the Panda log. Here they are:

    Adware:Adware/WUpd Not desinfected C:\Documents and Settings\carol\Local Settings\Temporary Internet Files\Content.IE5\4TYNKDM3\enter[1].htm
    Adware:Adware/PopupTraffic Not desinfected C:\Documents and Settings\carol\Local Settings\Temporary Internet Files\Content.IE5\K9MB052N\1[1].js
    Adware:Adware/nCase Not desinfected C:\Documents and Settings\carol.COMPUTER\Local Settings\Temp\resD7.tmp <--- which you just deleted
    Adware:Adware/PopupTraffic Not desinfected C:\Documents and Settings\carol.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\ODEFSHIV\1[1].js
     
    chaslang, Nov 26, 2005
    #18
  19. fung

    fung Private E-2

    I did as you said and i double checked myself by clicking Internet Explorer, Tools, Internet Options, General tab, Delete Files button and select Delete all offline content.

    Pc-cillin still doesn't work.

    Does this mean my PC-cillin problem doesn't have to do with spyware or viruses?
     
    fung, Nov 26, 2005
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It could be that malware has cause it to get into this state. Here is what I would do. I know you said you uninstalled & reinstalled but I'm not sure of what steps you used. And we have removed some malware problems too. Please follow these steps exactly as written.

    1. Use Add/Remove Programs to uninstall PC-Cillin. If it does not uninstall properly or you get any error messages, stop and tell me before continuing.
    2. Reboot your PC
    3. Manually look for the PC-Cillin software folders in C:\Program Files\Trend Micro
    4. Delete the whole Trend Micro folder if found
    5. Reboot your PC one more time
    6. Now Reinstall your software. Make sure you are using the current version.
    7. Reboot again and now try it and see if it work.
     
    chaslang, Nov 26, 2005
    #20
  21. fung

    fung Private E-2

    i could only get up to step 5. ON step 6, there is a menu and u have to click install program, but when i click that this pops up:

    "Setup.exe-Applicatin Error

    The application failed to initialize properly (0xc0000005). Click ok to terminate the application."
     
    fung, Nov 26, 2005
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did all the other steps go smoothly?

    Where did you get the files you are trying to install from? Is this a registered copy of PC-Cillin that you obtained from TrendMicro?
     
    chaslang, Nov 26, 2005
    #22
  23. fung

    fung Private E-2

    Other steps 1-5 went smoothly.

    Its from the PC-cillin internet security program CD. And yes, this is a registered copy of PC-cillin from trend Micro.
     
    fung, Nov 27, 2005
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do other executable programs run okay right now?
    Can you install other programs?
    For example try installing the following very useful program: ExplorerXP
     
    chaslang, Nov 27, 2005
    #24
  25. fung

    fung Private E-2

    what's executable programs?

    and yes, i was sucessful installing Explorer XP
     
    fung, Nov 27, 2005
    #25
  26. fung

    fung Private E-2

    sorry, i made a mistake.

    It turned out the same as PC-cillin.

    It also says "The application failed to initialize properly (0xc0000005). Click ok to terminate the application."
     
    fung, Nov 27, 2005
    #26
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not positive the below will fix your problem but let's see if you have lost some aspect of EXE file associations.

    Goto: http://www.kellys-korner-xp.com/xp_tweaks.htm

    And use registry patch number 12

    If that does not work, had you recently installed any new software lately or done anything else just before the problem was noticed.
     
    chaslang, Nov 27, 2005
    #27
  28. fung

    fung Private E-2

    no...it apparently does not work.

    And i really can't remember what i d/l or installed before the problem.

    Is there a way where i can find out?
     
    fung, Nov 28, 2005
    #28
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What does this mean? Does it mean you could not even run the patch? Or does it mean you ran the patch but it did not fix anything.

    You could try looking in your History logs (if they still exist, but they may already be gone) around the time frame and see where you were surfing.
     
    chaslang, Nov 28, 2005
    #29
  30. fung

    fung Private E-2

    It wouldn't even run.

    History logs are already deleted.
     
    fung, Nov 29, 2005
    #30
  31. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you click Start, Run, and enter regedit and click OK. Does the Registry Editor window open?
     
    chaslang, Nov 29, 2005
    #31
  32. fung

    fung Private E-2

    yup it does!
     
    fung, Nov 29, 2005
    #32
  33. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download the attached ZIP file and extract the exefix.reg file from it into the root folder of drive C.
    When done you should see c:\exefix.reg when using Windows Explorer.

    Once you have that, click Start, Run, and enter cmd and click OK. This will open a command prompt window. In the command prompt window enter the below commands each followed by the enter key:
    cd c:\
    regedit exefix.reg

    you will get a message about adding the information in exefix.reg into the registry. Click Ok. Let me know if you get any error message and also if you see the success message.

    exit <--- this will close the command prompt window

    Reboot and check to see if there any change now to your problems. If not, are the errors messages occurring while installing the programs, or when running them after installed?
     

    Attached Files:

    Last edited: Nov 29, 2005
    chaslang, Nov 29, 2005
    #33
  34. fung

    fung Private E-2

    I could only get up to these steps. I recieved a error msg saying :
    'cannot import exefix.reg: Error opening the file. There may be a disk or file system error.'
     
    fung, Nov 30, 2005
    #34
  35. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you extract it from the ZIP file?
    If you run Windows Explorer, do you see exefix.reg in the root folder of drive c:?

    It is starting to sound like you have problems other than malware.

    Do you have a Creative Labs Sound Blaster card?
     
    chaslang, Nov 30, 2005
    #35
  36. fung

    fung Private E-2

    Yes i did extract it from the ZIP file, and i did see exefix.reg in the root folder of drive C:

    What types of problems?
     
    fung, Nov 30, 2005
    #36
  37. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not sure what problems. Did you see the last part of my previous message about Sound Blaster?
     
    chaslang, Nov 30, 2005
    #37
  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's also check somethings else.

    There is a virus named W32/Swen@MM that can affect EXE and other files. I'm not sure that this is the problem but let's try the following fix.

    http://vil.nai.com/vil/averttools.asp

    Scroll down and select the Fixswen.inf download. Save the fixswen.inf file to your local hard disk someplace you can locate it. Then from Windows Explorer, right-click on Fixswen.inf and choose install. Let me know if this helps.
     
    chaslang, Nov 30, 2005
    #38
  39. fung

    fung Private E-2

    it wont install. I could d/l it and save it to C:, i rightclicked it and clicked install but it didn't do anything.

    And no, i dont think i have Creative Labs Sound Blaster card.
     
    fung, Dec 1, 2005
    #39
  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This really a strange set of problems you are having. Somethings will install & some will not. Somethings will run and some will not.

    Are you the Administrator of this PC?
    Are you logged in with admin priviledges?

    I have only one thing left I would suggest trying and if is does not run or does not help, I would say you should check in the Software Forum for help because it seems to me like that your problem is with system software either being corrupted or components are missing:

    - from a command prompt window enter the following command: sfc /scannow
    It may or may not ask for you Win XP SP2 CD if problems are found that it cannot fix from files already on your hard disk drive.
     
    chaslang, Dec 1, 2005
    #40
  41. fung

    fung Private E-2

    Yes! it worked!!! =] =]

    Thankyou SO much Chaslang! you're my hero!!

    Everything is working fine now, so relieved.

    And once again Thankyou!
     
    fung, Dec 2, 2005
    #41
  42. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! I knew the remaining problems were not malware.;)
     
    chaslang, Dec 2, 2005
    #42

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds