Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads

Random Explorer Crashes


jajolt
 Share

Recommended Posts

A while back i had an issue with windows explorer where it would crash when i right clicked. I used ShellEx View and disabled the AMD desktop shit or whatever for my graphics card. The issue stopped and i could right click. Now recently, (generally seeming to happen when i open my start menu, but can happen randomly), it is not unusual (however not all the time), that my windows explorer will crash. I've looked up the error code i got in event viewer and i couldnt find anything. Now the last time it happened, about 5 minutes ago when opening control panel, not only did explorer crash, but something called "desktop window manager" crashed too. I am running Windows 7 64 bit.

 

Here's the error logs for both (from event viewer):

Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1ddfa

Exception code: 0xc0000005

Fault offset: 0x000000000009a809

Faulting process id: 0x2e0

Faulting application start time: 0x01cebe3c6c17452d

Faulting application path: C:\Windows\explorer.exe

Faulting module path: C:\Windows\system32\SHELL32.dll

Report Id: 496e05ce-2ade-11e3-81a7-3085a9453c45

 

 

 

Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000000009193ad0

Faulting process id: 0x538

Faulting application start time: 0x01cebe2807c33ca8

Faulting application path: C:\Windows\system32\Dwm.exe

Faulting module path: unknown

Report Id: 4ed6fd55-2ade-11e3-81a7-3085a9453c45

 

Thanks.

 

EDIT: Not talking about internet explorer as i've been asked twice now, talking about windows explorer

Link to comment
Share on other sites

it could be a virus try clearing your cookies and restarting your computer, if that doesnt work, uninstall it reinstall it and then see what happpens. When uninstalling make sure it all goes away cause the virus/cookies could come back

Link to comment
Share on other sites

sfc /scannow ??

 

"'sfc' is not recognized as an internal or external command, operable program or batch file"

 

it could be a virus try clearing your cookies and restarting your computer, if that doesnt work, uninstall it reinstall it and then see what happpens. When uninstalling make sure it all goes away cause the virus/cookies could come back

 

So... you're suggesting I reinstall windows explorer?

 

EDIT: Not talking about internet explorer as i've been asked twice now, talking about windows explorer

 

Running malwarebytes and avast now.

Link to comment
Share on other sites

So... you're suggesting I reinstall windows explorer?

 

The only way to reinstall windows explorer is to format, and reinstall. At least thats what I would do. It could also have something to do with bad sectors on the hard drive. Run disk defrag, I have mine to run every wednesday at 1am along with running ccleaner once a week.

Link to comment
Share on other sites

"'sfc' is not recognized as an internal or external command, operable program or batch file"

 

Wait a sec... did you run

 

sfc /scannow

 

or

 

sfc' /scannow

 

??

 

I'm only wantign to double check what you meant seeing as the addition of " ' " changes it dramatically.

Link to comment
Share on other sites

ok.. that does indeed sound like your computer may be compromised.

 

SFC is used to verify the integrity of system files so if you can't even call it... something's really messed up on the Windows end.

 

You can try running sfc /scannow in safe mode and seeing if it invokes it. Typically if the virus is intercepting API calls/handles specifically for Windows, you can probably 'inactivate' the virus (so to speak) by running this in safe mode.

 

Reinstalling should be a last resort option from a practicality standpoint unless you have snapshots of your OS. Also try System Restore if you cannot invoke sfc still.

Link to comment
Share on other sites

Try running RougeKiller, a very VERY useful tool when I needed it the most.

 

Sounds to me that you may have what's called a ZeroAccess type of virus, where it disables specific functions of the OS such as Window's update and Window's Firewall.

 

I had one of these, bloody bugger was a fucking nuisance. It's usually picked up by anti-viruses such as AVG as a Trojan Horse Generic in the explorer.exe, which is quite bad to be perfectly honest.

 

Google round, it's not hard to miss.

 

To make sure that you do indeed have a ZeroAccess kind of virus, you might want to head over to the services page (Windows 8's Task Manager has it there for convenience) and serach for the following :

 

wuauserv (This is Windows Update's service name btw)

 

If you DON'T see this, then you can rest assure you've been diddled with by ZeroAccess.

 

If you have any more questions just shout me out of my potatofarm.

Edited by ->SK<-
Link to comment
Share on other sites

  • 2 weeks later...

Post the log :P

 

Some 'problems' are considered relative based on user needs.

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 11:18:56 AM, on 10/14/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)

 

FIREFOX: 20.0.1 (en-US)

Boot mode: Normal

 

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe

C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Overwolf\Overwolf.exe

C:\Program Files (x86)\ASUS\EPU\EPU.exe

C:\Windows\system\Cm106eye.exe

C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Josh\Downloads\HijackThis.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe

C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site

O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site

O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (file missing)

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: ytbyclick - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL

O3 - Toolbar: (no name) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - (no file)

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [spotify] "C:\Users\Josh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

O4 - HKCU\..\Run: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN37CBSGGJ05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1

O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{E83AFA87-5B19-4389-9EC3-A923B29DCFED}: NameServer = 66.228.116.178,66.228.116.179

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA79DDCA-E098-41ED-824B-FF8B65498AED}: NameServer = 66.228.116.178,66.228.116.179

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AsusSE - Realtek - C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe

O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

O23 - Service: McAfee AP Service (McAPExe) - Unknown owner - C:\Program Files\McAfee\MSC\McAPExe.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (file missing)

O23 - Service: MOBCleanup - McAfee, Inc. - C:\Users\Josh\AppData\Local\Temp\MOBCleanup.exe

O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 17934 bytes

Link to comment
Share on other sites

Looks pretty clean with this exception

 

O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site

O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site

O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site

O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site

 

It looks like your hosts file is resolving "255.255.255.255" (the broadcast address) as easyantichtat.xxx

 

If you didn't purposely do this, chances are it's worth removing.

Link to comment
Share on other sites

Looks pretty clean with this exception

 

 

 

It looks like your hosts file is resolving "255.255.255.255" (the broadcast address) as easyantichtat.xxx

 

If you didn't purposely do this, chances are it's worth removing.

 

Done, we'll see where this goes.

 

EDIT: Still crashes.

Link to comment
Share on other sites

  • Executive Council

Judging by you not having SFC, you're running XP. First suggestion: run http://www.nirsoft.net/utils/shexview.html and disable anything not Microsoft related. If that doesn't fix anything, boot up in safe mode (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true) see if it crashes.

Link to comment
Share on other sites

  • Executive Council

oh dear

Missed that, derp. SFC is built into all versions of Windows 7 (and Vista). That is not good at all, but either way, the tool I posted works in Windows 7, and here are instructions for Safe Mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode I'll look into SFC not working.
Link to comment
Share on other sites

  • Executive Council

Suggestions on fixing SFC:

1. Run as administrator. If your start menu is accessable, open it and type cmd, right click on the result, select run as administrator. Try running sfc /scannow again.

If your Start Menu Crashes, you'll need to run SFC in Safe Mode, or from the Recovery Partition.

2. Make sure sfc.exe exists in: C:\Windows\System32\

3. Check your System Variable path: http://www.itechtalk.com/thread3595.html

Under System Variables you should have a variable "Path" containing a long string of variable seperated by semicolins(;). You are looking for "%SystemRoot%\system32" to be in there (It is the first entry for me).

 

Last alternative:

Run SFC from Startup Repair (requires recover partition, included in most Windows 7 installs):

Reboot computer. Before Windows Logo appears, press F8. When the boot selection screen appears, select Startup Repair (or Repair your computer).

You should come to a screen where it asks you about your keyboard, you may have to type in your password, and it might go on to try to repair your computer automatically.

Don't restart if asked, and press shift+F10, this should bring up a cmd prompt. In that prompt type: "sfc /scannow /offbootdir=c:\ /offwindir=c:\windows"

 

Since you are booted into a mini version of Windows, it often directs to the wrong Windows location (no idea why), that last part forces it to point to the C drive.

If you don't have a backup partition, if you pop in a Windows 7 install CD, it has a repair selection when it boots up that will do the same thing.

That's all I've got.

Link to comment
Share on other sites

1. Run as administrator. If your start menu is accessable, open it and type cmd, right click on the result, select run as administrator. Try running sfc /scannow again.

 

This fixed it, running now.

 

Send me your crash dumps

 

Last one is from 10/6... Would event viewer show the same thing or no? (It also gives me the error: There is not editor available for minidump [name])

 

 

EDIT: No integrity violations found (sfc /scannow)

Link to comment
Share on other sites

  • Executive Council

I would still suggest running http://www.nirsoft.net/utils/shexview.html, it will show you what is running behind explorer, there are programs that hook into the shell and run through explorer, they can cause crashes. This can also be determined by starting in safe mode and seeing if explorer crashes, as safe mode doesn't start anything except what is essential.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share