jajolt Posted October 1, 2013 Share Posted October 1, 2013 A while back i had an issue with windows explorer where it would crash when i right clicked. I used ShellEx View and disabled the AMD desktop shit or whatever for my graphics card. The issue stopped and i could right click. Now recently, (generally seeming to happen when i open my start menu, but can happen randomly), it is not unusual (however not all the time), that my windows explorer will crash. I've looked up the error code i got in event viewer and i couldnt find anything. Now the last time it happened, about 5 minutes ago when opening control panel, not only did explorer crash, but something called "desktop window manager" crashed too. I am running Windows 7 64 bit. Here's the error logs for both (from event viewer): Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1ddfa Exception code: 0xc0000005 Fault offset: 0x000000000009a809 Faulting process id: 0x2e0 Faulting application start time: 0x01cebe3c6c17452d Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\system32\SHELL32.dll Report Id: 496e05ce-2ade-11e3-81a7-3085a9453c45 Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009193ad0 Faulting process id: 0x538 Faulting application start time: 0x01cebe2807c33ca8 Faulting application path: C:\Windows\system32\Dwm.exe Faulting module path: unknown Report Id: 4ed6fd55-2ade-11e3-81a7-3085a9453c45 Thanks. EDIT: Not talking about internet explorer as i've been asked twice now, talking about windows explorer Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 2, 2013 Share Posted October 2, 2013 sfc /scannow ?? Quote Link to comment Share on other sites More sharing options...
Joey7 Posted October 2, 2013 Share Posted October 2, 2013 it could be a virus try clearing your cookies and restarting your computer, if that doesnt work, uninstall it reinstall it and then see what happpens. When uninstalling make sure it all goes away cause the virus/cookies could come back Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 2, 2013 Author Share Posted October 2, 2013 sfc /scannow ?? "'sfc' is not recognized as an internal or external command, operable program or batch file" it could be a virus try clearing your cookies and restarting your computer, if that doesnt work, uninstall it reinstall it and then see what happpens. When uninstalling make sure it all goes away cause the virus/cookies could come back So... you're suggesting I reinstall windows explorer? EDIT: Not talking about internet explorer as i've been asked twice now, talking about windows explorer Running malwarebytes and avast now. Quote Link to comment Share on other sites More sharing options...
skoty Posted October 2, 2013 Share Posted October 2, 2013 So... you're suggesting I reinstall windows explorer? The only way to reinstall windows explorer is to format, and reinstall. At least thats what I would do. It could also have something to do with bad sectors on the hard drive. Run disk defrag, I have mine to run every wednesday at 1am along with running ccleaner once a week. Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 2, 2013 Share Posted October 2, 2013 "'sfc' is not recognized as an internal or external command, operable program or batch file" Wait a sec... did you run sfc /scannow or sfc' /scannow ?? I'm only wantign to double check what you meant seeing as the addition of " ' " changes it dramatically. Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 2, 2013 Author Share Posted October 2, 2013 sfc /scannow Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 2, 2013 Share Posted October 2, 2013 ok.. that does indeed sound like your computer may be compromised. SFC is used to verify the integrity of system files so if you can't even call it... something's really messed up on the Windows end. You can try running sfc /scannow in safe mode and seeing if it invokes it. Typically if the virus is intercepting API calls/handles specifically for Windows, you can probably 'inactivate' the virus (so to speak) by running this in safe mode. Reinstalling should be a last resort option from a practicality standpoint unless you have snapshots of your OS. Also try System Restore if you cannot invoke sfc still. Quote Link to comment Share on other sites More sharing options...
->SK<- Posted October 3, 2013 Share Posted October 3, 2013 (edited) Try running RougeKiller, a very VERY useful tool when I needed it the most. Sounds to me that you may have what's called a ZeroAccess type of virus, where it disables specific functions of the OS such as Window's update and Window's Firewall. I had one of these, bloody bugger was a fucking nuisance. It's usually picked up by anti-viruses such as AVG as a Trojan Horse Generic in the explorer.exe, which is quite bad to be perfectly honest. Google round, it's not hard to miss. To make sure that you do indeed have a ZeroAccess kind of virus, you might want to head over to the services page (Windows 8's Task Manager has it there for convenience) and serach for the following : wuauserv (This is Windows Update's service name btw) If you DON'T see this, then you can rest assure you've been diddled with by ZeroAccess. If you have any more questions just shout me out of my potatofarm. Edited October 3, 2013 by ->SK<- Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 3, 2013 Share Posted October 3, 2013 To rule out (the likelyhood) of a virus, run HijackThis! and post the log here. http://sourceforge.net/projects/hjt/ Quote Link to comment Share on other sites More sharing options...
