Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe error


  • Please log in to reply

#1
anandimmer

anandimmer

    New Member

  • Member
  • Pip
  • 1 posts
Yesterday doing an antivirus scan I discovered that I had an infection with Java/ByteVerify; my AVG (although updated) couldn't heal it but identified the location and I deleted all files in that folder.
Afterwards I realized that I couldn't go anymore in control panels, always receiving an explorer.exe error in a pop-up window.
Looking for help on Internet I discovered an answer at this address:
http://www.geekstogo...ror-t28929.html and followed the procedure described there.

Started in Safe mode and run the 4 antispywares
1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

and than, as indicated, run a scan at http://housecall.tre.../start_corp.asp that found no spyware.

Nevertheless, the same problem persists: errors of explorer.exe when trying to go in control panels ...

Besides, my AVG antivirus signals that 4 very important files were modified in system32 folder: kernel32.dll, user32.dll, shell32.dll and ntoskrnl.exe - but no more infection (infected files).

I wonder whether I could replace these changed files with the (genuine) ones that are in my i386 folder of ServicePack Files and thus fix the problem ...


The hijackthis.log files shows this :

Logfile of HijackThis v1.97.7
Scan saved at 10:21:51, on 2005-06-10
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\DeltTray.exe
C:\Program Files\Fichiers communs\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\spywarebegone\SpywareBeGone.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Kill Popup\KillPopup.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\ClockDomain\ClockDomain.exe
C:\Documents and Settings\Administrateur\Bureau\Heal_Tyan\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Fichiers communs\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Kill Popup.lnk = C:\Program Files\Kill Popup\KillPopup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...CAB?38275.75375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab


The AboutBuster report said that no ADS were found (therefore nothing repaired/fixed/replaced).



What is really stupid is that I really need to go in the control panels in order to fix another problem that I had before this one occured: when browsing, from time to time, very irregularly, I got a BSOD with the specification :
STOP: 0x000000D1 (0x00000000, 0x00000002, 0x00000000, 0x00000000) DRIVER_IRQL_NOT_LESS_OR_EQUAL
which seems to be due to a virtual/cache memory error/management (indicated by 0x000000D1 specification in the message).

Actually the causes for this kind of problem, as I read on several sites/forums, may be multiple and very divers :

- Norton antivirus - that I took off, for a month not being able anymore to update, this being one cause for the problem that begin to manifest; at the same time the uninstall of Norton can be problematic, some files still remaining in the OS; in order to get rid of all I must go in System management and activate "Not plug and play drivers" and eliminate them one by one
- a driver not updated as that for Roxio - I updated it in the meantime;
- the firmware of the router - I have a Linksys - I updated it;

After these three changes that I made the problem still persists, so that others could be the cause:
- the management of virtual memory;
- change of a setting: find NDIS System Driver, Right click for its properties and then press on the "driver" tab at the top; once here, change the setting to automatic (at the botom where it says "startup").

These are several causes that I cound find to fix the BSOD problem.

But for this I must go in control panels and now I cannot anymore due to explorer.exe errors ... Frustrating irony or ironic frustration ...

I really wouldn't like to reformat and reinstall everything (I have a lot of stuff well installed and configured - Reason, sound drivers, midi, etc.).

Thank you very much for any help or suggestion


anandimmer

Edited by anandimmer, 10 June 2005 - 08:55 AM.

  • 0

Advertisements


#2
bobthemailman

bobthemailman

    Member

  • Member
  • PipPipPip
  • 193 posts
Hi,
You are in the wrong forum please go to the malaware forum and post your hijack this log there. You will receive help from experts who are trained to deal with malaware :tazz:
go here 1st http://www.geekstogo..._Log-t2852.html
and then here http://www.geekstogo...o_Here-f37.html
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP