View Full Version : explorer crashing repeatedly

02-06-2008, 11:03 AM
Hijack this looks like this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:52 PM, on 6/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {3F201040-E21A-4690-A23C-CA791A72B268} - C:\WINDOWS\system32\urqOheBt.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 LA.EXE /P24 "EPSON Stylus Photo R1800" /O6 "USB002" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

End of file - 5317 bytes

I believe urqOheBt.dll may be the problem but cant seem to remove it.

Any Ideas? Any other problems Im missing?

Speedy Gonzales
02-06-2008, 11:20 AM
Tick these then tick fix checked

Close browsers

If explorer crashes while you're opening my computer, tick the entry below first then tick fix checked, then reboot, then open / run my computer, right mouse on c / scan with trojan remover

Let it scan the whole hdd. Also run trojan remover after, then select all options under the utilities menu

O2 - BHO: (no name) - {3F201040-E21A-4690-A23C-CA791A72B268} - C:\WINDOWS\system32\urqOheBt.dll

O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"

Get something better than Symantec AV

02-06-2008, 11:25 AM
Angel is a program for an online game, the other was checked and set to be removed, however it was still hijackthis log at restart.

In process of scanning C drive, will post when complete.

Speedy Gonzales
02-06-2008, 11:31 AM
Ok you may have a Vundo infection, thats what the file you posted belongs to / installs

02-06-2008, 02:01 PM
Finished the check and restarted, the file was on the hijack list but listed as no file. Hijack this removed it and I ran a vundo fix program to clean up. No visible problems at this point... will update if it continues to crash.

My Thanks for your help.

Symantec was required when at college and I just never changed after graduation.... Any suggestions on your favorite Av program?

Speedy Gonzales
02-06-2008, 02:09 PM
Avast if you want something free (http://avast.com/eng/avast_4_home.html)

Altho you do have to register it every year (http://avast.com/eng/home-registration.php)

And comodo (in my sig) is a firewall, which is also free

Altho for new users it maybe a bit hard to configure.

02-06-2008, 02:12 PM
Thanks, I'll look into those.

Speedy Gonzales
02-06-2008, 02:13 PM
No probs good to hear (hopefully) thats its fixed !