Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Has Encountered A Problem And Needs To Close


  • Please log in to reply
4 replies to this topic

#1 jwald

jwald

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 17 March 2006 - 03:48 PM

I keep randomly getting this error message, when i click on the 'don't send report' or 'send report' the window closes and another one pops up about dr. watson postmortem debugger. it completely freezes my computer up. I clicked on a bad link a few days ago and got instant serious problems. My computer said it was infected. so i downloaded spybot and avg virus programs. ever since then i've been having this problem, don't know if its the from the spyware or the spyware/virus programs. I've tried some things i found on other forums. using something called shell exview i deleted the entries that were created that day. didn't help. Microsoft website had a process that had to do with adult websites and internet explorer favorite folders. I could not find any of the files or folders that they said to delete. so i heard about the hijack this program. thanks in advance for any help. here is the log it created:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:26 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\me\LOCALS~1\Temp\8F.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3606.cab
O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: ubtlbr - {A1C20AD4-ACDB-4985-A20C-5E3A0133A918} - ubtlbr.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

BC AdBot (Login to Remove)

 


#2 1Sin

1Sin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:03 AM

Posted 17 March 2006 - 05:42 PM

The first thing I would do is download and run in SAFE Mode is Adaware you already got Spybot run again in SAFE Mode as well as other Antivirus/Trojan software like A2 Square or Ewido they are free for X amount of time. Just so you can get cleaned up enough to run some online scanners like Housecall or Pandas Active Scan and then run them.
Post back after you try some of those and maybe someone knowledgeable can chime in.

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:03 AM

Posted 17 March 2006 - 06:21 PM

The best thing you can do immediately is try to use Windows System Restore to bring your system back to a restore date from before you got infected.

To access the System Restore Wizard, click Start, and then click Help and Support. Click Performance and Maintenance, click Using System Restore to undo changes, and then click Run the System Restore Wizard.

(Creating a restore point can be useful any time you anticipate making changes to your computer that are risky or might make your computer unstable. )

To view or to return to this restore point, from the Welcome to System Restore screen of the System Restore Wizard select Restore my computer to an earlier time. Then select the date when the restore point was created from the calendar in the Select a Restore Point screen. All of the restore points that were created on the selected date are listed by name in the list box to the right of the calendar.

What antivirus program do you have on your computer and is it updated at least daily and running at all times?

If the restore process works you still need some more protection.

Replace the firewall with a two way firewall (the one that comes with XP only provides incoming protection and offers no outgoing protection against autodialers, phonehomes and trojans).

Freeware AntiSpyware and Security Programs

Software firewalls with freeware versions
Zone Alarm:
http://www.zonelabs.com/store/content/cata...g=en&lid=nav_za
or
Sygate:
http://www.sygate.com/
(you can have only ONE software firewall running - more than one will conflict)

Antivirus programs - freeware (you can only use one resident anti-virus program on your computer. More than one will conflict)

If you do not have a current, automatically updating anti-virus program get ONE of the following - these are both freeware and just as good or better than the ones you pay for:

AVG:
http://www.grisoft.com/us/us_index.php

Avast Anti-virus freeware
http://www.komando.com/bestshareware.asp

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

Ad-Aware SE Personal is a free version and it can be downloaded from our Mirror Sites in the Download section at Lavasoft website. The freeware version is sufficient because you will get all the other features of the paid version with the free software listed below:

http://www.lavasoft.com/

Click on Adaware SE Personal in “Products” on the left side of the page

Spybot S&D: http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection.
and read the tutorial before deleting anything with Spybot. Anytime you are going to delete anything be sure to use Spybot's backup utility first in case the removal causes a problem.


Microsoft Windows Defender - absolutely mandatory to have to protect your computer against exactly the type of thing that happened to you
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection.

SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

A - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these.)

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Trend Micro antivirus European Edition (supports Mozilla based browsers)
http://uk.trendmicro-europe.com/consumer/h...call_launch.php

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

online trojan scans here -
http://scan.sygatetech.com/pretrojanscan.html
Windows Security Trojanscan
http://windowsecurity.com/trojanscan
Read the instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Edited by Enthusiast, 17 March 2006 - 06:28 PM.


#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:08:03 AM

Posted 17 March 2006 - 10:48 PM

Well, my friend, you are definetly infected. Following the advice of the other posters in this thread would be a good idea, but then complete the process by posting in the HJT forum.

Here is a complete list of all the neccessary steps:

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 21 March 2006 - 06:35 PM

Hi jwald,

Albert Frankenstein is completely correct, especially about this:

complete the process by posting in the HJT forum.


The kind of malware you have on your system is not easy to fix. It can be done, but takes special tools and someone with special knowledge. That is why we have a forum just for HJT logs. Usually just running an antivirus and one antispyware is not enough to solve the problem.

So to insure you don't receive any unauthorized help that could be detrimental to your system, I'm moving this topic to the logs forum and will help you with removal.

Since it's been a few days, the first thing I would like for you to do is post a fresh HijackThis log after following the steps in the preparation guide that Albert has linked you to. Also let me know anything else you have done to attempt to fix this problem. This will let me know if you are still interested in getting help from here, given up or whatever. Then we can sart the process of getting you cleaned up, which should clear up some of those errors.

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users