animeking503 Posted October 6, 2013 Share Posted October 6, 2013 Boot into safe mode with networking and run a full Malwarebytes scan and Anti-Virus scan. After that, reboot and try the "sfc /scannow" in an elavated command prompt (Admin rights) and it if still doesn't work I would just reinstall Windows. Just my two cents! Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 6, 2013 Author Share Posted October 6, 2013 Will try everything tomorrow. I did run a full malwarebytes and virus scan. Removed all the malware detected and there were no viruses. Will try hijackthis tomorrow and safe mode as well. Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 14, 2013 Author Share Posted October 14, 2013 To rule out (the likelyhood) of a virus, run HijackThis! and post the log here. http://sourceforge.net/projects/hjt/ Finally got around to doing this, found like 130 problems, but should i click the fix selected thing? it says it might delete it and it looks like there might be some system files in there. Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 14, 2013 Share Posted October 14, 2013 Post the log Some 'problems' are considered relative based on user needs. Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 14, 2013 Author Share Posted October 14, 2013 Post the log Some 'problems' are considered relative based on user needs. Logfile of Trend Micro HijackThis v2.0.5Scan saved at 11:18:56 AM, on 10/14/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) FIREFOX: 20.0.1 (en-US) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Overwolf\Overwolf.exe C:\Program Files (x86)\ASUS\EPU\EPU.exe C:\Windows\system\Cm106eye.exe C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Origin\Origin.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Josh\Downloads\HijackThis.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (file missing) O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: ytbyclick - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL O3 - Toolbar: (no name) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - (no file) O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [spotify] "C:\Users\Josh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent O4 - HKCU\..\Run: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN37CBSGGJ05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1 O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{E83AFA87-5B19-4389-9EC3-A923B29DCFED}: NameServer = 66.228.116.178,66.228.116.179 O17 - HKLM\System\CCS\Services\Tcpip\..\{EA79DDCA-E098-41ED-824B-FF8B65498AED}: NameServer = 66.228.116.178,66.228.116.179 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AsusSE - Realtek - C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: McAfee AP Service (McAPExe) - Unknown owner - C:\Program Files\McAfee\MSC\McAPExe.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (file missing) O23 - Service: MOBCleanup - McAfee, Inc. - C:\Users\Josh\AppData\Local\Temp\MOBCleanup.exe O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17934 bytes Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 14, 2013 Share Posted October 14, 2013 Looks pretty clean with this exception O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site It looks like your hosts file is resolving "255.255.255.255" (the broadcast address) as easyantichtat.xxx If you didn't purposely do this, chances are it's worth removing. Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 15, 2013 Author Share Posted October 15, 2013 Looks pretty clean with this exception It looks like your hosts file is resolving "255.255.255.255" (the broadcast address) as easyantichtat.xxx If you didn't purposely do this, chances are it's worth removing. Done, we'll see where this goes. EDIT: Still crashes. Quote Link to comment Share on other sites More sharing options...
Executive Council imasonaz Posted October 15, 2013 Executive Council Share Posted October 15, 2013 Judging by you not having SFC, you're running XP. First suggestion: run http://www.nirsoft.net/utils/shexview.html and disable anything not Microsoft related. If that doesn't fix anything, boot up in safe mode (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true) see if it crashes. Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 16, 2013 Share Posted October 16, 2013 Judging by you not having SFC, you're running XP. First suggestion: run http://www.nirsoft.n...s/shexview.html and disable anything not Microsoft related. If that doesn't fix anything, boot up in safe mode (http://www.microsoft...e.mspx?mfr=true) see if it crashes. I am running Windows 7 64 bit. oh dear Quote Link to comment Share on other sites More sharing options...
Executive Council imasonaz Posted October 16, 2013 Executive Council Share Posted October 16, 2013 oh dear Missed that, derp. SFC is built into all versions of Windows 7 (and Vista). That is not good at all, but either way, the tool I posted works in Windows 7, and here are instructions for Safe Mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode I'll look into SFC not working. Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 16, 2013 Share Posted October 16, 2013 Send me your crash dumps You'll find them in C:\Windows\minidump\ Quote Link to comment Share on other sites More sharing options...
Executive Council imasonaz Posted October 16, 2013 Executive Council Share Posted October 16, 2013 Suggestions on fixing SFC: 1. Run as administrator. If your start menu is accessable, open it and type cmd, right click on the result, select run as administrator. Try running sfc /scannow again. If your Start Menu Crashes, you'll need to run SFC in Safe Mode, or from the Recovery Partition. 2. Make sure sfc.exe exists in: C:\Windows\System32\ 3. Check your System Variable path: http://www.itechtalk.com/thread3595.html Under System Variables you should have a variable "Path" containing a long string of variable seperated by semicolins(. You are looking for "%SystemRoot%\system32" to be in there (It is the first entry for me). Last alternative: Run SFC from Startup Repair (requires recover partition, included in most Windows 7 installs): Reboot computer. Before Windows Logo appears, press F8. When the boot selection screen appears, select Startup Repair (or Repair your computer). You should come to a screen where it asks you about your keyboard, you may have to type in your password, and it might go on to try to repair your computer automatically. Don't restart if asked, and press shift+F10, this should bring up a cmd prompt. In that prompt type: "sfc /scannow /offbootdir=c:\ /offwindir=c:\windows" Since you are booted into a mini version of Windows, it often directs to the wrong Windows location (no idea why), that last part forces it to point to the C drive. If you don't have a backup partition, if you pop in a Windows 7 install CD, it has a repair selection when it boots up that will do the same thing. That's all I've got. Quote Link to comment Share on other sites More sharing options...
jajolt Posted October 16, 2013 Author Share Posted October 16, 2013 1. Run as administrator. If your start menu is accessable, open it and type cmd, right click on the result, select run as administrator. Try running sfc /scannow again. This fixed it, running now. Send me your crash dumps Last one is from 10/6... Would event viewer show the same thing or no? (It also gives me the error: There is not editor available for minidump [name]) EDIT: No integrity violations found (sfc /scannow) Quote Link to comment Share on other sites More sharing options...
enigma# Posted October 16, 2013 Share Posted October 16, 2013 Event Viewer might be able to display more information Right now i'm not too worried SFC is not working since it seems like there are no integrity violations for it. Quote Link to comment Share on other sites More sharing options...
Executive Council imasonaz Posted October 16, 2013 Executive Council Share Posted October 16, 2013 I would still suggest running http://www.nirsoft.net/utils/shexview.html, it will show you what is running behind explorer, there are programs that hook into the shell and run through explorer, they can cause crashes. This can also be determined by starting in safe mode and seeing if explorer crashes, as safe mode doesn't start anything except what is essential. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.