Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

msiexec.exe starting itself after each reboot


(!)

m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
07-Jul-2009, 09:58 AM #1
Exclamation msiexec.exe starting itself after each reboot
I have this bothersome msiexec.exe which automatically starts after each reboot without installing anything, is there any way to know which file it is accessing to install so that i can delete it ?!

thanks
Curly's Avatar
Senior Member with 1,249 posts.
 
Join Date: Apr 2002
Experience: Useless
07-Jul-2009, 10:29 AM #2
Try setting the Windows Installer service to start manually. Start the Services snap-in by following these steps:

Start > run > services.msc

Double-click Windows Installer. Next to Startup type, select Manual. Click Apply. Next to Service status, click the Stop button. Click OK.

Let us know if this works.
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
07-Jul-2009, 11:31 AM #3
Quote:
Originally Posted by Curly View Post
Try setting the Windows Installer service to start manually. Start the Services snap-in by following these steps:

Start > run > services.msc

Double-click Windows Installer. Next to Startup type, select Manual. Click Apply. Next to Service status, click the Stop button. Click OK.

Let us know if this works.
Strangely it was already on Manual, so I also tried Automatic but the same problem.
just something I realized right now is that after I end task msiexec from task manager if I go to any forum based on vbulletin (eg. forum.techguy.org) then msiexec will start just like after a reboot !
Curly's Avatar
Senior Member with 1,249 posts.
 
Join Date: Apr 2002
Experience: Useless
07-Jul-2009, 12:44 PM #4
Try running the Windows Installer Cleanup Utility:

http://support.microsoft.com/default...b;en-us;290301
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
07-Jul-2009, 02:03 PM #5
Quote:
Originally Posted by Curly View Post
Try running the Windows Installer Cleanup Utility:

http://support.microsoft.com/default...b;en-us;290301
yeah I had this program but no benefit, it can only delete my Adobe,nero,office,java,nokia and some other essential programs.
So you don't have any idea how to find the file which is causing msiexec to start ?
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
09-Jul-2009, 04:03 AM #6
so? anyone ?
sludge3000's Avatar
sludge3000 sludge3000 is offline
Member with 342 posts.
 
Join Date: Oct 2008
Location: York, UK
Experience: Intermediate
09-Jul-2009, 05:57 AM #7
Hi m2stech,
After starting you computer and you have seen that the service is running go Start > Run then type in CMD. In the command prompt type tasklist /svc (please note the space between the 't' and the '/') this should bring up a list of the running processes and any files/drivers/processes/tasks/etc running on them. Post back with the results for msiexec.exe.

As it is set to manual start in services it suggests something is requesting the process to start. Go back to the services console as suggested before. Right click on the Windows Installer service and select Properties then click on the Dependencies tab. Please list all services mentioned here and state whether they are in the top box or bottom box.
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
09-Jul-2009, 07:31 AM #8
Quote:
Originally Posted by sludge3000 View Post
Hi m2stech,
After starting you computer and you have seen that the service is running go Start > Run then type in CMD. In the command prompt type tasklist /svc (please note the space between the 't' and the '/') this should bring up a list of the running processes and any files/drivers/processes/tasks/etc running on them. Post back with the results for msiexec.exe.

As it is set to manual start in services it suggests something is requesting the process to start. Go back to the services console as suggested before. Right click on the Windows Installer service and select Properties then click on the Dependencies tab. Please list all services mentioned here and state whether they are in the top box or bottom box.

I put a screenshot of things you told me to do:




also here's my hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:09 PM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Pro\DTProAgent.exe
D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\UTSCSI.EXE
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\mmc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - D:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-120] D:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - D:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1235220991500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1235220971328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5108/CTPID.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O21 - SSODL: cfgsmartsh - {4B52B2BB-BF82-6664-CEAA-037139706107} - (no file)
O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - D:\Program Files\D-Link\D-Link Wireless 108G DWA-120\JSWUtil\jswpsapi.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - D:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 10418 bytes
sludge3000's Avatar
sludge3000 sludge3000 is offline
Member with 342 posts.
 
Join Date: Oct 2008
Location: York, UK
Experience: Intermediate
09-Jul-2009, 08:29 AM #9
I'm no expert with HJT logs but there doesn't appear to be anything particularly suspicious there.

Can you try changing the service from manual start to disabled to see if this brings up any error messages. Hopefully these messages will hint as to what is trying to run the installer.
minimustangs's Avatar
minimustangs minimustangs is offline
Computer Specs
Member with 228 posts.
 
Join Date: Jul 2009
Experience: Advanced
09-Jul-2009, 08:34 AM #10
I've seen this behavior (msiexec.exe starting automatically) a few times related to Malware crap, but have also seen it related to HP printer s/w that is damaged, most notably when something happens to NetFramework files (as in they were removed/damaged).

S~
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
09-Jul-2009, 09:33 AM #11
Quote:
Originally Posted by sludge3000 View Post
I'm no expert with HJT logs but there doesn't appear to be anything particularly suspicious there.

Can you try changing the service from manual start to disabled to see if this brings up any error messages. Hopefully these messages will hint as to what is trying to run the installer.
so I disabled it didn't get msiexec after reboot and it was about 5 secs faster!
I don't have any error messages at all

Quote:
Originally Posted by minimustangs View Post
I've seen this behavior (msiexec.exe starting automatically) a few times related to Malware crap, but have also seen it related to HP printer s/w that is damaged, most notably when something happens to NetFramework files (as in they were removed/damaged).

S~
I already have .net 2.0 sp1/ .net 3.0 sp1 /.net 3.5
I don't have an HP printer and my nod32 is keeping my pc clean
sludge3000's Avatar
sludge3000 sludge3000 is offline
Member with 342 posts.
 
Join Date: Oct 2008
Location: York, UK
Experience: Intermediate
09-Jul-2009, 10:55 AM #12
Well that's good news. Although you may have the .netframework files as minimustangs said they could be damaged.

At least it's resolved the issue but you should be aware that this service is required for many kinds of windows installation so you may have to manually restart the service should you have problems installing anything.

If you are happy with this solution then please marked the thread as solved or state if you would like to find another way around it.
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
09-Jul-2009, 01:32 PM #13
Quote:
Originally Posted by sludge3000 View Post
Well that's good news. Although you may have the .netframework files as minimustangs said they could be damaged.

At least it's resolved the issue but you should be aware that this service is required for many kinds of windows installation so you may have to manually restart the service should you have problems installing anything.

If you are happy with this solution then please marked the thread as solved or state if you would like to find another way around it.
thanks for your help, but unfortunately my issue is still not solved!

maybe it's better if I say the whole story from beginning:
I got this problem about 5 months ago, when I changed the registry of a trial program (to reset the time limit, but didn't work),so far no problems, then few days later I wanted to install a corrupted old CD game for my small sister (which my pc freezed in the middle of installation and had to reset the pc) after that I got this msiexec.exe at windows startup trying to install the program that I played with its registry, I even completely deleted any remaining trace of that program and the game from both the installed folder and windows registry, but didn't solved the problem only caused the installer to appear without installing anything, so I gave up, but after few weeks and after installing some random games and applications then surprisingly the installer disappeared by itself, 4 months passed until early this week when I updated my "Comodo Firewall" from version 3.09 to 3.10 then suddenly the installer reappeared at windows startup and I'm like
hope this gives a clue.
sludge3000's Avatar
sludge3000 sludge3000 is offline
Member with 342 posts.
 
Join Date: Oct 2008
Location: York, UK
Experience: Intermediate
10-Jul-2009, 03:54 AM #14
So you wish to completely remove all traces of the program which you tinkered with in the registry and the corrupted program yes?

You should always backup the registry before palying with it as changing something in the registry can cause unforseen consequences which may not be noticed for ....... a couple of months. Please download ERUNT http://www.larshederer.homepage.t-online.de/erunt/ and make a full backup of your registry as it is now before we continue.

What are the names of the two programs?
m2stech's Avatar
m2stech m2stech is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2009
10-Jul-2009, 05:16 AM #15
yea, but I already removed all traces of those programs, I'm sure nothing is remained.
maybe there is something triggering the installer (such as updating my comodo firewall which needed a restart after completion of the update as I mentioned above) due to a conflict or something...

the name of the tinkered program is "Aroma software Greenrain 2.5" (a program related to pharmacy) and I think the game was a Barbie game which I don't remember exactly since I threw it into garbage after what happened...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
msiexec

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2