Ok.
-
IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Problems w/ explorer.exe
Hello, experts.. I've been having trouble w/ explorer.exe when I turn on my computer or restart it.
I get the following message:
Explorer.exe - Error
Instruction 0x784abd4e references to memory 0x006c0075. Memory cannot be written. Click OK to end program.
I've run everything I know (CWshredder, Adaware, Spybot) and I got my new log here:
Logfile of HijackThis v1.96.4
Scan saved at 11:22:34, on 9/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Arquivos de programas\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Arquivos de programas\Iomega\AutoDisk\ADUserMon.exe
C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Discador Telefonica\ddt.exe
C:\WINDOWS\system32\internat.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\REGINA\WINZIP7.0\WZQKPICK.EXE
C:\Arquivos de programas\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\REGINA\WINZIP7.0\winzip32.exe
C:\Documents and Settings\Administrador\Configurações locais\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ubbi.com.br/busca/ieak/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTIVI~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Arquivos de programas\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Arquivos de programas\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Arquivos de programas\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddt] "C:\Arquivos de programas\Discador Telefonica\ddt.exe" -F
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\REGINA\WINZIP7.0\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global User StartupMicrosoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global User StartupWinZip Quick Pick.lnk = C:\REGINA\WINZIP7.0\WZQKPICK.EXE
O4 - Global User StartupAdobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global User StartupAcrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F58D897C-33DB-4DB8-8C20-4079960139A8}: NameServer = 200.204.0.138 200.204.0.10
Any idea of what might be going on???
I get the following message:
Explorer.exe - Error
Instruction 0x784abd4e references to memory 0x006c0075. Memory cannot be written. Click OK to end program.
I've run everything I know (CWshredder, Adaware, Spybot) and I got my new log here:
Logfile of HijackThis v1.96.4
Scan saved at 11:22:34, on 9/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Arquivos de programas\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Arquivos de programas\Iomega\AutoDisk\ADUserMon.exe
C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Discador Telefonica\ddt.exe
C:\WINDOWS\system32\internat.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\REGINA\WINZIP7.0\WZQKPICK.EXE
C:\Arquivos de programas\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\REGINA\WINZIP7.0\winzip32.exe
C:\Documents and Settings\Administrador\Configurações locais\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ubbi.com.br/busca/ieak/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTIVI~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Arquivos de programas\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Arquivos de programas\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Arquivos de programas\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddt] "C:\Arquivos de programas\Discador Telefonica\ddt.exe" -F
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\REGINA\WINZIP7.0\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global User StartupMicrosoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global User StartupWinZip Quick Pick.lnk = C:\REGINA\WINZIP7.0\WZQKPICK.EXE
O4 - Global User StartupAdobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global User StartupAcrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F58D897C-33DB-4DB8-8C20-4079960139A8}: NameServer = 200.204.0.138 200.204.0.10
Any idea of what might be going on???
- Status
- Not open for further replies.
1 - 4 of 7 Posts
I'll try that.
Thanks,
lyta
Thanks,
lyta
1 - 4 of 7 Posts
- Status
- Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
