Explorer.exe automatically closes

  • the pilgrim
  • Born
  • Born
  • the pilgrim
  • Posts: 4

Post 3+ Months Ago

Hi everyone! Here's my first post. Hope you guys could help me...I've done all I could:

My windows explorer automatically closes after a couple of seconds when opening My Computer, My Documents, Search, Control Panel, and all other folders requiring explorer. The only way for me to access any files is to use RUN, then take advantage of the "browse" dialogue box. No error messages are stated, and the desktop refreshes itself right after the explorer closes.

I've already made registry corrections using TuneUp, made online scans using Kaspersky, deleted all identified viruses manually, changed my DEP settings, etc. Been working on this for almost 2 days now.

Here's a logfile from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:34, on 28.Jun.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\The Pilgrim\Desktop\Process Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.114:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FAFAE499-CAA1-43B5-8C68-921D020A9366} - C:\WINDOWS\system32\ddcCTmMc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hope you folks can help. It's urgent.

the pilgrim
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

O2 - BHO: (no name) - {FAFAE499-CAA1-43B5-8C68-921D020A9366} - C:\WINDOWS\system32\ddcCTmMc.dll


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.114:8080

If you set that as your proxy server, leave it.
  • the pilgrim
  • Born
  • Born
  • the pilgrim
  • Posts: 4

Post 3+ Months Ago

Wow! Thanks alot! Problem is solved! I owe you one buddy!
GOD bless you!
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Thanks for the blessing. I certainly needed it.
  • agustins
  • Born
  • Born
  • agustins
  • Posts: 1

Post 3+ Months Ago

hello I have the same problem but I do not understand the answer, if someone I can explain. Thank you very much.
Logfile of Trend Micro HijackThis V2.0.2
Scan saved at 14:11:28, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSI: Internet Explorer v7.00 (7.00.6000.16674)
Boot Mode: Normal

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ LSASS. exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ ctfmon. exe
C: \ Program Files \ Huawei Technologies \ Huawei SmartAX MT810 \ dslmon.exe
C: \ WINDOWS \ system32 \ devldr32.exe
C: \ ~ 1 \ Mozilla ~ 1 \ FIREFOX.EXE
C: \ Program Files \ Trend Micro \ HijackThis \ hijackthis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Links
R3 - URLSearchHook: Yahoo! with pop-up blocker - (EF99BD32-C1FB-11d2-892F-0090271D4F88) - (not file)
O2 - BHO: helper application links Adobe PDF Reader - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper. DLL
O2 - BHO: (no name) - (0694D49E-3622-46C0-BC93-6FDB77237340) - (not file)
O2 - BHO: (no name) - (077A2F05-B658-4613-91B3-8D6C9772E35E) - (not file)
O2 - BHO: (no name) - (0F2F61BB-5378-4FD0-840D-4AAA7A4596A7) - (not file)
O2 - BHO: (no name) - (0FFC835D-6208-4745-934C-3C8D7CEADD8E) - (not file)
O2 - BHO: (no name) - (19477121-7200-45b1-a4ef-815ccf5fc2f5) - (not file)
O2 - BHO: (no name) - (1a65c5ba-da10-4062-8b5f-c65802730ea8) - (not file)
O2 - BHO: (no name) - (23EC4891-6F5F - 4083-88C5-66ED92668DDC) - (not file)
O2 - BHO: (no name) - (25CEE8EC-5730-41bc-8B58-22DDC8AB8C20) - (not file)
O2 - BHO: (no name) - (2B2F95A8-D196-4FF9-B629-7E438C412FEE) - (not file)
O2 - BHO: (no name) - (2C32D8B5-E45B-43C5-8B6D-AFCDCAEF0205) - (not file)
O2 - BHO: Download RealPlayer and Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin. DLL
O2 - BHO: (202e0019-b7a2-1308-a5c4-24c8d3b73e73) - (37e37b3d-8c42-4c5a-8031-2a7b9100e202) - C: \ WINDOWS \ system32 \ vmdhvk.dll
O2 - BHO: (no name) - (434741DA-6039-46DC-AD0E-B89AE2435B3F) - (not file)
O2 - BHO: (no name) - (44F0B436-E195-4FAD-A11C-8F969596CDB4) - (not file)
O2 - BHO: (no name) - (49C1810F-C67D-4D24-A303-AE6541041FA7) - (not file)
O2 - BHO: Spybot S & D-EI Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ ~ 1 \ Spybot ~ 1 \ SDHelper. DLL
O2 - BHO: (no name) - (5C7EC235-BB61-483E-80FB-8D4659E41E80) - (not file)
O2 - BHO: (no name) - (61DB4983-D86B-4FC4-8FCE-F91D27518056) - C: \ WINDOWS \ system32 \ pmnlihIX. DLL
O2 - BHO: (no name) - (7B3F3151-ADFF-4550-BB73-F4CC538A9D72) - (not file)
O2 - BHO: (no name) - (7C9A64CF-425F-4363-9234-D0C812784958) - (not file)
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (not file)
O2 - BHO: (no name) - (8D3403B7-CD4F-41ED-99B4-C17D94A32003) - (not file)
O2 - BHO: (no name) - (8E3F62A4-4342-4748-828E-E6C6F4CE6BC5) - (not file)
O2 - BHO: (no name) - (8ea5a184-21e5-4225-9d64-fc3a0d85742e) - (not file)
O2 - BHO: (no name) - (8ebd09d1-6481 - 4a85-b9f2-62ce979dc23b) - (not file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ google \ googletoolbar1.dll
O2 - BHO: (no name) - (AB023277-9E9E-4F12-A330-F3E42E6E87F4) - (not file)
O2 - BHO: (no name) - (ABCF624F-5899-4C87-A4B9-CA2E010CDC60) - (not file)
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.1119.1736 \ SWG. DLL
O2 - BHO: (no name) - (B7C18E94-6537-4FD7-8E34-7143F6155DBB) - (not file)
O2 - BHO: (no name) - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - (not file)
O2 - BHO: (no name) - (BE986E14-CDB4-4A55-9485-4A4E3B0B9E6E) - (not file)
O2 - BHO: (no name) - (BF0CA4FC-6378-4062-B546-3CDE8A28B1E0) - C: \ WINDOWS \ system32 \ iifcDULF. DLL
O2 - BHO: (no name) - (C07934CA-7AA8-4994-B6A7-100E945433A3) - (not file)
O2 - BHO: (no name) - (DF1418BF-0A36-4D2E-BF5D-6A2E5272DE28) - (not file)
O2 - BHO: (no name) - (E131BCB4-D203-43CA-9304-CDCF386B678C) - (not file)
O2 - BHO: (no name) - (FED51DF2-9644-4C58-9104-90244EDD6EEC) - (not file)
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ Program Files \ google \ googletoolbar1. DLL
O3 - Toolbar: Winamp Toolbar - (EBF2BA02-9094-4c5a-858B-BB198F3D8DE2) - C: \ Program Files \ Winamp Toolbar \ winamptb.dll
O3 - Toolbar: (no name) - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - (not file)
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [MessengerPlus3] "C: \ Program Files \ MessengerPlus! 3 \ MsgPlus.exe"
O4 - HKLM \ .. \ Run: [msnsyslog] C: \ WINDOWS \ msnlogm.exe
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [BM63bff3b4] Rundll32.exe "C: \ WINDOWS \ system32 \ kfgtvsvf.dll 's
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [MessengerPlus3] "C: \ Program Files \ MessengerPlus! 3 \ MsgPlus.exe" / WinStart
O4 - HKCU \ .. \ Run: [ctfmon. exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nlsf] cmd.exe / C move / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (User local services)
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [tscuninstall]% systemroot% \ system32 \ tscupgrd.exe (User local services)
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nlsf] cmd.exe / C move / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup. dll "(User Network Service)
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nlsf] cmd.exe / C move / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nlsf] cmd.exe / C move / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (Default User user)
O4 - Global Startup: DSLMON.lnk =?
O8 - Extra context menu item: & Winamp Search Toolbar - C: \ Documents and Settings \ All Users \ Application Data \ Winamp Toolbar \ ieToolbar \ resources \ en-US \ Local \ search.html
O8 - Extra context menu item: E & xport to Microsoft Excel -- res://C : \ ~ 1 \ Micro ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv. DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (95028DD4-08F2-4287-8490-148A7AC46E09): nameserver = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: hggfffg - hggfffg.dll (file missing)
O20 - Winlogon Notify: iifcDULF - C: \ WINDOWS \ SYSTEM32 \ iifcDULF.dll
O20 - Winlogon Notify: winhlm32 - winhlm32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (not file)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C: \ Program Files \ Ares \ chatServer. exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common \ Symantec Shared \ ccSetMgr. exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT. exe
O23 - Service: Nvidia Display Driver Service (nvsvc) - Nvidia Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
  • soyferchi
  • Born
  • Born
  • soyferchi
  • Posts: 2

Post 3+ Months Ago

I'm having similar problems, the explorer.exe file closes by itself, whenever I open a folder and I look around. Afterwards it reinitiates and everything is ok, till I open another folder, and the same happens. This is my Hijack logfile:

Logfile of HijackThis v1.99.1
Scan saved at 00:29:27, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Archivos de programa\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\VMSnap1.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Keymaestro\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Fede's IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - (no file)
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Archivos de programa\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Archivos de programa\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2338990890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: perfnw32 - perfnw32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Archivos de programa\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de programa\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Archivos de programa\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Archivos de programa\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Archivos de programa\Keymaestro\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Archivos de programa\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please help me if you can, Thanks!!!

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 46 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.