| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91921 | 2008-07-22 22:57:00 | My windows explorer is crashing... | tromin (13998) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 691251 | 2008-07-22 22:57:00 | Hey, Sorry for any english errors, but i'm gonna do my best My problem is that my explorer crashes everytime I close folders (any types of folders). Here's the error message: img174.imageshack.us I went to "Administrative Tools - Event Viewer" too and i clicked in the red cross. It says this: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x013616d3. For more information, see Help and Support Center at go.Microsoft*.com This started happening since I installed Rapidown, I have read a lot of threads about this problem, and now I know that Rapidown is a dangerous program. I've tried many things: clean registry errors and cookies, scan for virus and spyware, I also downloaded a file (that i think it came with spyware too) to fix shells or something... Anyway, i'm sick of this problem and i really need help here. I'll wait for answers. |
tromin (13998) | ||
| 691252 | 2008-07-22 23:07:00 | Post a hijackthis log. Scan it with something like this (www.malwarebytes.org) If you know something is dangerous or installs spyware, dont install it ! |
Speedy Gonzales (78) | ||
| 691253 | 2008-07-23 00:59:00 | Post a hijackthis log . Scan it with something like this (www . malwarebytes . org) If you know something is dangerous or installs spyware, dont install it ! Ok, thanks, I'm doing a scan right now with the Malwarebytes, it can take long . . . When the scan finish, i'm going to post the HiJackThis log here . By the way, the first time I run Malwarebytes to update, it shown an error saying "Error loading database . Line: #10222 . " and everytime i ran the program it said the same thing . I had to search for an answer to solve the problem, and i found it, but i still can't update the program . I'm only saying this cause it was a little strange . |
tromin (13998) | ||
| 691254 | 2008-07-23 01:06:00 | Get trojan remover in my sig as well.. If you cant get to the site heres the direct link (www.simplysup1.com) Install it then scan. Then select all options under the utilities menu. Then update it |
Speedy Gonzales (78) | ||
| 691255 | 2008-07-23 01:24:00 | Ok, thanks for all, I'm gonna do all that things you said. Tomorrow i'll put here the results of the Malwarebytes and Trojan Remover scans and the HiJackThis log too, because today I have no more time left. One more thing before I go, it's necessary to do the scans in Safe mode? |
tromin (13998) | ||
| 691256 | 2008-07-23 02:16:00 | One more thing before I go, it's necessary to do the scans in Safe mode? No, if you can boot into normal windows you can scan |
Speedy Gonzales (78) | ||
| 691257 | 2008-07-23 09:31:00 | Hi again . I did a scan with Kaspersky AV during the night, and it didn't detected anything . Then i scanned with Trojan Remover and didn't detected anything too, scanned with the Malwarebytes and it detected a trojan in a file, I deleted, and from quarantine too . By the way, the infected file was: C:\System Volume Information\_restore{83489493-9DEE-4402-8723-648BF0E8A0C8}\RP885\A0392566 . exe (Trojan . Downloader) -> Quarantined and deleted successfully . Then, I restarted pc and when started, the FastScan of Trojan Remover appeared and it said that there were problems with some registry shells, and I fixed them, like the program recommended . After all this, the error keeps appearing (like I said in the beggining, appears everytime I close any type of folder) :help: Here's the 2 messages of the problem: --> . imageshack . us/img413/7238/99234031du1 . png" target="_blank">img413 . imageshack . us --> . imageshack . us/img174/1599/36492074lx7qp0 . png" target="_blank">img174 . imageshack . us HiJackThis log Logfile of HijackThis v1 . 99 . 1 Scan saved at 9:45:10 AM, on 7/23/2008 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP3 (6 . 00 . 2900 . 5512) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\WINDOWS\CTHELPER . EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7 . 0\avp . exe C:\WINDOWS\system32\RUNDLL32 . EXE C:\Program Files\Java\jre1 . 6 . 0_07\bin\jusched . exe C:\Program Files\Rainlendar2\Rainlendar2 . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7 . 0\avp . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\WINDOWS\system32\nvsvc32 . exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm1 2 . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\explorer . exe C:\Documents and Settings\Administrator\Desktop\New Folder\HijackThis . exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_07\bin\ssv . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2 . dll O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon . exe -AutoStart O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [CTxfiHlp] CTXFIHLP . EXE O4 - HKLM\ . . \Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7 . 0\avp . exe" O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\system32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_07\bin\jusched . exe" O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2 . exe O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL . EXE/3000 O8 - Extra context menu item: Transferir com FDM - file://C:\Program Files\Free Download Manager\dllink . htm O8 - Extra context menu item: Transferir todos com FDM - file://C:\Program Files\Free Download Manager\dlall . htm O8 - Extra context menu item: Transferir vídeo com FDM - file://C:\Program Files\Free Download Manager\dlfvideo . htm O8 - Extra context menu item: Transferência seleccionada pelo FDM - file://C:\Program Files\Free Download Manager\dlselected . htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI . dll/Translate . htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_07\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_07\bin\ssv . dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7 . 0\SCIEPlgn . dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag . exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag . exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1195066082812" target="_blank">update . microsoft . com O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - . acclaim . com/cabs/acclaim_v4 . cab" target="_blank">www . acclaim . com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1195066067218" target="_blank">update . microsoft . com O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - . nvidia . com/content/DriverDownload/nforce/NvidiaSmartScan . cab" target="_blank">www . nvidia . com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - . pandasoftware . com/activescan/as5free/asinst . cab" target="_blank">acs . pandasoftware . com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1 . DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1 . DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon . dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon . dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj . dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc . exe O23 - Service: Kaspersky Anti-Virus 7 . 0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7 . 0\avp . exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA . exe (file missing) O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO . EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID . EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc . exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm1 2 . exe O23 - Service: TuneUp Drive Defrag Service (TuneUp . Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService . exe |
tromin (13998) | ||
| 691258 | 2008-07-23 09:49:00 | Disable system restore (right mouse / properties) on my computer on the desktop. System restore tab. Open my computer / go to tools / folder options / view. Untick hide protected operating system files. Then OK. If this is XP Pro, right mouse on the System Volume Information folder / security tab / add. Type in the name that appears in the menu (when you click on start). Then check names. If you put it in right, this will complete it. The click on OK, OK. Then you should be able to go into the System Volume Information folder. Once you get into the above folder, Delete everything in it. (Dont delete the folder itself though). Then: Tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe\ O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" Then reboot. Then enable system restore again Did you tick everything under utilities in trojan remover as well? Also after you reboot, open my computer, highlight c, then right mouse / scan with trojan remover (did you update it as well)?? |
Speedy Gonzales (78) | ||
| 691259 | 2008-07-23 10:08:00 | Speedy Gonzales, when I Untick "hide protected operating system files", the folder "System Volume Information folder" doesn't appear. This is windows XP Pro |
tromin (13998) | ||
| 691260 | 2008-07-23 10:14:00 | I've done a search in the pc for that folder, and I found it, but when I right-click on the folder, there's no security tab. Here's the printscreen: img295.imageshack.us P.S. - The folder is empty. I ticked all the utilities of Trojan Remover and I updated it as well. |
tromin (13998) | ||
| 1 2 3 | |||||