0

Hi everyone, I've been having some strange activity with my laptop the past few days and came here with the hopes of figuring out what's wrong to hopefully fix it. Let me try to give you a brief rundown of the problems that started popping up as I realized something must be messed up:

-Two days ago everything seemed to be working fine on my computer, no issues. However, when I navigated to My Computer and then tried to access an external harddrive, E: I believe, nothing would happen no matter how many times I double-clicked on the drive icon - Windows Explorer wouldn't change directly but also wouldn't freeze. I tried many times and found this odd.

-However, I then noticed that if I simply typed E:\ into my address bar at the top of the Explorer window, I could navigate to and browse the files on my external harddrive with no issues. I copied an AVI file from my external and then attempted to paste it into My Documents. About halfway through the file transfer, my computer locked up hard and nothing I did could help, so I simply shut it down.

-When I tried to boot back up, my computer showed the first two BIOS screens I usually see, then when the WinXP Pro loading screen USUALLY appears, I got a black screen with a white underscore cursor blinking - but I couldn't type anything, move the cursor, or do anything. I couldn't boot into Windows at all. I assumed some kind of important files were corrupt and used my Windows CD to perform a repair installation, after this was complete I could get into Windows no problem.

-Since the repair install everything seems to be working decently, however now I run into my current issue, which is somewhat similar to when I couldn't double-click to access my external harddrive before. All my programs run fine, I can access the internet fine, no real problems - except when I try to open any kind of Windows Explorer window. If I double click My Computer or My Documents from the desktop, my computer will hang for a few seconds, and then I recieve an error message that Explorer.exe must close - here is a screenshot: http://i32.tinypic.com/1q69vk.jpg .

All .exe's load and run fine but like I said, any attempt to open a Windows Explorer window and I start running into problems. Usually it is Explorer.exe that crashes but sometimes I get the error message for LSASS.exe and Taskmgr.exe. I thought perhaps checking if I need any updates thru Windows that might fix my issue, but whenever I try to open Windows Update, I recieve this error: http://i25.tinypic.com/90vz9c.jpg .

Last night I downloaded a copy of SP3 for WinXP and tried installing it. Finally I got it to install successfully while running my computer in Safe Mode. However, after the successful install it asked me to restart - so I did. The next time my computer booted it loaded a different WinXP loading screen, a smaller one that read "Please wait..." on the bottom instead of my usual loading screen. It ended up hanging on this screen all night and this morning I had to hard power-down the system to start it back up. Loaded the old loading screen, got into Windows fine, supposedly SP3 is installed but I have the same Explorer issues.

Does anyone have any ideas on where I should start or what this could possibly be? Thanks very much in advance.

4
Contributors
13
Replies
14
Views
7 Years
Discussion Span
Last Post by finito
0

One problem with running a Repair Install will replace the system files with the files on the XP CD used for the Repair Install. It will leave your applications and settings intact, but all Windows updates will need to be reapplied.
Now if your CD was XP SP2 then that wouldn't be too much of a problem but if it was just a straight XP CD then you should have reinstalled SP 1, SP 2 and all the other updates and then install SP 3. This may have been the problem with installing SP 3 immediately after the Repair. Do you know absolutely what you had on that CD?

0

The CD I used is the one that came with my laptop from HP, titled "Microsoft Windows XP Professional Service Pack 2," so I'm guessing that's not the problem?

Any other ideas?

0

The MAIN requirement when installing a service pack is that the computer must be 100% up to date and it must be running 100% correctly. I feel this was a mistake installing SP3 on a computer suffering major errors. All problems must be corrected BEFORE installing the service pack.
At this point we don't know what is causing those problems, but since you ran no malware scans we don't know but that could be a contributing factor. I would strongly advise that you rule this out. Begin by running the steps given in our sticky and posting back with the required logs.
http://www.daniweb.com/forums/thread134865.html

0

I see, that makes sense. Sorry for not posting the logs before.

Looks like I am infected with something - MBAM lists Explorer.exe and LSASS.exe as problematic files. However, when I try to "Fix Selected" after my scan is complete, MBAM crashes with the same error message I've been receiving for the other crashing applications: http://i27.tinypic.com/6f74eo.jpg . I tried rebooting into Safe Mode, ran another MBAM scan, but again it crashed as I attempted to Fix Selected.

I am unable to run GMER or DDS - whenever I try to launch these, the Explorer.exe error message pops up and the programs don't run.

Here are the MBAM logs I was able to obtain:

-----------------------------------------------------------------------------
Initial scan, not in Safe Mode:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/9/2010 1:05:57 PM
mbam-log-2010-07-09 (13-05-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 178642
Time elapsed: 39 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\Documents and Settings\Brian\Application Data\lsass.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Data: c:\documents and settings\brian\application data\lsass.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\Brian\Application Data\lsass.exe") Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brian\Application Data\lsass.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\lsass.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{741DAEAB-5E4B-42E3-B2B7-DE1E93B961BB}\RP4\A0007792.exe (Trojan.Agent) -> No action taken.

-----------------------------------------------------------------------------
Second scan, done in Safe Mode, after the first scan crashed when I clicked Remove Selected

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

7/9/2010 3:18:17 PM
mbam-log-2010-07-09 (13-05-57)-safemode.txt

Scan type: Full scan (C:\|)
Objects scanned: 174774
Time elapsed: 1 hour(s), 53 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\Documents and Settings\Brian\Application Data\lsass.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Data: c:\documents and settings\brian\application data\lsass.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\Brian\Application Data\lsass.exe") Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brian\Application Data\lsass.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\lsass.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{741DAEAB-5E4B-42E3-B2B7-DE1E93B961BB}\RP4\A0007792.exe (Trojan.Agent) -> No action taken.

0

I do not use IE, never do. Firefox is my go-to browser.

0

I do not use IE, never do. Firefox is my go-to browser.

Try this:
-- Download the attached FixIt.zip and Extract FixIt.bat from the Zip to your Desktop.
-- DoubleClick on FixIt.bat to run it.

Then, retry with MBAM and post the results.

Best Luck :)
PP

Edited by PhilliePhan: n/a

0

After running the FixIt batch file, MBAM was indeed able to complete a full scan and remove all threats. I also used a program called UnHackMe to clean my system of as many infections as possible. I can now run scans with MBAM and UnHackMe, and they both report that my system is clean.

However, I am still unable to open any Windows Explorer windows. Any attempt to creates the exact same Explorer.exe error messages! Does anyone have any idea what could still be messing with my system?

Here is my last MBAM log, reports everything is clean:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4298

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/10/2010 12:20:45 AM
mbam-log-2010-07-10 (00-20-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 174508
Time elapsed: 36 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

bpeck, please for the moment, hold off on the running of sfc. There are likely other clean up steps which will be needed.
Judy

0

Hey everyone, sorry for the delay in responding but I got lucky and a somewhat unknown combination of UnHackMe scans, MBAM scans and PhilliePhan's FixIt batch file ended up working for me! System appears clean, no more error messages, no more headaches. Thanks for all the help.

0

Have all the logs come up clean and is Windows Explorer working as it should?

Edited by jholland1964: n/a

0

bpeck, Jholland means you need to make sure that everything is clean, just becuase it looks ok doesn't mine it's ok.

Please entertain our care for a little while more.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.