One thing to try before you throw in the towel is to run install and run Malwarebytes Anti-Malware.
command line "cd C:\Program Files\Malwarebytes’ Anti-Malware"
->“mbam.exe /fullscan”
Also next time install and learn to use something like Comodo Internet Security.
Alright, I’m trying it now. I have had success with this in the past so maybe it will help.
From HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:52 AM, on 1/19/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\helppane.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL (file missing)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM..\Run: [NVHotkey] rundll32.exe C:\Windows\system32
vHotkey.dll,Start
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] “C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe”
O4 - HKLM..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe”
O4 - HKLM..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe”
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
–
End of file - 7042 bytes
I really admire you if you’re able to make heads or tails of this.
cmd
“cd c:\program files rend micro\hijackthis”
“hijackthis”
-> Do a system scan only
-> Place tick beside;
O13 - Gopher Prefix:
& optional ticks beside,
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
Fix checked
Are you still going to run IE after this, AT?
You could also get rid of,
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
O4 - HKLM..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe”
which are all unnecessary startup items, if you wish to improve performance.
You would also be wise in running PeerBlock since you’re using uTorrent, and I’m guessing uTorrent is in no small part responsible for your perpetual ‘victimization’. If you download warez you’ll get viruses. It’s also worth looking at installing Sandboxie to avoid permanent damage. And Firefox with NoScript.
I’m not sure that this is malware.
Since you do have a small window of opportunity, bring up a command prompt - click Start, Run, and then type cmd and press Enter. Or click Start, Programs, Accessories, Command Prompt.
This will bring up a command prompt which will persist despite Explorer crashing, and you should be able to run eventvwr. Look at the System and Application logs for anything with a red icon.
If the command prompt or Event Viewer does not persist, bring up Task Manager by pressing Ctrl-Alt-Del, then running Event Viewer from there.
I did this; it didn’t seem to help though. Is there anything else I could do, short of a system re-install? (Should I install Windows 7?)
You can paste a HijackThis logfile here for an automated evaluation; in your case, it doesn’t throw up any flags for malware, so it might be that that’s not your problem.
No, a lot of Malware knows how to hide from Hijackthis. There isn’t anything obvious in the log, but the fact that you lost your system restore means that it’s definitely a virus.
This sounds like a rootkit problem. They are very difficult to fix. I’ve heard that GMER rootkit detector is a good tool, but some rootkits will still shut it down. Try running GMER (and download the random named version) and seeing what it finds. Write down anything as soon as it shows as red; at least you’ll know the name. You can then try to delete it in GMER (if the virus doesn’t shut down the scan).
If that doesn’t work, you’ll need to boot from a CD- or flash-drive-based operating system like BartPE. Once you get Bart running, you can examine the hard drive. With luck, you can find the rootkit – they’re usually in the C:\windows\System32 folder – look for any files dated around the time you started seeing the problem. Rename the files (just in case they are needed). Then restart. It might be enough to allow Malwarbytes to work.
It’s about this time that I start thinking of wiping the drive and reinstalling Windows. Seriously. Reinstalling takes about five hours or so (highly variable depending on how many patches/updates you need to download), plus you have to reinstall apps and migrate your data, but eventually it’s faster than continued Windows diagnosis and struggle.
Boot into your external OS of choice and copy your data to a USB drive or external hard drive. For example, I used a PuppyLinux boot dosk to rescue the data from my ex-girlfriend’s PC, then repaired it, then copied the data back. Fortunately, she didn’t have many apps.
Yeah, the OP mentions that this seems to happen to him pretty regularly. Seems like maybe there’s a behavioral aspect to it, no?
In any case, I might try doing most of my surifing from a virtual machine instead…at least it won’t kill your actual OS.
It’s not always certain that a case of Explorer exploding continuously is a computer virus infection. Even if viruses are present, it could just as likely be a completely legitimate but poorly-written driver causing Windows to self-destruct. Or, somewhat less likely, but still possible, a hardware flaw (either manufacturer defect or damaged component). You say this happens regularly… is it always with the same machine? Or with multiple computers of different models?
Certainly it seems like a fresh install of Windows (or a manufacturer recovery CD restoration) is your best solution at this point. If you continue having problems afterwards, that would heavily point towards a hardware failure or driver incompatibility. And to answer your question of whether you should install Windows 7: the answer is Probably. 