1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

End Now..explorer.exe and wallpaper problem

Discussion in 'Windows XP' started by ProjectM, Jan 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ProjectM

    ProjectM Thread Starter

    Joined:
    Oct 29, 2005
    Messages:
    34
    Everytime I go to shut down my computer, I get an explorer.exe error msg, and am forced to end now, and then the computer will shut down. This is annoying, as it takes a long time to turn off. Also everytime I turn my pc on, the wallpaper will not display, and I am left with just a defualt blank colour and have to apply the wallpaper manually. Very annoying.

    Sigh...XP Pro SP2
     
  2. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    Hi ProjectM,

    If you didn't recently install new softwares on your computer, I suggest you to download the Hijackthis self-installer from here :
    - install the software;
    - launch Hijackthis;
    - click the button Do a system scan and save a log file;
    - Notepad will open displaying the content of the log file; copy paste the whole content in a new post of this current thread.
    Also, I advice you to not fix anything yet with HijackThis; a security expert will have a check of your log and you will be adviced about the procedure to fulfill in case malwares are installed on your system.
     
  3. ProjectM

    ProjectM Thread Starter

    Joined:
    Oct 29, 2005
    Messages:
    34
    Logfile of HijackThis v1.99.1
    Scan saved at 9:56:37 PM, on 21/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\security\FireDaemon.exe
    C:\WINDOWS\security\winsecure.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Darren\My Documents\Programs\utorrent.exe
    C:\Program Files\InterVideo\DVD7\WinDVD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\A-PC rp\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: Windows Workstation Service (Windows Workstation) - Unknown owner - c:\msdos.exe (file missing)
    O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
     
  4. ProjectM

    ProjectM Thread Starter

    Joined:
    Oct 29, 2005
    Messages:
    34
  5. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    1° Download the free version of Ewido Security Suite from here ;
    - install the software, under Additional Options, uncheck both Install background guard and Install scan via context menu ;
    - run ewido, click Ok when it prompts to update;
    - when the main screen appears, click Update then click Start;
    - when the update is over, do NOT scan the system yet, you will perform a scan later.
    - exit the software

    2° Download Cleanup! from here;
    - install the software;
    - after installation, don't launch the software, you'll run it later.

    3° Click the Start button in the bottom of the screen then click Run, type services.msc in the pane than OK,
    - a window will open,
    - browse the right pane and high-light Windows Workstation Service, right-click on it then select 'Properties',
    - a new window will open (you should see the path c:\msdos.exe) :
    - click the 'Stop' button;
    - in the list box 'Startup type', select 'Desactivate';

    4° Exit all open applications and restart your computer in safe mode;

    5° Launch ewido :
    - click Scanner then click Complete System Scan,
    - each time, the software prompts to clean files during the scan, click Ok,
    - when the scan is over, click Save report in the bottom of your screen and save the report on your desktop;

    6° Launch Cleanup! :
    - click the Cleanup! button;

    7° Restart your computer normally;

    8° Post the ewido report you saved previously followed by a new HijackThis log.
     
  6. ProjectM

    ProjectM Thread Starter

    Joined:
    Oct 29, 2005
    Messages:
    34
    Logfile of HijackThis v1.99.1
    Scan saved at 12:00:20 AM, on 23/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Darren\My Documents\Programs\utorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\A-PC rp\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINDOWS\security\FireDaemon.exe (file missing)
     
  7. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    Hi ProjectM,

    Please post your ewido report as I asked you in point 8° of my prior post ! ;)
     
  8. ProjectM

    ProjectM Thread Starter

    Joined:
    Oct 29, 2005
    Messages:
    34
    Yes sorry

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 12:48:31 PM, 22/01/2006
    + Report-Checksum: 870CF2DF

    + Scan result:

    C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-30ed2a60-3e9d191a.zip/Matrix.class -> Downloader.Java.OpenStream.c : Error during cleaning
    C:\Program Files\RN\3.7.l.zip/slave.exe -> Not-A-Virus.RA.Win32.RA.52126 : Error during cleaning
    C:\Program Files\RN\remote-trial.zip/uninstall.exe -> Not-A-Virus.RA.Win32.RA.52126 : Error during cleaning
    :mozilla.11:C:\Documents and Settings\Darren\Application Data\Mozilla\Firefox\Profiles\ahpp2z4d.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-30ed2a60-3e9d191a.zip/Matrix.class -> Downloader.Java.OpenStream.c : Cleaned with backup
    C:\Program Files\RN\3.7.l.zip/Master.exe -> Not-A-Virus.RA.Win32.RA.51122 : Cleaned with backup
    C:\Program Files\RN\3.7.l.zip/player.exe -> Not-A-Virus.A.Win32.RA.2929 : Cleaned with backup
    C:\Program Files\RN\3.7.l.zip/uninstall.exe -> Not-A-Virus.RA.Win32.RA.52126 : Cleaned with backup
    C:\Program Files\RN\Master.exe -> Not-A-Virus.RA.Win32.RA.51122 : Cleaned with backup
    C:\Program Files\RN\remote-trial.zip/Master.exe -> Not-A-Virus.RA.Win32.RA.51122 : Cleaned with backup
    C:\Program Files\RN\r-trial.zip/player.exe -> Not-A-Virus.RA.Win32.RA.2929 : Cleaned with backup
    C:\Program Files\RN\r-trial.zip/uninstall.exe -> Not-A-Virus.RA.Win32.RA.52126 : Cleaned with backup


    ::Report End
     
  9. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    1° Close all open applications, run HijackThis and fix only the following entries :

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)



    2° Click the Start button in the bottom of the screen then click Run, type services.msc in the pane than OK,
    - a window will open,
    - browse the right pane and high-light RA Server (slave), right-click on it then select 'Properties',
    - a new window will open (you should see the path c:\Windows\Slave.exe) :
    - click the 'Stop' button;
    - in the list box 'Startup type', select 'Desactivate';
    - execute the same process for the following service : FireDaemon Service (winsecure) path = C:\WINDOWS\security\FireDaemon.exe;

    3° Restart the computer

    4° If the explorer.exe problem is still subsisting, let me know !
     
  10. ProjectM

    ProjectM Thread Starter

    Joined:
    Oct 29, 2005
    Messages:
    34
    I did that, but unfortunately no luck.
     
  11. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    You should use the Event viewer of your system and locate the last incident of Explorer then go to this page to get more details of the incident.
    Please post the informations you'll get.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435887

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice