Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.exe failed to initialize ( 0xc000005 ) [RESOLVED]


  • This topic is locked This topic is locked

#1
9TOGO

9TOGO

    New Member

  • Member
  • Pip
  • 4 posts
Explorer.exe has failed to initialize upon startup Explorer.exe - application error.
The application failed to initialize (error 0xc0000005), click OK to close the programm.
During i was surfing a window opens inside the IE6 und the Computer shuts down.
So I think there must be malware on the computer.
I`ll tried a lot, but nothing works.
Possibly who can help me ?


here is my HJT file:


Logfile of HijackThis v1.99.1
Scan saved at 18:13:11, on 17.12.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
d:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\system\ESM2\SAgentNT.exe
C:\WINNT\system32\stisvc.exe
C:\system\ESM2\EBRR.EXE
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\System\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
D:\Programme\AVPersonal\AVGNT.EXE
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Wisterer HX\wistererhx.exe
D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\mshta.exe
H:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - d:\Programme\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\System\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [WistererHX] "C:\Programme\Wisterer HX\wistererhx.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google-Suche - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - D:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - D:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Save Flash by &GetFlash - D:\PROGRA~1\GETFLASH\getflash.htm
O8 - Extra context menu item: Verweisseiten - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Zoom &In - C:\WINNT\web\zoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\WINNT\web\zoomout.htm
O8 - Extra context menu item: Ähnliche Seiten - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C5BD9A1-F7B2-4008-A898-749A99E9460C}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C5BD9A1-F7B2-4008-A898-749A99E9460C}: NameServer =
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C5BD9A1-F7B2-4008-A898-749A99E9460C}: NameServer =
O17 - HKLM\System\CS3\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{2C5BD9A1-F7B2-4008-A898-749A99E9460C}: NameServer =
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\system\ESM2\SAgentNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I'll be back in a second.

Hang on please.
  • 0

#3
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Please proceed as follows.

Click Start > Run > and copy this command:
regedit.exe /e C:\RPCKDM.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM"
> then click OK to execute.

This should create the file:
C:\RPCKDM.txt

Open that file and post the content.

Regards,
  • 0

#4
9TOGO

9TOGO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
THX a lot,
here is the RPCKDM File:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]
"data2"=hex:d7,6d,29,5c,44,79,09,7c,0d,7e,7b,06,0a,12,0c,0f,79,7d,12,0b,79,7e,\
7e,12,7e,7a,0f,0d,12,0a,09,07,0c,0c,79,7b,0b,08,06,7c,7a,42
"data1"=hex:b9,38,65,81,7a,7a,70,6d,76,77,74,72
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Thanks. Save that file just in case anything backfires.
It can act as a backup.

Open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
This is how the regfix must look afterwards: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and open your Internet Explorer.
Let me know if that solved the problem.

If you have any idea where you received the popup that caused this, please PM me the URL.

Regards,
  • 0

#6
9TOGO

9TOGO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
brilliant!
It works fine, You do a great job - thanks a lot!

Sorry about the Url, I was searching in the Google ranking about electronics Stuff for engineers,
so i dont know exactly the Url, because it gone to fast !

But can you tell me what it was ?


Kind Regards
  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Unfortunately no.

What I have gathered sofar is that it is caused by a popup and only seems to bother people that have Windows 2000. Maybe because they can't get IE SP2 ?

The values in the registry key are different everytime and don't make much sense.

I'm still looking for someone that can tell me which popup did it.
Maybe that will enable us to find out more.

Please do have a look at my site about removing and preventing spyware.

Completely unrelated. can you tell me what this is for:
O4 - HKCU\..\Run: [WistererHX] "C:\Programme\Wisterer HX\wistererhx.exe"
It looks like it might be a German program.
Couldn't find much about it, so I'm curious.

Regards,
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Errm. Never mind that last question.

Think I found it:
http://www.wintotal....rb=1023&id=2179
  • 0

#9
9TOGO

9TOGO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Yes It is the right one.

It is a little Programm (Freeware) for scheduling and quick reminding.

Thanks a lot


Regards
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
My pleasure. :tazz:
  • 0

#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP