Windows Explorer closes

Someone on here seemed to have a similar problem, with windows explorer closing after about 5 seconds.

I recently got the xp antivirus 2008 on my pc and the problem seems to have stemmed form there. My Mcafee completely missed this and failed to find anything on a full scan. This has now gone and been replaced with Kaspersky. this found 4 issues:

C:\Users\***\AppData\Roaming\Adobe\Manager.exe Infected: Trojan.Win32.Agent.xjc 1
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\wcp25i6d.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Users\***\Pictures\********\setup_wmp.exe Infected: Trojan.Win32.Agent.xjc 1
C:\Windows\System32\lphcgnrj0e9d3.exe Infected: Trojan-Downloader.Win32.Small.zwt 1

Kapersky states all have been dealt with.

However explorer still continues to close. I have run Hijack this and this is the report it generated:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:59, on 11/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Ashampoo\ASHAMP~2\bin\DEFRAG~3.EXE
C:\PROGRA~1\Ashampoo\ASHAMP~2\bin\defragActivityMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87CFA1F6-33D4-449E-BAD5-F69B95D8A6D2} - C:\Windows\system32\wVPiIxvS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\Windows\system32\ddcCtrRl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcCtrRl.dll,#1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2616342431-912017515-2511682779-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Karen')
O4 - HKUS\S-1-5-21-2616342431-912017515-2511682779-1001\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Karen')
O4 - HKUS\S-1-5-21-2616342431-912017515-2511682779-1001\..\Run: [MSServer] rundll32.exe C:\Users\Karen\AppData\Local\Temp\nnnkijKD.dll,#1 (User 'Karen')
O4 - S-1-5-21-2616342431-912017515-2511682779-1001 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Karen')
O4 - S-1-5-21-2616342431-912017515-2511682779-1001 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Karen')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll
O23 - Service: McAfee Application Installer Cleanup (0137141218446511) (0137141218446511mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\0137141218446511mcinst.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9172 bytes

Can anyone offer any help with this? The gentleman who had a similar problem identified it down to MTC.dll and questmod.dll neither of these files appear on my pc, I have gone through the control folders and ensure that hidden and system files are displyed.

Thank you for any assistance

Start HiJackThis and fix the following:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87CFA1F6-33D4-449E-BAD5-F69B95D8A6D2} - C:\Windows\system32\wVPiIxvS.dll
O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\Windows\system32\ddcCtrRl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcCtrRl.dll,#1
O4 - HKUS\S-1-5-21-2616342431-912017515-2511682779-1001\..\Run: [MSServer] rundll32.exe C:\Users\Karen\AppData\Local\Temp\nnnkijKD.dll,#1 (User 'Karen')

☺Good Luck☺

Thank you for your help.

All have gone aprt from:

O2 - BHO: (no name) - {87CFA1F6-33D4-449E-BAD5-F69B95D8A6D2} - C:\Windows\system32\wVPiIxvS.dll

this doesn't seem to want to go!! tried to delet it but windeows says i need permission, even though i am logged in as administrator.

Download killbox from here.
http://www.killbox.net/
Once you get it and install it.
In the text box enter:
C:\Windows\system32\wVPiIxvS.dll
And then click the red x at the end of the bar you entered the text in.
Its at the end after the folder and hand with the paper.

did any of this fix your windows explorer.exe?

No explorer still closes so we can assume this is the problem file. Going to get Killbox now and will report back.

Thank you

Got Killbox and ran as instructed, it says file cannot be deleted.

I tried a re-boot in safe mode, explorer works fine in this mode, but I cannot delete this file as everything hangs, when I press delete or try to right click. Killbox gave the same response in safe mode too. I have tried the options on killbox, such as unregister before delete and end explorer shell, with the same response.

Ok do the following:

1.click the Start button at the bottom left of your screen
2.click the Control Panel menu item
3.goto the left menu and click classic view
4.then double-click the System icon.
5.goto left menu and Click Advanced System Settings
6.Find the item marked Performance right under there is a button that says Settings.
7.Click the button that says settings under performance.
8.Click the Data Execution Prevention tab.
9.You'll see two options in that window click the second option that says "Turn on DEP for all programs and services except those I select."
10. when you are finished with that then click the 'add...' button it should be visable at the bottom of the box.
11.goto c:\windows\explorer.exe this is the file you want
12.reboot your computer

tell me how it works out.

OK followed that line and rebooted, still no joy. Explorer closes. I am wondering if a clean install is required? . Thank you for your help.

you are going to want to undo what i told you to do.
this was a more drastic way of getting explorer back
and may give you problems when trying to run other
programs later.


have you downloaded anything lately?changed any settings besides what we just did?
installed anything?downloaded any crack programS like stupid stuff like adobe photo shop or free stuff like that?

OK I'll undo that last instruction. I download torrents most of the time this is where the xp antivirus 2008 came from. All problems have stemmed from there. Kaspersky got rid of most of those issues. I did have a problem with start up:

C:\Users\***\AppData\Roaming\Adobe\Manager.exe Infected: Trojan.Win32.Agent.xjc

Kaspersky states it has dealt with this and I no longer get an error message on startup. Maybe this problem goes deeper? Which is why I am leaning towards a clean install, although this is a complete pain, backing up all files etc etc.

Not 100% certain what I did but explorer seems to be working OK, I tried renaming the \wVPiIxvS.dll file, it let me do this and since all seems OK, running a full system scan with kaspersky now. Would you still recommend a full clean install?

Thank you for your assistance you have been very helpfull, think I will find this board very useful and hope I can contribute.

Since a rename was allowed try to delete the renamed file.

Yep renamed file deleted OK. Thanks

A curious update to the problem. I renamed the wVPiIxvS.dll file and explorer worled fine. when I deleted the file it returned to the problem of closing??? I ran hijack this again and discovered a new dll file. Same problem as before it couldn't be deleted. I renamed the file and hey presto explorer now works fine!!! Anyone any idea whats causing this problem? Considering a clean install, would that be recommended?