Jump to content

explorer.exe crashes over and over


Supreme1
 Share

Recommended Posts

Alright here is the story 2 days ago my brother downloaded something our other, it was a .bat file of some sort. From the gist of it, It is reeking havoc the explorer.exe crashes over and over and over I'm so-so with computers just not on the virus side all post his hijack this log and see if any of you see suspicous files, I ran it once prior to this wrote down things i thought where out of place i got 15 confirmed ad ware,malware,etc things erased but it is still crashing over and over, Also honestly i suck at explaining things so bear with me.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:54:51 PM, on 12/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesLavasoftAd-Aware 2007aawservice.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

C:Program FilesComodoFirewallcmdagent.exe

C:Program FilesIntelliAdminagentagent.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesWebrootSpy SweeperWRSSSDK.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32taskmgr.exe

C:Documents and SettingsNate JDesktopHiJackThis.exe

C:Program FilesGrisoftAVG7avgwb.dat

C:WINDOWSSystem32imapi.exe

O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesComodoFirewallCPF.exe" /background

O4 - HKLM..Run: [WinVNC] "C:Program FilesTightVNCWinVNC.exe" -servicehelper

O4 - HKLM..Run: [sSC_UserPrompt] "C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe"

O4 - HKLM..Run: [ssAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exe

O4 - HKLM..Run: [spySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /startintray

O4 - HKLM..Run: [sCDEmuApp.exe] C:Program FilesPowerISOSCDEmuApp.exe

O4 - HKLM..Run: [sC2] C:Program FilesSecCenterscprot4.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe

O4 - HKLM..Run: [myivo] C:Program FilesAlericMyIVObinmyivomgr.exe

O4 - HKLM..Run: [MacroMachine BootMark] C:Program FilesTronanMacroMachineBootMark.exe

O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [AIMWDInstallFilename] C:PROGRA~1AIMAIMWDI~1.EXE

O4 - HKLM..Run: [efqdsjyx] rundll32.exe "C:Program Filespqhczsdwrcvgfodu.dll",Init

O4 - HKLM..Run: [avp] C:WINDOWSTEMPwinC3D.exe

O4 - HKLM..Run: [smgr] mgrs.exe

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet

O4 - HKCU..Run: [Weather] C:PROGRA~1AWSWEATHE~1Weather.EXE 1

O4 - HKCU..Run: [RealPlayer] "C:Program FilesRealRealPlayerrealplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exe

O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [MalwareAlarm] C:Program FilesMalwareAlarmMalwareAlarm.exe

O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h

O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl

O4 - HKCU..RunOnce: [CheckNetworkConnection] "C:Program FilesSupport.comproviderComcastdesktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=79518ae9-3c67-4492-9a7f-ea5520541000

O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Startup: IntelliAdmin Agent Tray Icon.lnk = C:Program FilesIntelliAdminAgentAgentSettings.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: MacroMachine.lnk = ?

O4 - Global Startup: palstart.exe

O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsNate JStart MenuProgramsIMVURun IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:Program FilesPokerStars.NETPokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll

O20 - AppInit_DLLs:  C:WINDOWSsystem32guard32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:Program FilesComodoFirewallcmdagent.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: IntelliAdminRC - IntelliNavigator, Inc - C:Program FilesIntelliAdminagentagent.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program FilesTightVNCWinVNC.exe (file missing)

--

End of file - 9314 bytes

Here is the report thank you for your time.

Link to post
Share on other sites

Have you tried finding another copy of explorer.exe with search in your OS?If you have that see if you can copy & paste it in where your Windowsexplorer.exe is.You may have to do this in safe mode .You may not be able to do it from even safe mode.If you had DOS then it would be much easier from outside Windows.Then you could just extract or copy the extra & probably good explorer.exe to DOS then to C:Windows.

There is a linux boot disc you can do this with but you have to learn some linux.

This is the one I used to make some repairs to my OS.

http://trinityhome.org/Home/index.php?wpid=1&front_id=12

Read the information at the site & if you know a linux user that could help you that would be a plus.I struggled through & managed to get what I needed to done but I don't know the correct instruction for you to use this.

Also I haven't used one but XP has a recovery console if you have a full Windows XP install disc.It might be possible to fix it from there.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...