PDA

View Full Version : Nothing works anymore


kichin
Jul 5, 2009, 07:52 PM
I have a windows XP computer which doesn't seem to want to run any of my programs. The computer was working fine until a few weeks ago when the system went through an auto update of one of the programs on the system. Ever since then, when I try to open any program on the system, the program loads for a brief second and then the screen goes blank. MS word and Nero cd burning software are some of the programs that doesn't seem to work. Also I try to run Spy Bot to see if there are any infections on my system, but it hangs up just before it can finish, leaving me with no way of removing the viruses found.
Any help would be appreciated.

seahwk83
Jul 5, 2009, 08:51 PM
Do you know what program was updated when auto updated?

What have you tried so far if anything?

Both questions above will help out but will suggest to get ccleaner, a registry cleaner/optimizer to remove invalid registry information

ccleaner (Freeware)
Download CCleaner 2.21.940 - FileHippo.com (http://www.filehippo.com/download_ccleaner/)
On the right hand side, click download latest version

Run and let it 'fix' whatever it finds

Post back

kichin
Jul 6, 2009, 08:48 AM
I'm not sure what program was updated, it updated during shut down.
So far I have tried to run SpyBot, but it hangs up about a minute before competition. I've also ran the following:
Malwarebytes
Spyware Doctor
Registry Mechanic
Plus about 5 other registry/adware programs, and nothing seems to work.

ALso, I noticed that the iExploer.exe process automatically starts up and continues to comeback when I check Windows Task Manager, which I thought strange since, I use Firefox for my internet browser.

seahwk83
Jul 6, 2009, 08:56 AM
Internet explorer is
Iexplore.exe not iExploer.exe

Are you sure it is iExploer.exe (with 'r' at the end)

seahwk83
Jul 6, 2009, 09:00 AM
iexploer.exe
Iexploer.exe is Trojan/Backdoor.
Kill the process iexploer.exe and remove iexploer.exe

Stop the process with task mgr
-start, run and type msconfig
-go to startup tab and look for iexploer.exe and uncheck it
-click apply and let system restart
-once back in windows. Search for iexploer.exe and delete the file

Once that is done - restart again and run all your prgrams again, start with malwarebytes

kichin
Jul 6, 2009, 09:10 AM
I'm not at my computer currently, but I am pretty sure it's iExploer. I checked msconfig, but could not find it on the list. I also ran hijackthis and noticed that iexploer.exe showed up on the log.
I'll have to see if I can get rid of this when I get home tonight.
Thank you for the help and I'll keep you updated tonight.

seahwk83
Jul 6, 2009, 09:59 AM
Check msconfig first and then with hijack this, check the iexplorer.exe line and choose "fix' at bottom to remove that line

Then restart and run the malwarebytes

If you would like, you can post a pic of hijack this log

kichin
Jul 6, 2009, 09:29 PM
Here's a copy of the HijackThis log file

Logfile of HijackThis v1.99.1
Scan saved at 9:18:14 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\My Documents\downloads\cleaner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing: (http://g.msn.com/0SEENUS/SAOS01)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\.. \Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1219538942484
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219434899250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219540279421
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O20 - AppInit_DLLs: ms32clod.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe



Also looking at Windows Task Manager again, the process that's running is iexplore.exe, but when this is running, I sometimes here a commercial coming from my speakers and when I kill the process, the commercial stops. I haven't heard the commercials in the last three days, therefore, I'm a little less concerned. I am currently running Malwarebytes' Anti-Malware, and will let you know the outcome as soon as it is complete.

seahwk83
Jul 7, 2009, 12:55 AM
Are you running 2 printers? Hp and lexmark?

You can safely remove this line
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

kichin
Jul 7, 2009, 08:09 AM
I am only running 1 printer, an HP. I believe the lexmark is one of the pen drive I have for work.

Also during the night, Malwarebytes did not find anything in my system, but Spyware doctor found 951 items which I removed.

seahwk83
Jul 7, 2009, 08:20 AM
The lexmark exe files might be what is causing issues, should not need anything extra installed for a pen drive

Go to link below and go to where LEXPPS.EXE and read info on that
Task List Programs - AnswersThatWork's famous Database of Processes, Windows Startups, Windows XP Services, Windows Vista Services, Process Library (http://www.answersthatwork.com/Tasklist_pages/tasklist_l.htm)

There is also info for LEXBCES.EXE there - But both of these applications are referring to lexmark network printing

I would go with these 2 files as something to look at especially if you have no lexmark hooked up to this machine

If it is just a pen drive, it should not need any files that load with your system to be able to work

Can also remove this line
O2 - BHO: (no name) - AutorunsDisabled - (no file)



So -
Purpose of these files:

If you have a Lexmark printer, then most likey you will also have this task. This program allows you to share your Lexmark printer over a network. This is not considered spyware.

With that said, you do not have a lexmark printer attached

kichin
Jul 7, 2009, 09:43 AM
Thank you. Will try it when I get home tonight.

kichin
Jul 13, 2009, 08:22 PM
I've been running SpYBot to get rid of my the viruses on my system, but when I run it, I keep getting the same thing over and over again "Microsoft.WindowsSecurityCenter_disabled." I must have ran SpyBot at least 10 times and fixed the error, but every time, I run SpyBot, it keeps showing up.
Is there a way to get rid of this thing once and forever?

seahwk83
Jul 13, 2009, 08:33 PM
Do you have the security center service disabled fro any reason?

If not sure, re-enable the service and if you feel that you would like it disabled again, you can always disable it again.

Start, run, type services.msc
Hit enter
-Go down list and look for Security Center
-Right click and choose properties
-Use dropdown box and change it to Automatic and click Apply

Close all open windows and restart PC
-If it was not set to Automatic to start with, the service would not start with Windows and therefor get that message

Run your program again to see if it will start OK

If not, try and post as much info as possible

*Spybot is working and that is why you received that message