1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

explorer.exe fault, help please ???

Discussion in 'Windows XP' started by bob_greenock, Oct 13, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. bob_greenock

    bob_greenock Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    106
    looking at a friends comp at the moment, computer boots up, when clicking on "internet explorer" or "my computer", the microsoft error box comes up(the one that says this needs to close, send ,dont send)


    tried chkdsk /r from boot up
    and from recovery console on the xp disk<<< goes to 75% complete then jumps back to 50% and freezes???

    tried system restore
    ran avg anti virus,adware se and spybot S&D<<

    all to no avail

    system seems to be working fine in safe mode, internet and my comp no problems.

    any ideas what is causing this????? sorry for the lack of info regarding the system itself.

    cheers guys ;)
     
  2. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hi my name is David [​IMG]

    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. bob_greenock

    bob_greenock Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    106
    Logfile of HijackThis v1.99.1
    Scan saved at 19:53:35, on 13/10/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-search.us/?page=search&pid=cj02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - C:\DOCUME~1\josh\LOCALS~1\Temp\MegaHost.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MegaBar - {7FDCEDCF-77C8-46ae-B0E8-D40C6D1E5158} - C:\DOCUME~1\josh\LOCALS~1\Temp\MegaTlbr.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
    O16 - DPF: {563ED66E-531B-51D2-5DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/cj02.chm::/MegaInstaller.exe
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe






    cheers for any info regarding this ;)
     
  4. bob_greenock

    bob_greenock Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    106
  5. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hi and Welcome to techguy.com! [​IMG]

    My name is David [​IMG]

    Please do both of the following before we start if possible!:

    1) Please print off these intructions - they will be needed later when internet access is not available.
    2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
    At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was

    It may look like a lot below - follow the instructions as carefully as possible and everything should be kool!
    ________________________________________________

    Go to add/remove in the control panel and uninstall any instances of NavExcel

    Please download Ewido Security Suite (free), and install it.
    • When installing, under Additional Options uncheck both Install background guard and Install scan via context menu.
    • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
    • The program will prompt you to update. Click the Ok button.
    • The program will now go to the main screen.
    You will need to update Ewido to the latest definition files.
    • On the left-hand side of the main screen click the Update button.
    • Click on Start. The update will start and a progress bar will show the updates being installed.
    Once finished updating, close Ewido. Do NOT run it yet.

    (If you have problems updating, you can use this link to manually update Ewido.
    Make sure that Ewido is closed when installing the update.)

    DO NOT RUN IT YET!

    ________________________________________________

    CleanUp!

    Download Cleanup from Here
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK

    DO NOT RUN IT YET!

    ________________________________________________

    Download Pocket Killbox, unzip it, and save to your Desktop. Do NOT run it yet.
    ________________________________________________

    Click here for info on how to boot to safe mode if you don't already know how.

    ________________________________________________

    Make sure that you can see hidden files (Windows XP).
    1. Click "Start".
    2. Click "My Computer".
    3. Select the "Tools" menu and click "Folder Options".
    4. Select the "View" tab.
    5. Under the "Hidden files and folders" heading, select "Show hidden files and folders".
    6. Uncheck the "Hide protected operating system files (recommended)" option.
    7. Click "Yes" to confirm.
    8. Uncheck the "Hide file extensions for known file types".
    9. Click "OK".

    ________________________________________________

    Please run HijackThis! again and do another scan. Check the following entries only:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-
    search.us/?page=search&pid=cj02

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    8BC6346B-FFB0-4435-ACE3-FACA6CD77816

    O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - C:\DOCUME~1\josh\LOCALS~1\Temp\MegaHost.dll (file missing)

    O3 - Toolbar: MegaBar - {7FDCEDCF-77C8-46ae-B0E8-D40C6D1E5158} - C:\DOCUME~1\josh\LOCALS~1\Temp\MegaTlbr.dll

    O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10
    \OSA.EXE


    Please close all browsers and open windows except HJT, then click the Fix Checked button.
    Close HJT

    ________________________________________________

    Restart your computer into safe mode now Perform the following steps in safe mode:

    ________________________________________________

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    [​IMG] Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    C:\DOCUME~1\josh\LOCALS~1\Temp\MegaTlbr.dll

    C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe


    Exit the Killbox.
    _________________

    Manually delete this folder:

    C:\Program Files\NavExcel

    ________________________________________________

    Please close ALL open Windows, Programs and Folders, and run a full scan with Ewido.
    • Click on Scanner
    • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.


    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.
    ________________________________________________
    Reboot to normal mode

    ________________________________________________

    Post new hijackthis log and the ewido log! [​IMG]
    David [​IMG]
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - explorer fault help
  1. Harbhajan
    Replies:
    1
    Views:
    203
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/407443

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice