Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Windows Explorer has encountered a problem and needs to close
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-02-2008, 09:41 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: Windows XP Home Edition


Windows Explorer has encountered a problem and needs to close
Hello, this is my first post. I needed some help with my Windows PC as this problem has been bugging me for months already. The problem goes like this: error messages like "WINDOWS EXPLORER HAS ENCOUNTERED A PROBLEM AND NEEDS TO CLOSE" randomly appears regardless of what action I was doing with the computer at that moment.

I've got Avira Premium Security Suite installed with firewall enabled and also have A-Squared Anti-malware installed. Both have not detected any viruses, worms, trojans, etc.. What exactly is the problem causing this error message to appear again and again? I have also ran CCleaner and fixed all issues, still the problem persists.

I shall show you all the HijackThis log file below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:48 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ActiveFax\Server\ActSrvNT.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.0.0.0 traffstats.biz
O1 - Hosts: 127.0.0.0 ybbwxlxytz.biz
O1 - Hosts: 126.0.0.0 traffstats.biz
O1 - Hosts: 126.0.0.0 ybbwxlxytz.biz
O1 - Hosts: 127.0.0.0 tongji123.com
O1 - Hosts: 126.0.0.0 tongji123.com
O2 - BHO: (no name) - {0000AC13-3487-1583-C4BE-BE6A839DB000} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D3EE64-20C0-4B6B-9354-80A68666B73F}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ActiveFax-Server-Service (ActiveFaxServiceNT) - ActFax Communication - C:\Program Files\ActiveFax\Server\ActSrvNT.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe (file missing)

--
End of file - 9829 bytes

Does the above logfile help in any way? Do you need me to supply any other information about my PC?

Oh, by the way, I should let you all view the screenshot of the windows explorer error message, though it doesn't signify anything in my opinion.





I am not a computer expert, so please help me in every single step you can. Thanks in advance to this forum and all the members.
artlee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-25-2008, 08:44 PM   #2 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Windows Explorer has encountered a problem and needs to close
Hello, artlee
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDS
  1. Please download DDS, and save it to your desktop, from one of the following mirrors:
  2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
  3. Double click on your desktop.
  4. If prompted by any script blocking tools, please allow any actions taken by DDS.
  5. When prompted to preform an Optional Scan, please select
  6. Two reports will open. Please reply with the generated reports:
    • DDS.txt <-- Copy and paste into your next post
    • Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER
  1. Please download gmer.zip and save to your desktop.
  2. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  3. When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  4. Double-click on Gmer.exe to start the program.
  5. Allow the gmer.sys driver to load if asked.
  6. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  7. Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  8. You will be prompted to restart your computer. Please do so.
  9. Run Gmer again and click on the Rootkit tab.
  10. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  11. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  12. Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  13. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  14. Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:
  • DDS.txt
  • Attach.txt
  • GMER's Log


Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2008, 10:46 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: Windows XP Home Edition


Re: Windows Explorer has encountered a problem and needs to close
Hello Billy,

Thanks for attending to my problem. As requested, here are the log files.


DDS.txt:

DDS (Version 1.0) - NTFSx86
Run by Lee Tai Meng at 13:00:33.37 on Wed 11/26/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2302.1877 [GMT 8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ActiveFax\Server\ActSrvNT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Documents and Settings\Lee Tai Meng\My Documents\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch_1.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - c:\progra~1\flashget\fgiebar.dll
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Google Update] "c:\documents and settings\lee tai meng\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [avgnt] "c:\program files\avira\avira premium security suite\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: avsda.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2008-9-30 71592]
R2 ActiveFaxServiceNT;ActiveFax-Server-Service;c:\program files\activefax\server\ActSrvNT.exe [2008-9-20 1479872]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\avira\avira premium security suite\avfwsvc.exe" [2008-9-30 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\avira\avira premium security suite\avmailc.exe" [2008-9-30 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\avira\avira premium security suite\AVWEBGRD.EXE" [2008-9-30 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\avira\avira premium security suite\avesvc.exe" [2008-9-30 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2008-9-30 71464]
R3 PPPoEWin;PPPoEWin Miniport;c:\windows\system32\drivers\PPPoEWin.SYS [2004-10-19 107719]
S2 Parclass;Parclass;c:\windows\system32\drivers\Parclass.sys [2007-9-14 19824]
S3 bepldr;BCL easyPDF SDK 5 Loader;"c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe" [2007-8-22 151552]
S3 DrvSnSht;DrvSnSht;\??\c:\program files\r-drive image\DrvSnSht.sys [2007-12-21 94608]
S3 EraserUtilDrv1061;EraserUtilDrv1061;\??\c:\program files\common files\symantec shared\eengine\EraserUtilDrv1061.sys []
S3 R-ImageDisk;R-ImageDisk;\??\c:\program files\r-drive image\R-ImageDisk.sys [2008-8-7 126551]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.0 pro\rcp_scheduler.exe [2007-10-15 557056]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2007-12-11 428160]
S4 Rpcsavmbe;Rpcsavmbe;c:\windows\system32\drivers\drvnddm.sys [2004-6-2 40448]
S4 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld []

=============== Created Last 30 ================

2008-11-19 13:54 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-19 13:54 1,409 a------- c:\windows\QTFont.for
2008-11-15 01:02 <DIR> --d----- c:\program files\Insofta Cover Commander
2008-11-12 21:31 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 21:30 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 20:38 <DIR> --dsh--- c:\documents and settings\lee tai meng\UserData
2008-11-12 20:25 105,984 a------- c:\windows\system32\msoert2.dll
2008-11-12 20:25 105,984 a------- c:\windows\system32\dllcache\msoert2.dll
2008-11-12 20:25 105,984 a------- c:\windows\msoert2.dll
2008-11-11 23:58 <DIR> --d----- c:\documents and settings\lee tai meng\Contacts
2008-11-10 23:03 118,050 a------- c:\windows\Remove Outlook Express Uninstaller.exe
2008-11-10 23:03 <DIR> --d----- c:\program files\Remove Outlook Express
2008-11-10 22:48 268 a---h--- C:\sqmdata01.sqm
2008-11-10 22:48 244 a---h--- C:\sqmnoopt01.sqm
2008-11-10 21:18 268 a---h--- C:\sqmdata00.sqm
2008-11-10 21:18 244 a---h--- C:\sqmnoopt00.sqm

==================== Find3M ====================

2008-11-26 07:14 75,843 a------- c:\windows\system32\tablet.dat
2008-11-25 18:17 <DIR> --d----- c:\program files\FlashGet
2008-11-21 00:44 <DIR> --d----- c:\program files\a-squared Anti-Malware
2008-11-13 14:49 <DIR> --d----- c:\docume~1\leetai~1\applic~1\RCP 5
2008-11-10 22:27 <DIR> --d----- c:\program files\Macromedia
2008-11-10 22:25 <DIR> --d----- c:\program files\common files\Macromedia
2008-11-10 20:46 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-11-05 19:22 9,264 a------- c:\windows\system32\msqtvcap.dat
2008-11-02 18:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-10-24 20:39 <DIR> --d----- c:\program files\ReaConverter 5.0 Pro
2008-10-23 07:54 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-10-19 12:03 410,976 a------- c:\windows\system32\deploytk.dll
2008-10-17 19:18 <DIR> --d----- c:\program files\R-Drive Image
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 00:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-06 21:02 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Malwarebytes
2008-10-06 21:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-10-04 01:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-10-01 14:19 <DIR> --d----- c:\program files\Trend Micro
2008-10-01 13:53 <DIR> --d----- c:\program files\CCleaner
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-30 11:59 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Avira
2008-09-30 11:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-09-30 11:35 <DIR> --d----- c:\program files\Avira
2008-09-29 23:47 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Symantec
2008-09-24 18:59 78,723 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-20 23:12 435,392 a------- c:\windows\system32\ActMonNT.dll
2008-09-20 23:12 86,016 a------- c:\windows\system32\ActMonRe.dll
2008-09-20 23:12 83,136 a------- c:\windows\UIActFax.exe
2008-09-20 23:12 69,632 a------- c:\windows\UIActFax.dll
2008-09-15 20:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 20:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-10 09:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-10 09:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 18:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-05 01:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-07-22 14:36 <DIR> --d----- c:\docume~1\leetai~1\applic~1\MSN6
2008-06-06 23:18 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Thinstall
2008-05-28 22:24 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Snappy Fax
2008-05-28 21:36 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Snappy Fax Archives
2008-05-28 20:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Snappy Fax Server
2008-04-29 18:24 <DIR> --d----- c:\docume~1\leetai~1\applic~1\The Bat!
2008-04-05 17:42 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Nitro PDF
2008-04-05 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nitro PDF
2008-03-18 23:18 <DIR> --d----- c:\docume~1\leetai~1\applic~1\STOIK
2008-03-11 02:24 <DIR> --d----- c:\docume~1\leetai~1\applic~1\AVG7
2008-01-30 23:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2008-01-24 17:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Icon Constructor 3
2007-08-02 12:25 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Ambient Design
2007-08-01 17:00 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Maxprog
2007-07-22 12:33 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Kristanix Software
2007-07-12 17:37 <DIR> --d----- c:\docume~1\leetai~1\applic~1\ZamDooClient
2007-07-03 01:21 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Moyea
2007-03-12 19:38 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Alien Skin
2007-03-11 22:27 <DIR> --d----- c:\docume~1\leetai~1\applic~1\ImageBadger
2007-02-17 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2007-02-09 00:19 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Design Science
2007-02-04 12:59 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Inkscape
2007-01-15 16:07 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Serif
2006-11-18 19:35 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Xara
2006-11-01 22:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ultima_T15
2006-11-01 22:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EnterNHelp
2006-10-31 21:44 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Nikon
2006-10-24 22:10 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Likno
2006-10-24 22:10 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Nvu
2005-10-22 11:08 <DIR> --d----- c:\docume~1\leetai~1\applic~1\WholeSecurity
2005-08-02 21:12 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Good Keywords v2
2004-07-06 14:10 <DIR> --d----- c:\docume~1\leetai~1\applic~1\Ulead Systems
2004-07-02 15:50 <DIR> --d----- c:\docume~1\leetai~1\applic~1\ABBYY
2004-06-23 20:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2004-06-02 13:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2004-02-20 01:15 <DIR> --d----- c:\docume~1\leetai~1\applic~1\CSOdessa
2008-06-23 18:14 0 a--sh--- c:\windows\hellboy\HellBoyDll.dat
2004-07-09 20:14 56 ---shr-- c:\windows\system32\76075376E6.sys
2007-11-03 13:34 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:01:11.78 ===============


Gmer.txt:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2008-11-26 13:32:02
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT F7A6B494 ZwCreateThread
SSDT F7A6B480 ZwOpenProcess
SSDT F7A6B485 ZwOpenThread
SSDT F7A6B48F ZwTerminateProcess
SSDT F7A6B48A ZwWriteVirtualMemory

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys B076A16D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys B0769FC2

---- User code sections - GMER 1.0.12 ----

.text C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9A, 84 ]
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9A, 84 ]
.text C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4C, 84 ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe[492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7C, 84 ]
.text C:\WINDOWS\explorer.exe[1652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 47, 84 ]
.text ...
.text C:\WINDOWS\SYSTEM32\wuauclt.exe[3184] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Documents and Settings\Lee Tai Meng\My Documents\gmer\gmer.exe[3560] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B0A20116] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B0A20116] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B0A20116] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B0A20116] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B0A20116] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [B0A20253] tfsnifs.sys

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{5E0963E7-CF46-1B5D-310DACB8805375B2}\{86E3B77C-EAE1-9D87-4C70ABEC16202E62}\{393DA271-51DF-0FF7-C96F576EB71CB867}@VBOGEGOY1DKTBDELSVQBDYRDXB1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{969D404C-EC53-A9AF-A02B8ED8C194B4B8}\{49CEC6C1-E90A-6C40-7DC9D5345834AD37}\{B3C560DA-C3C9-1298-A5CC78F93CD65657}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Environment@Licence REMOVED
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI03.00.00.01PRO 8FAC542A97CD9DD119E110FE4866A53F4ABA1521202D4F8E8F0367E38A2E836E2895206CCA0348400B3105E5670C28EE6512377E28F29E1998DA68B9A6FC2107D3D52C11ECB42EF63C014CE31E58ECB2A166B5B83FA3E878C44F744BFC604834AF383BF18DCD2887192780479ED27AA15D3EA633D685F9E98631B8B15FFAADF55C7BB3FC026F755513EE60F360BB36A4FB113FE5A71484FA4F46059A66246A217ED01DB3E5EEB91AA017CD619C81EBF863C95E5FAC7D1C8E1747CEC5EEE8FC5C3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555620B8DBCB8D2A0D4D8CB9625D576EA049F7237FD453F3BD14CC023AE451950EEFE2526B0EFB7AA96536DEB9B081485231A1AAACAA5FE21AEE6308A84A648D9546A2B6C3BF5EB90EB23F1F7DC9A56E26757E37CB022B8B6B5DFF322C554EA8BBE48D166F032D9ADE0392472DB50122490B455BB24FBC87F77A36AEB09A90671B0B170AAA8BE54310CF976AAD0A201BCE40598885E2771D689901600A73A87E5B1B104E57D6A8D1E833FFE7F393B4073AC0D7B1BDCCC5A6685F8208ABFCB3D1DCA492BD94D38204AE2D5F3E6D3FA51643408F03D60C88C3109A551C9B5D55B9C8CEA2BD83E5D0660CAFDB46A24741A7

