Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Junior Member
    Join Date
    Apr 2005
    Posts
    65

    Default Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Hijack This log-Windows 7 Home Premium bit 64.

    Have run malwarebytes and found nothing.

    Could some one please look over this log and tell me what maybe wrong.

    I am getting the following message-Windows explorer has stopped working and then windowsw explorer is restarting.



    Not sure why.

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:17:02 p.m., on 19/01/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.ex e
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Documents\Downloads\Programs\Hijack This.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [nodenable] C:\Program Files (x86)\eset\nodenable.exe /s
    O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9108 bytes

    Do i need to fix all those files where it indicates (file missing)?

    Please help.

    Thanks


    David

  2. #2
    Soaring like an Eagle gary67's Avatar
    Join Date
    Aug 2007
    Location
    In a field in Hanmer
    Posts
    14,966

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Wait for Speedy he is our resident specialist on HJT

  3. #3
    Crossmember feersumendjinn's Avatar
    Join Date
    Feb 2007
    Location
    Levin
    Posts
    2,626

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Looks like you've been deleting important system files (or something has, or HDD corruption), probably why your Windows Explorer is complaining, may need to repair your OS installation or at least do a sfc /scannow from your Run command (at administrator level).
    HJT cant even tell what OS you're running, maybe W7 is a bit new for it.
    http://www.sevenforums.com/software/...ijackthis.html
    Last edited by feersumendjinn; 19-01-2010 at 05:53 PM.
    "...anyone who expects a source of power from the transformation
    of these atoms is talking moonshine..."
    - Ernest Rutherford (1871-1937)

    --------------------------
    "After your hands become coated with grease, your nose will begin to itch."

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,855

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Nah its probably says missing files, because it doesnt know what win7 is

    If windows explorer is crashing, you may have installed something that isnt compat with x64.

    What version of Nero is it?

    You can tick these then tick fix checked

    Close browsers

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    It could be VSO, or Convertxtodvd, if these put a shell extension in windows explorer

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    If you dont use Nero Home you can tick this

    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    Is this part of NOD?? If it is what is it / whats it do? Someone who uses NOD may want to verify this is part of it. It looks like this file is also a trojan

    O4 - HKCU\..\Run: [nodenable] C:\Program Files (x86)\eset\nodenable.exe /s
    Last edited by Speedy Gonzales; 19-01-2010 at 05:57 PM.

  5. #5
    Crossmember feersumendjinn's Avatar
    Join Date
    Feb 2007
    Location
    Levin
    Posts
    2,626

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    HJT cant even tell what OS you're running, doesn't work with Win7, disregard what I said above (see post in link).
    http://forums.speedguide.net/showthread.php?t=266744.
    "...anyone who expects a source of power from the transformation
    of these atoms is talking moonshine..."
    - Ernest Rutherford (1871-1937)

    --------------------------
    "After your hands become coated with grease, your nose will begin to itch."

  6. #6
    Junior Member
    Join Date
    Apr 2005
    Posts
    65

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    ok Intel Core Duo2 E8500 3.16GHz 6M 1333MH

    Gigabyte GA-EP41-UDL3L ATX LGA775.

    Not sure whether this helps.

    ConvertX to DVD 4 is capatable with Windows 7 64 bits according to what I am seeing.

    Nod32 came with a 30 day trial.

    I am assuming the version of Hijack This is okay for Windows 7 64bit!!!

    I have deleted the first four entries mentioned and wonder about those entries where it indicates 'files missing', should they be retained or deleted.

    I also use ccleaner, do an analysis and then run the cleaner, not sure that this should create a problem. Do not run the cleaner in the registry.

    David
    Last edited by David57; 19-01-2010 at 06:33 PM.

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,855

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Leave the missing file entries there. This version of HJT doesnt know what Windows 7 is. What version of nero is installed then?? Is it a recent version?

    WHEN is explorer restarting?? What are you doing / or using at the time?

  8. #8
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,693

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Hijackthis does mostly work on W7 - it just doesn't know the full name of it. WinNT 6.01.3504 is the actual name /build of W7. I used it a couple of hours ago on a customers W7 PC that was infected and hijackthis picked up several nasty entries.

    Just ran it on my own W7 and it worked fine just didn't name it thats all - the rest is OK.

    It does look like you do have a lot of damaged missing files. On mine No.23's did have the service -( what ever its listed) but not the file missing.

    As mentioned before, click start, type in cmd from the results, right click CMD / run as administrator - type in sfc /scannow ( press enter)

    Edited: from what I was reading - some of the ones under service can be sitting there ready to go, but not running until needed.

    example: last 3 of my log:

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    Last edited by wainuitech; 19-01-2010 at 06:46 PM.

  9. #9
    Junior Member
    Join Date
    Apr 2005
    Posts
    65

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    Nero 8 Express version 8.3.2.2

    When I get the error for explorer restarting I can be internet explorer or some times the desktop is showing.

    I am using a laptop to follow this up and have deleted the first 4 entries mentioned above. Since the deletions there doesn't seem to be any problems.

    When I type in cmd i get c:\Users\Owner and nothing else. excuse my ignorance.

  10. #10
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,693

    Default Re: Windows Explorer Has Stopped Working-Windows 7 Hijack This Log

    You should get it Like this here click start Orb, type in cmd then up top, right click it / run as administrator. When the cmd box opens then type in sfc /scannow ( note single gap between c and /


    Also if that doesn't fix it, try upgrading / reinstalling your graphic drivers.

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

    If the graphic drivers are damaged it can also cause all sorts of problems.

    Edited: what you can also look at - slick start, type in reliability, select View reliability History, where there is a error there will be a red circle with a X, click it, it will give you some sort of report -- whats a common fault ( sometimes they state the obvious)

    Edited 2: can you make it lockup / stop working ??
    Last edited by wainuitech; 19-01-2010 at 07:33 PM.

Similar Threads

  1. Windows Explorer Has Stopped Working
    By David57 in forum PressF1
    Replies: 14
    Last Post: 31-12-2009, 12:26 PM
  2. Replies: 3
    Last Post: 20-11-2009, 06:57 AM
  3. Windows explorer help in windows vista
    By jnsbs in forum PressF1
    Replies: 6
    Last Post: 02-08-2008, 12:33 PM
  4. VISTA: Windows Explorer Has Stopped Working ??'s
    By WESTCOAST in forum PressF1
    Replies: 9
    Last Post: 28-07-2008, 10:28 PM
  5. Replies: 3
    Last Post: 30-01-2004, 08:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •