"Send Error Report" problems...

askantik · May 14, 2006

Hey guys,

I run avast! with all the stuff turned on, auto updated every day... I have run the newest Spybot S&D updates, I have run Ad-Aware SE Professional, and ewido anti-malware. Whenever I open Firefox or IE, I get one of those "firefox.exe has encountered a problem and needs to close..."

Sometimes I get them for Windows Explorer. Firefox stays open as long as I don't click one of the two options, just drag the Error Report window to the side. I don't do any P2P, no questionable Web sites, and it just randomly started today. It seems to have odd habits. Everything was working fine until I tried to open Xfire today and it happened. Kept happening so I re-installed Xfire. Didn't help.. So when I decided to try to search for an answer online, that's when IE/Firefox started giving me problems.

Funny thing is, Xfire gives me an error but AIM doesn't. I can open up and play COD2 multiplayer with no problems. I've run a complete virus scan that took ~2 hours. I used CrapCleaner to erase history/temp files, etc. and also to fix any registry issues. What else can I do?

Thanks guys,
Cody

askantik · May 14, 2006

By the way, a CTRL+ALT+DEL processes list showed no weird things running except for "Radio.exe"

No idea what that is. I deleted it and then I found using the Startup tab on msconfig a registry key located at C:\Program Files\Free Radio\Radio.exe

I have put nothing of that on my computer, and it wasn't listed in Add/Remove programs. I deleted that folder. The executable was the only thing in the folder (and I have the option to view hidden files turned on).

Since I deleted the executable, it no longer shows up on Startup under msconfig. No idea what this file is/was, or if it even had anything to do with my problem. It doesn't seem to, since I deleted it and I'm still having trouble, but I just thought I'd throw in that I found it around the time this started happening, but then again... who knows. Maybe it's been there for a long time.

askantik · May 14, 2006

Ran a-squared, too. It found 11 objects, but it's still a no go.

chaslang · May 15, 2006

Your problems may not be malware related. The only way to be sure is to have you run standard cleaning procedures as given below.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

Bitdefender

Panda Scan

HijackThis

.

askantik · May 15, 2006

Getting restless... Tried it all. Here's my HJT logfile..

Okay.

Just to be for certain, I've run the following:

Lavasaft Ad-Aware SE Professional
Spybot Search & Destroy
a-squared
Windows Defender
ewido anti-malware
CounterSpy
TrendMicro Online Virus Scan
avast! anti-virus installed (and I've done a full system scan with the highest settings turned up)
CCleaner

Everything was run with the latest definitions and currently I'm running with avast! anti-virus on-access protection (was before this happened, too) and also ewido anti-malware active guard. I've made a previous post describing my problem if you'd like to see that... It's here.

What else can I do? The problem mentioned (the Error Dialog box) comes up no longer with Xfire. For some reason, Xfire randomly works now. Firefox, IE, HJT, Spybot, Ad-Aware, etc. still give me the error. But I can just move the box off screen and the program will continue working. That's why it seems like something is just making this box come up--- that the programs aren't really committing errors.

And lastly, I want to add that it seems to not affect programs that run at startup. For instance, my avast! anti-virus and ewido guard are fine (presumably because they load at startup). But another thing to take note of is that my online games work fine (without an error message). Such as COD2 Multiplayer and CS:S.

Any suggestions?

askantik · May 15, 2006

Why does it say my thread's been moved? And where to?

*edit* Nevermind... Now that I refresh, it doesn't say that anymore. Maybe the PC problem is having a psychological effect on me

chaslang · May 16, 2006

I repeat part of my instructions:

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

Bitdefender

Panda Scan

HijackThis

Click to expand...

askantik · May 16, 2006

I ran BitDefender and then HJT. Panda Scan does not work. It closes out with no error message before it even starts scanning. Hope this still helps.

chaslang · May 16, 2006

Let's download two tools we will need:

- Process Explorer

- Pocket KillBox

Extract them to their own folder somewhere that you will be able to locate them later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of msldr32.dll once and then click the kill button. After you have killed all of the msldr32.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of msldr32.dll and kill it.

Now just exit Process Explorer.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: msldr32 - C:\WINDOWS\SYSTEM32\msldr32.dll

Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msldr32]
Click to expand...

Now run Pocket Killbox:
Choose Tools > Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.
C:\Documents and Settings\Owner\My Documents\84766.exe
C:\WINDOWS\system32\msldr32.dll

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

After reboot don't run anything else until you do the below.
Locate the below with Windows Explorer and delete them (most of them should already be gone but we need to double check)
C:\Documents and Settings\Owner\My Documents\84766.exe
C:\WINDOWS\system32\msldr32.dll

Now attach a new HJT log here in your next message and tell me how the steps went.

Also make sure you tell me how things are working now!

askantik · May 16, 2006

Wonderful! It's finally fixed. Thanks so much

Do you know what the problem was/where it stemmed from?

chaslang · May 16, 2006

Your problem was due to the below malware file loading each time your system booted

C:\WINDOWS\SYSTEM32\msldr32.dll

It was hooked into Explorer.exe which is your Windows shell. Where you got it from.....well only you know where you surf so you would have to back track to figure out where/what you were doing before the problems began.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

"Send Error Report" problems...

askantik Sergeant

askantik Sergeant

askantik Sergeant

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

askantik Sergeant

Attached Files:

hijackthis.log

askantik Sergeant

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

askantik Sergeant

Attached Files:

bdscan.txt

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

askantik Sergeant

chaslang MajorGeeks Admin - Master Malware Expert Staff Member