Explorer.exe - application error

Hello guys, I hope you can help. I turned on my computer yesterday and I received this error message. It states Explorer.exe - application error.
The application failed to initialize properly (0xc0000005). click on ok to terminate the application. The windows interface doesn't start. I have Windows XP home SP2. I have an AMD processor. Do you guys have any suggestions? I have tried to restore my computer to an earlier date and that did not work.

Thanks for the help.

John

 

Is it "explorer.exe" or "iexplore.exe" ??

 

It is just Explorer.exe

thanks for the reply

 

See if you run Ewido Security Suite.

Running Ewido Security Suite ...

 

I am running in safe mode...this problem is on my laptop while i am talking to you via my desktop.

How am I able to find out if this is running?

 

Can you download Ewido onto a disc or something and get it onto the computer with the problem?

 

I am running Ewido right now, do you want me to post the report to you when it is finished scanning?

 

Yes, attach the log once scan is complete. Did you get the updates for Ewido before starting the scan?

If not, download below...

Ewido Full Database

 

Do you want me to go through and download all those spyware programs as listed in the READ ME FIRST link? or do you just want the report?

 

I do, but first I need the Ewido log. Be sure you get those updates for Ewido before running the scan because without the updates the scan is useless.

 

I am unable to save the log to my cd-rw drive...it states it is not accessible?

Please advise

 

Can you save the log to a floppy? If not its ok, can you get into normal windows after the Ewido scan?

If not, try to run a virus scan, do you have antivirus installed?

 

I do not have a floppy drive for my laptop. I cannot get into windows. the same error comes up and now i have a blue screen that comes up which automatically restarts my system?

 

I tried installing EZ Armor, but there was an error that it could not update definitions since i am currently not connected to the internet.

 

Can you get into Safe Mode at the moment?

 

Yes I can get into safe mode

 

Is EZ Armor the only AV you have installed? Did Ewido find anything?

 

EZ Armor is installed but EZarmor could not run the scan. Ewido found the following and cleaned with back up

spyware MySearch
SpywareMy Way
Spyware Myway
Spyware Myway
Spyware cookie.specificclick
Spyware.cookie.2p7
Spyware.cookie.overture
Spyware.cookie.2o7
Spyware.P2PNetworking
Heuristic.win32.backdoor4
Spyware.Myway
Spayware.Myway
Spyware.myway
Spyware.myware
Heuristic.win32.hijacker1
Trojan.agent.eo
Trojan.dialer.ay
Trojan.dialer.ay
Torjan.dialer.ay
Trojan.lowzones.df
Trojan.lowzones.df

 

I removed Norton yesterday but it was never activated...it came with the laptop

 

Can you download CCleaner and Hijack This 1.99.1 and get them on the laptop and run them both and attach the HJT log?

 

CCleaner--ran and there was a page of items listed but i hit run cleaner and it erased it,

I ran Kill--found look2me infection and removed it

 

See if you can complete the steps in the thread below...

Look2Me, VX2 Removal

 

I was able to complete the tasks. I saved the first log, but i did not get a log for the 2nd task. I save the log as it says but i wish i could post it here, but i can't. i don't understand why i can't save to my cd-rw drive..hmm

 

Not sure why at the moment, first I would like to try and get your system where you can boot to normal mode.

Have you tried since you ran the past few utilities? Did you get HJT installed and a log from it?

 

I still cannot get into windows...i just ran HJT adn i have the log up currently. It brought up numerous items...do i check all items and fix them?

 

NO, thats the log I need to see, the HJT log.

 

My fiend has a flash drive, i will borrower that tomorrow and use that to transfer files from my laptop to my desktop. I really appreciate all the help and i really appreciate you spending all thie time helping. I need to get some ZZZZZs since i need to get up in a few hours. When I get home from work i willl post the logs to this thread. I will check back periodically to see if you have replied and hopefully we can get this resolved. I am sure it will be easier for you with the logs...

Thanks again and hopfully I will talk to you tomorrow

 

Yes, once I can see some logs it will help a lot. I will check back sometime tomorrow.

 

Hello,

Here are the hijack this log, ewido log, and another log. I hope this helps. Let me know if there is anything else you need.

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Next, please download RegSrch.zip

Unzip the archive to your desktop and double click on the VBS file.
(If your AntiVirus alerts, allow the script to run.

Now enter links.exe and post back with the results in this thread (call it regsrch.txt).

Before you attach the above log, procede with the below...

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavili on&pf=laptop

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [cleanup] "C:\Documents and Settings\Administrator\Desktop\l2mfix\cleanup.bat"

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Now, please download the TrendMicro AntiSpyware Utility

Save to your desktop, create a new folder and name is TSC. Move the file you downloaded into here. Now download the PATTERN FILE and save to this folder also. After you have both files, extract the contents of the ZIP file and then double click "tmas-web-scan.exe" to start the scan. Clean ALL found infections and let me know how many was found.

Last thing, download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Hello,

Here is the regsrch.txt, Trend micro log, and winfind log

Trend micro found 55 Sharman networks items, 9 funweb items 1 gain publishing item and 1 frontcode item.

I hope this helps

 

Download Pocket KillBox
(Don't run it yet)

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you complete the above, Run CCleaner, select TOOLS, then select UNINSTALL. Bottom right corner, click Save to text file and attach this log to your next post.

 

Here is the log

 

With the Viewing of Hidden Files & Folders Enabled , navigate to and DELETE the following if they should remain:

C:\Program Files\Altnet ←–– Delete this whole folder if it exist!

C:\Program Files\Kazaa ←–– Delete this whole folder if it exist!

C:\Program Files\WinHound ←–– Delete this whole folder if it exist!

C:\Program Files\Common files\SearchUpgrader ←–– Delete this whole folder if it exist!

C:\Documents and Settings\John Schweda\Local Settings\Temp\fsg_4104.exe

Next, please copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\SYSTEM32\oleext.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\SYSTEM32\intell32.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\SYSTEM32\wbdbase.deu into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, reboot and get me a fresh HJT log and a WinPFind Log. Also let me know if you can get into normal mode yet.

 

I unfortunately still cannot get into normal windows.

Here are your two latest logs

I need to head to bed...i will check your response in the morning or when i get home from work.

Once again. THANK YOU FOR ALL YOUR HELP!!!!!!!!!!!!!!!!

It is greatly appreciated

 

Do you get the same error when attempting to login to normal windows?

Do you have the Windows disc that came with your computer?

 

Yes i get the same error message when logging into windows.

I have a Microsoft Windows XP critical sercurity updates CD, Driver recovery CD, Operating System CD, and a Application Recovery CD

 

I dont think it's malware related even though you did have some baddies on your computer.

Before we do anything else, I would like you to check out the sites below...read thru them and then try the suggestions and see if possible one will address your issue.

http://support.microsoft.com/default.aspx?kbid=873155

http://support.microsoft.com/?id=217134

 

Hello!

I tried the boot.ini solution from the Microsoft website prior to posting to your site. It did not work. I also just tried again and also did not work. I tried the other link but my search did not find those files.

Any other ideas? Once again thanks for all your help!

 

If those articles did not work, then I'm going to have to recommend a repair of your OS.

If you need help doing this repair, see the below instructions...

After you complete this repair, let me know how things are running.

 

This did work. I am able to load normal windows. It boots up slowly but it works. My wireless modem doesn't seem to work though. . It is not recognizing my network. My network is not listed under available networks..this should be fun

 

If you need any help, just let me know.

1. Check all your drivers, make sure everything is installed properly.

2. Check "Device Manager" make sure everything looks ok here.