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:56AC8DD1
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93C2F41D
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\034444D1-0000000A.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\03A77727-0000001E.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\04356CC3-0000000C.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\05AC4804-0000001C.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\065C1AFA-00000014.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\09801E26-00000007.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\127F6D02-00000006.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\17476658-00000008.eml:OEStandardProperty
ADS C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Account Reg a2d\1AA11A31-00000013.eml:OEStandardProperty
ADS ...

---- EOF - GMER 1.0.12 ----

Also, attach.txt is attached to this reply. Please view it.

Looking forward to your respond. Thanks.
Attached Files
File Type: txt Attach.txt (8.5 KB, 2 views)
artlee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2008, 12:18 PM   #4 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Windows Explorer has encountered a problem and needs to close
Hello, artlee
I don't see any malware in those logs. Are you still having problems?

I would like us to use ESET (NOD32)'s Online Scanner
  1. Please go to ESET OnlineScan (NOD32)
  2. You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  3. Now click Start
  4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  5. Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  6. To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  7. Press Scan
  8. The Onlinescan will now start and scan your pc (this could take a while)
  9. When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  10. Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  11. The Scanresults will now open in Notepad
  12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
  13. Right-click again and chose "Copy" (or <Control>+C)
  14. Close/Exit Notepad
  15. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2008, 10:37 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: Windows XP Home Edition


Re: Windows Explorer has encountered a problem and needs to close
Hi Billy,

I was still experiencing such errors yesterday. Here are the logs:

ESET Online Scanner Log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3644 (20081126)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=dbb17729b874874dbda0fae99d252901
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-27 05:29:13
# local_time=2008-11-27 01:29:13 (+0800, Malay Peninsula Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=316126
# found=0
# scan_time=12283


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:56 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ActiveFax\Server\ActSrvNT.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lee Tai Meng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D3EE64-20C0-4B6B-9354-80A68666B73F}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ActiveFax-Server-Service (ActiveFaxServiceNT) - ActFax Communication - C:\Program Files\ActiveFax\Server\ActSrvNT.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 9294 bytes

Looking forward to your reply. Thanks.
artlee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2008, 10:18 AM   #6 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Windows Explorer has encountered a problem and needs to close
Hello, artlee
Unfortunatly at this point I do not believe the problems you are having are malware related. I'm not entirely sure how to proceed, as all the logs you've sent back have been clean.

Also, the symptoms descrubed are not typically associated with malware.

I would therefore post in the windows XP forum here:
http://www.techsupportforum.com/micr...ws-xp-support/

They know quite a bit more than I about handling these types of issues.

Good luck!

We have to remove some entries in HiJack This
  1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  2. Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  1. Please go to Start -> Run
  2. Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.

We Need to Clean Up Our Mess
  1. Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  2. Double click the icon.
  3. Push the large "Cleanup" button.
  4. Allow your system to reboot.

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  1. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  2. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  3. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  4. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    1. Click the "Start Menu" (or Windows Orb)
    2. Click "All Programs"
    3. Click "Windows Update"
    4. On the left, choose "Change Settings"
    5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    7. Click "Check for Updates" in the upper left corner.
    8. Follow the instructions to install the latest updates.
    9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  5. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  6. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-30-2008, 10:26 AM   #7 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Windows Explorer has encountered a problem and needs to close
Hello, artlee
Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:55 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85